On the heels of last month’s White House reorganization plan, the state of cybersecurity careers within the government is changing. In part, this plan aims to address several pressing issues in the job category within the context of government employment and to attract top talent to otherwise staling roles. Over the past few years, government agencies have struggled to attract and retain top cybersecurity talent. There are many factors contributing to this struggle, both within these agencies and from outside them. But with an aging workforce among the government’s IT specialists — there are nearly five employees aged 60 and above for each employee under 30 — those challenges are reaching a breaking point, and the reorganization plan aims to fix that.
Salary Differences
One major factor influencing the ability of the government to find and entice top talent is salary. Although on average, government jobs offer higher salaries than the private sector does; government cybersecurity jobs tend to earn less than those in the private sector. Without that financial incentive, top-performing potential employees are not as enticed to work for government agencies as they otherwise would be. To combat this, the government restructuring plan has set in motion the creation of a new compensation system with potential employees receiving salary offers based on their expertise in the field. Ideally, once put in place, this new offer system will allow for competitive offers to prospective employees and convince even the best in the field to consider government work.
Limited Upward Mobility
A struggle facing many cybersecurity employees working for government agencies is uncertainty about career advancement. Especially with the fragmentation among departments, there has not been a clear career path for employees within the job category. Complicating this further, there are abundant cybersecurity jobs available nationwide at private-sector companies with clear development paths, so without internal opportunities for advancement, government employees could be motivated to look for growth elsewhere. Under the new plan, the Department of Homeland Security (DHS) will have the authority to match cybersecurity needs to the talent that can address them and accordingly will enable these employees to grow their careers within the technical sphere and be as professionally ambitious as they choose to be. Additionally, government cybersecurity jobs will become flexible enough that employees may move among positions and agencies easily, allowing for workers to more simply choose where their career heads next.
Inter-Agency Competition and Redundancy
Another issue among government agencies is the competition from and redundancy of many of their cybersecurity roles. Because these positions have traditionally been staffed and controlled by each individual department and agency, they have served as competition for one another, especially due to the disparate processes and standards set in place by each group. Fittingly, some employees are attracted to one agency or department over another based on the training and compensation they can receive. The new approach plans to be unified among departments and will aim to address and prevent that inter-agency competition. A standardized talent acquisition process will also help ensure that potential employees are being directed to the right department or agency from early in the hiring process.
Lack of Adequate Education and Skills
Although the government has offered many federal programs focused on cybersecurity education, this is not necessarily an indicator of adequate and meaningful education. In fact, largely quite the opposite is the case—too many federal programs have offered redundant information and do not provide a clear path to a long-term career within the government. Some employees also no longer have the skills needed to contribute meaningfully to their departments or agencies because so much of what they do has been automated. In addition, skills are not consistent across government agencies, so some agencies are left more vulnerable to a cyber incident than others. The new government plan includes aptitude and skills assessments. From there, employees identified as optimal for new skills training will be taught the skills needed to fill critical roles. Adequate training is a key step in the process of reskilling these employees, so a new curriculum is currently in development by the DHS and the Office of Management and Budget to be completed by early next year. In addition, as an effort to teach skills often and early, many federal cybersecurity education programs will be assessed and prioritized to create a talent pipeline for future employment.
Complications in the Hiring Process
One of the most complicating factors in government employment is obtaining appropriate security clearance. The process has historically been lengthy and convoluted, making it a challenge for prospective new employees to begin work. As part of the government reform, efforts are being made to streamline the onboarding process, especially when it comes to security clearances. Other hiring practices are also making the onboarding process easier. Spearheaded by the DHS, a new hiring system known as the Cyber Talent Management System is intended to help hiring processes adapt to changes in the private sector in order to increase competitiveness. There are several key focuses within this system—speed of the hiring process (as mentioned previously), attraction of top talent from non-traditional educational backgrounds (presumably to diversify and strengthen the pool of talent within the federal government), assessment of applicants using new-and-improved tools, and compensation based on performance. The flexibility this system provides is intended to allow for more innovation throughout the hiring process, so new talent will be incentivized to apply and to accept offers once they are received.
Looking forward
The federal government has a long way to go to get its cybersecurity workforce up-to-speed. However, the goals outlined in the new plan should help. If each challenge facing cybersecurity employees in government is addressed as planned, these roles may soon be among the most competitive on the job market.
Tripwire understands the security demands faced by federal government agencies. Security decision makers at these agencies aren’t only tasked with securing operations in a complex threat landscape—they also have to prove regulatory compliance at the same time.
You can read three Tripwire use cases that higlight the following in federal agencies: #1: Ensuring compliance and minimizing risk #2: Automating manual tasks and enhancing breach detection #3: Monitoring critical assets in the public cloud
About the Author: Alex Haslam is a tech writer specializing in technology's human connection -- how it affects our lives, careers, and relationships, and how we can use it to keep ourselves and our data safe. She contributes regularly to several top-tier tech publications and is working to help increase tech literacy through writing about today's technology in an accessible way. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
