DHS has yet to crack the code on its cyber workforce

employee data (kentoh/ 

A Department of Homeland Security official told Congress that it is getting closer to complying with a 2014 law directing the agency to classify and code its cybersecurity positions.

The 2014 Homeland Security and Cybersecurity Workforce Assessment Act requires DHS to classify and code all IT security positions as outlined by the Office of Personnel Management, the National Initiative for Cybersecurity Education and the National Institute of Standards and Technology to identify its greatest areas of need in cyber human capital. The law also required DHS to begin annually reporting those needs to Congress and OPM starting in 2016 in order to inform stakeholders and facilitate further action.

However, a February 2018 audit by the Government Accountability Office found that the department was well behind schedule identifying and coding its IT security workforce and had relayed inaccurate information to Congress about how far along it was in the process.

At an April 3 House Homeland Security Oversight, Management and Accountability Subcommittee hearing, Chip Fulghum, deputy undersecretary for management, said the department had assigned two-digit codes to each cyber position at the department in line with 2014 OPM guidance, but said a switch to a new 3-digit code framework in 2017 caused delays in the project.

"We coded those positions down the [National Institute of Standards and Technology] standard in terms of two digits," said Fulghum. "We have coded them down now to three digits as required, but there's still some [data] cleanup to do."

The figures are designed to help guide DHS hiring and retention policies during a time when the importance of its cybersecurity mission is rising but overall morale of employees at the department has consistently ranked among the lowest in the federal government in annual surveys.

Rep. Bennie Thompson (D-Miss.), chair of the House Homeland Security Committee, introduced legislation earlier this year that would, among other things, establish a steering group within the department to identify and address the root causes of those findings.

Fulghum, who is leaving DHS this summer after six and a half years, did not provide the committee with a timeline for finalizing its work.

The department could wind up undertaking a cybersecurity hiring spree without the benefit of the data. The latest budget request for the Cybersecurity and Infrastructure Security Agency at DHS calls for $11.4 million to support the hiring of 150 additional cybersecurity positions by the end of fiscal 2020.

Editor's note: This article was changed April 4 to correct the name of the National Initiative for Cybersecurity Education.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected