A DOD inspector general audit found that while the Pentagon has made strides, inconsistent job coding for civilian cyber work roles across filled and vacant positions may hinder recruiting and retention.
The Defense Department has been vocal about its struggles to recruit and retain cyber talent, with officials frequently noting competition with industry pay as a challenge. But for the inspector general, it seems that the Pentagon’s efforts to grow its civilian cyber workforce may be undercut by improper job coding across filled and vacant positions.
A DOD inspector general audit found that while the Pentagon has made strides to issue guidance and adhere to requirements from the Federal Cybersecurity Workforce Assessment Act of 2015, incomplete or inaccurate job coding of cyber work roles could mean that not enough information is being used to “to ensure the identification and maintenance of the right skill set.”
“The DOD may be unable to properly target its recruitment and retention efforts without completely and accurately coding all of its civilian cyber positions,” the Aug. 2 report states.
Additionally, based on filled and unfilled positions with incorrect or incomplete coding, “the DOD may be unable to accurately determine the skill set and size of its civilian cyber workforce, which may hinder workforce planning activities, such as recruitment and retention strategies and determining the work roles of critical need.”
The inspector general found that all of the DOD components reviewed, except the Army, didn’t consistently comply with work role coding requirements because they lacked a quality assurance process to ensure alignment with the DOD Coding Guide.
As a result, the watchdog recommended the DOD CIO require components to code cyber jobs in compliance with DOD’s coding policy, and that DOD’s chief data office conduct a study evaluating “quality assurance checks in systems used for coding civilian cyber workforce positions to ensure that work role coding is in accordance with the DoD Coding Guide,” the document states. Depending on the results of that study, the IG recommended the CIO create a process that could verify compliance with the policy guide.
John Sherman, the Pentagon’s CIO, told Congress earlier this year that DOD was tweaking its workforce policy series, DOD 8140 Directive and creating a Cyber Workforce Management Board to oversee its implementation with leadership from the CIO office, undersecretary of defense for personnel and readiness and principal cyber advisor.
But recruitment remains a challenge. In April, Lt. Gen. Dennis Crall, the Joint Staff's CIO and director for command, control communications and computers/cyber, told Congress that “the digital nature of the fight that we expect, especially at pace and speed, is going to demand a workforce and talent level that we have not seen before.”
"I don’t think we know our target audience as well as we need to," he said. "We need to find out what really motivates individuals to want to serve in the capacity that we’re offering."