Agencies Struggle to Hire Cyber Professionals

The federal government is doing a great job retaining cybersecurity professionals once they're in federal jobs. The challenge for most agencies is finding and hiring qualified candidates, a new survey suggests.

According to the 2012 Career Impact Survey, released Tuesday by (ISC)2, federal cybersecurity professionals are experiencing nearly full employment as well as career advancement opportunities and salary increases in 2011.

The survey of 545 federal cybersecurity pros found that 97 percent are currently employed, and only 8 percent were unemployed at any point in 2011. Cybersecurity pros also are seeing pay raises, with 62 percent receiving a salary increase in 2011 and 48 percent expecting one in 2012. Eleven percent of respondents said they received salary increases of 10 percent or higher last year.

In addition, federal cyber pros are not suffering from a lack of career opportunities in the federal government. Of the 60 percent who changed jobs last year, 43 percent did so to pursue advancement opportunities, and 31 percent did so because of personal preference.

Still, most hiring managers are having a hard time finding qualified candidates to fill cybersecurity jobs. Eighty-three percent of federal hiring managers surveyed said it was extremely difficult to find and hire qualified candidates. Hiring managers noted that the average length of time for hiring cyber pros included less than one month (8.3 percent), one to three months (42 percent), three to six months (33 percent) or six or more months (17 percent).

The top three skills federal hiring managers are looking for are certification and accreditation (68 percent), operations security (55 percent) and telecommunications and network security (53 percent), the survey found.

Federal respondents also indicated that certain programs had little or no impact on recruitment efforts. Programs like the U.S. Cyber Corps (1 percent), recruiting on college campuses (2.9 percent) and job fairs (3.8 percent) were considered the least effective recruiting tools, while referrals from colleagues (50 percent), online job websites (33 percent) and networking (10 percent) were considered the top ways agencies recruit cyber professionals.

The majority of respondents (61 percent) said most or all of the cybersecurity staff at their agency hold certifications, with the most popular certifications being the Certified Information Systems Security Professional (CISSP) and Security+.

"Information security professionals with the right mix of knowledge and experience remain in high demand by government hiring managers, but qualified candidates are hard to come by as agencies try to build their security teams," said W. Hord Tipton, executive director of (ISC)². "While decreasing budgets are a key factor in this hiring challenge, these results reinforce the need for a distinct career path in this field and a definition of roles in order to make it easier for hiring managers to find and place candidates with the right qualifications. They also demonstrate that the government's existing methods to fill the pipeline are not working."