Opinion

Stopping the federal IT security brain drain

cyber workforce

Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.

It's a clichéd but accurate reality, and it's as true in IT security as in any other environment or industry: You're only as strong as your weakest link.

And where is strength more important than at the federal agencies tasked with protecting the lives and livelihoods of millions of Americans?

As government leaders increasingly prioritize cyberspace's role in national security, a critical deficiency has begun to reveal itself: The best and brightest IT security professionals all too frequently migrate to the presumably greener -- or at least more equitable -- pastures of the private sector.

That doesn't bode well given the fact that the federal government needs to hire an estimated 10,000 cybersecurity experts in the next several years. Stopping the brain drain of existing federal IT security talent is imperative, especially as national security threats increasingly take place not on land but in the complex and obscure world of cyberspace. And while the challenge is real, potential solutions are within grasp.

Unorthodox recruiting methods

The Defense Department is actively addressing the problem, most recently through "Hack the Pentagon." Announced by Defense Secretary Ash Carter during the 2016 RSA Conference, the program invites cleared hackers to scour DOD networks for vulnerabilities.

At face value, it's a simple security exercise. But it could also enable the agency to fill security vacancies -- and none too soon. A new recruitment strategy is necessary and overdue, but even innovative programs like "Hack the Pentagon" aren't enough.

Plugging the brain drain requires resources and culture shifts. To recruit and retain the best IT security professionals, agencies must either offer financially competitive jobs or fundamentally change the relationship between government and private-sector IT contractors.

Compensation is the key

The first step is understanding and accepting why employees leave: because the private sector pays more for the same job.

Having worked in both sectors, I've seen it firsthand. Although we'd like to think that protecting our country is reason enough for dedicated and talented IT professionals to stay, even patriots have bills to pay.

Of course, fixing the pay gap requires rethinking our existing GS system -- something more easily said than done. But a few targeted alterations could potentially make a big difference -- for instance, a GS scale created specifically for technology positions.

Such a scale would improve federal IT salaries and eliminate current tensions over "grade inflation" (when the government categorizes tech positions at a higher GS level in relation to the job description). Although that approach wouldn't make government compensation equal to that of the private sector, it would at least make federal IT jobs more competitive.

A new public/private relationship

The irony of the federal IT brain drain is the government's complicity in paying private-sector salaries.

In the IT industry, federal contracts account for significant revenue. And although the private sector has much to offer federal agencies, current rules prevent contractors from fully taking over the roles and responsibilities of departed federal IT employees. If the government can't or won't improve compensation, then the contractors brought in to fill the gap must be allowed to play a more active role in federal IT security.

That would require a more formalized consulting relationship. After all, security doesn't work in a low-bid system. Contractors must be seen as partners who can advise, strategize and plan alongside federal agencies, instead of just workers tasked with implementing a preordained roadmap.

Why? Because the aforementioned brain drain has left the public sector with too few IT professionals who possess the expertise to create comprehensive IT security plans.

To succeed, security must be "baked in" throughout the network life cycle -- not just bolted on at the end. Therefore, security experts (whether federal employees or private contractors) must participate throughout the planning and strategy phases. When federal agencies lose talent to the private sector, they lose the ability to predict how ongoing decisions or regulations might affect their long-term security posture.

An urgent need

Until the government figures out how to mitigate the negative impact of turnover among its IT security professionals, agencies face increased risk and vulnerability.

The potential consequences aren't just hypothetical. In recent years, several major hacks have exposed volumes of sensitive data from government agencies and private citizens alike. Consequently, we know that major intrusions are more than possible. They've occurred already -- and they will again.

Whether through competitive compensation or better partnering opportunities, the federal government needs top IT security talent -- now.

About the Author

Greg Kushto is director of security and enterprise networking at Force 3.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Tue, May 24, 2016

The shortage is all bull shit, people there dont care whether there is a shortage or not. The only people who will be hired are known to hiring manager. I tried for over two years to apply to many opening, and I was qualified because I got in the pool every time, but not even a single interview call. The process is rigged, and same experience by my other friends. I moved on to better organization in private industry, and I am glad I did.

Fri, May 20, 2016

Changing the GS Scale wouldn't fix the issue. They will just reclassify or create positions that are basically IT but not categorize the job as such... As in the case of my current position with the Federal Government.

Fri, May 13, 2016 Jason Ostrow DC area

We need to be careful when screening government employees. One, we do not want to cause them or us a conflict of interest during the process. Two, their experience could be sub-par, and such concepts as productivity and meeting deadlines, may be foreign to them. Ditto for the necessity of competition, the need for some overtime, rigorous performance evaluation, no free parking, etc. Many feds do not make it on the outside, even tho they are fine, upstanding people. It is not for them. Further, if you hire the good ones, you may be disabling a good customer relationship. Be aboveboard and honest in everything u do when recruiting. If you are not, things may come to bite you

Wed, May 11, 2016

Why would a young computer science graduate want to work for the Federal Government? For more than Twenty years, the American Public has been told that government is the problem, government workers are losers, they collect their fat salaries and benefits at the expense of the American taxpayers. Think about it!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group