35 fixes to help solve the cyber workforce gap
A new cyber workforce strategy will require the cooperation of the White House Office of the National Cyber Director, Office of Personnel Management and more to help fill thousands of public-sector cybersecurity positions.
A federal working group released a cyber workforce strategy on Wednesday meant to be a cross-government action plan with 35 to-do items to help the government respond to the talent gap for cybersecurity, increase the diversity of its cyber workforce and retain cyber professionals.
The report comes from the Federal Cyber Workforce Management and Coordinating Working group, led by the Department of Defense, Department of Veterans Affairs and Cybersecurity and Infrastructure Security Agency.
The working group has multi-agency "action teams" to drive government-wide initiatives already, it says. One ongoing focus has been aligning the government with the standards for cyber work from the National Institute of Standards and Technology, called the National Cybersecurity Workforce Framework.
But the implementation of some of the group's recommendations will depend on action from key stakeholders like the White House's Office of the National Cyber Director (ONCD), the Office of Personnel Management and Congress.
This working group, established in 2019 and now composed of all 24 Chief Financial Officer Act agencies, isn't the only body focused on the shortage of cyber workers and associated issues.
National Cyber Director Chris Inglis' office is already working on a broader cyber workforce, education and training strategy, meant to tackle the talent shortage and push broader awareness and education about cyber.
Currently, there are nearly 39,000 open public sector cyber jobs, according to NIST-backed website Cyberseek.com. In total, there are over 714,000 openings.
"This all comes at a time when threats are increasing. Our attack surface as a nation, not just within the Department of Defense, has spread out exponentially," said Patrick Johnson, one of three chairs for the working group and director of the Defense Department's Cyber Workforce Management Directorate. "This type of work… is ever more important to increase our cyberspace workforce."
But the industry remains difficult to break into, and largely homogeneous, despite the need for talent.
This latest report offers some data points showing the problem for the federal government particularly, which often struggles to compete with higher private sector salary offerings.
Its workforce also heavily skews male – only 26% of its cyber feds are women, the report says – and old – less than 6% of the federal cyber workforce is under the age of 30.
The government's cyber workforce is also less diverse than the population in terms of race and ethnicity, other reports have found.
The report digs into three problem areas for the federal government.
First is the standards used internally to classify cyber work, which don't match the specificity of the work or evolve quickly enough, the report says.
The panel says that human resource professionals in the government need more cyber-specific training, and that the Office of Personnel Management should update classification, qualification and assessment policies for cyber workers.
The second problem area is sparse data about the government's cyber workforce. The report recommends that the government change workforce reporting requirements to improve data quality and streamline the collection of workforce metrics.
One ongoing effort from the working group already is the creation of a governmentwide cyber workforce dashboard, being developed alongside OPM, said group chair, Chis Paris, Senior Advisor for Cyber Workforce Management in the Department of Veterans Affairs Office of the Chief Information Officer.
Finally, the report zeroes in on the recruitment, development and retention of the government's cyber workers.
The panel says that the government needs more pathways into the field, better defined pathways for career progression and more training opportunities, recommending things like the addition of a cyber job filter to the government's main job website, USAjobs.
The group also wants a special salary rate for the information technology 2210 occupational series – something a few agencies in the working group have already asked OPM for and are waiting to hear back on, said Megan Caposell, associate chief of workforce planning in the Office of the Chief Human Capital Officer at CISA and one of the three chairs of the working group.
As far as implementation goes, Paris said that tactical support from ONCD will be critical.
"Our working group is built upon the goodwill and passion, really, of its members," said Paris. "We're not congressionally mandated…We don't have cross cutting government wide authority to say that 'you must do this' or 'report back to us.'"
The working group already has a strong working relationship with the White House office, he said. The group itself can offer on-the-group tactical perspectives from its members that work on these issues, Caposell said.