DHS pushes new cyber hiring authorities

The Department of Homeland Security is seeking $11.4 million to support the addition of 150 new cybersecurity positions by the end of fiscal 2020. As part of the federal government's push to remain competitive with the private sector, Congress gave the department authority to exempt its cyber employees from certain hiring and compensation requirements.

Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told Congress last week that the agency is in the "final stages" of developing the program and pulling lessons learned from other personnel systems. The agency is also rolling out a new design that is supposed to provide more flexibility around hiring, pay increases and performance management.

Krebs said requirements in the government's standard General Schedule pay scale are a poor fit for the kind of nontraditional cybersecurity talent the agency is hoping to attract and recruit.

Traditional education benchmarks may not translate effectively to the cybersecurity field. A 2016 joint report by the Departments of Commerce and Homeland Security found that "employers are expressing increasing concern about the relevance of certain cybersecurity-related education programs in meeting the real need of their organization" as well as anecdotal evidence that organizations are "overly reliant upon educational attainment ... rather than making employability judgments based upon competency-based assessments or evidence."

A 2016 survey of IT professionals by McAfee found that less than a quarter of employers believe educational programs adequately prepare students to enter the cybersecurity workforce and overemphasize technical skills while underemphasizing critical soft skills like communication, analytical or strategic thinking and teamwork.

Krebs asked lawmakers to imagine a 22-year-old job candidate with a two-year degree or no college but with demonstrated experience and proficiency. "How do I account for that? Are they a GS-4 or a GS-11? You know, by the standards that we have in place right now, I can't reward that person and pay them the way they could be paid in the private sector."

The proposed Cyber Talent Management System is designed to help DHS recruit and retain "rare, valuable cyber security talent" that could help the department better align the non-educational qualifications of a candidate to the right pay scale.

Krebs said that the organization will start using the system to make new hires this year, but the agency is still transitioning from its legacy personnel IT system and wants to leverage other options such as retention bonuses in the meantime.

Other parts of the federal government are looking to create new solutions to bolster the IT security talent pipeline as well. The Office of Management and Budget launched a Cyber Reskilling Academy that seeks to retrain small cohorts of non-technical federal employees for cybersecurity jobs, while members of Congress are pushing legislation that would make it easier to deploy and detail IT security professionals from one agency to another depending on need.