OPM tells agencies how to respond to cyber workforce needs

The Office of Personnel Management released updated guidance to help agencies identify and address critical cybersecurity workforce needs. The document sets out a series of timelines detailing how agencies should identify and classify high-value IT and cybersecurity positions before developing action plans and reporting to OPM in April 2019.

The guidance defines "work roles of critical need" as positions that are required to meet an agency's most significant organizational missions or areas where there are shortages in either staffing or proficiency.

Agencies spent most of 2017 coding and classifying their jobs with IT and cybersecurity components according to standards laid out in the National Initiative for Cybersecurity Education.

Agencies were supposed to have that work wrapped up by April 2018, and now they have a year to identify where their greatest needs are, investigate the root causes and develop an action plan to mitigate any shortages along with metrics and targets before they begin reporting annually to OPM. According to the guidance, OPM "will collect agencies' Work Roles of Critical Needs and identify common needs to address from the Governmentwide perspective."

The federal government is struggling to maintain a robust IT and cyber workforce in the face of a projected dearth of global cybersecurity talent in the coming years. Officials like acting Federal Chief Information Security Officer Grant Schneider have said that agencies will not be able to hire their way out of the shortage and should look to technologies like automation to fill in the gaps.

Congress has proposed a number of bills designed to reward and incentivize cybersecurity-focused feds to stay in their positions. Forthcoming legislation from Rep. Will Hurd (R-Texas) to create a pool of readily available private-sector cyber talent for the federal government to draw from is expected to be unveiled in the next few months.