Legislators call for more flexible cyber hiring and training

Shutterstock imag (by Benjamin Haas): cyber coded team. 

Three Democratic members of Congress want the government to borrow private-sector practices to improve federal hiring and training and bolster the cybersecurity workforce.

In a letter to Office of Management and Budget Acting Director Kathleen McGettigan, Reps. Derek Kilmer (D-Wash.), Josh Gottheimer (D-N.J.) and Kathleen Rice (D-N.Y.), who co-chair the New Democrat Coalition Cybersecurity Task Force, suggested ways to tackle the “unprecedented” cybersecurity challenges and lackluster government recruitment and retention of skilled cyber professionals.

“In recent years we've seen that our infrastructure, our economy, and even our very democracy are vulnerable to cyber attacks,” said Kilmer in a May 4 statement.

Specifically, the lawmakers called for increasing employee training and expanding the requirements for cyber jobs as ways to strengthen the federal talent pool.

In the letter, they asked OPM about agencies’ authorities to train their employees, and encourage the adoption of private sector training practices.

“Federal agencies have the authorities to provide training, including non-governmental training resources, for employees,” they wrote, adding that employing industry-recognized certification testing “would be a valuable tool for agencies to recruit and retain highly-qualified cyber professionals.

The lawmakers noted that agencies do not offer this benefit, and asked OPM if there is anything that precludes agencies from using these tests, and how to best encourage their use.

They also inquired about OPM’s degree requirements for cybersecurity-related government jobs.

Although OPM does not mandate federal cyber hires to have a four-year degree, “the vast majority of job postings” list having a four-year degree as a prerequisite, the letter states.

“Given the increasing need for cybersecurity personnel, OPM should be more flexible with job requirements,” the legislators wrote. “For many of these jobs, a two-year degree or other non-traditional education paths… can sufficiently prepare workers, especially in combination with high-value experience.”

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Sun, May 7, 2017 Pete Washington DC

I see a few problems here. First, using "industry-recognized certification testing" costs money. It costs money for the test, and there are maintenance fees charged by these industry certification sponsors. I assume Congress plans to provide the extra funding to support heavier reliance on certifications. Second, the OPM standard for IT Specialists, the field in which the vast majority of cybersecurity personnel reside, does NOT require a 4 year college degree. Federal agencies can't mandate a degree if OPM does not. Whether this is a problem in terms of the professionalization of the cybersecurity workforce has been a question for some time.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group