Despite recognizing the need to recruit, retain and properly train cybersecurity experts for many years, the federal government still is facing a critical shortage of cybersecurity talent.
The primary reason, according to a new report by Booz Allen Hamilton, is the federal government’s lack of a coordinated strategy to help agencies attract and recruit the cybersecurity talent needed to defend the nation’s critical infrastructure.
“There is a nationwide shortage of highly qualified cybersecurity experts, and the federal government in particular has fallen behind in the race for this talent,” the report states.
A supply and demand problem, exacerbated by lack of strategy
One of the primary problems is that demand for skilled cybersecurity professionals outstrips supply in both the private and public sectors worldwide. Government cybesecurity employees are leaving jobs faster than they can be replaced.
Another problem is finding qualified cybersecurity experts with experience identifying and analyzing sophisticated cybersecurity threats. Other key qualifications in short supply are experts who can combine technical capabilities with the soft skills of leadership, communication and team building.
The hiring process can also be a roadblock, especially at the Department of Homeland Security (DHS), which can take up to six months to hire a person.
“Even when somebody is patriotic and wants to do their duty for the nation, if they’re really good they’re not going to wait six months to get hired,” said Mark Weatherford, former cyber chief at DHS.
A pay-scale problem
When it comes to retaining talent, government agencies are at a disadvantage based on pay scale. The Booz Allen Hamilton report says senior software engineers working in the private sector make up to $33,000 more per year than their counterparts in government. To remediate this, the Office of Personal Management should pay competitive salaries relative to the private sector, through special salary rates, retention bonuses and more.
“The federal government isn’t alone, but we have handcuffed ourselves because we don’t have the same tools that our private-sector competitors might have,” said Ron Sanders, vice president at Booz Allen Hamilton.
Another suggestion to retain talent is to be creative with recruiting. For example, the Department of Homeland Security hosts the National Collegiate Cybersecurity Defense Competition each year, but doesn’t recruit any participants.
Final challenge – the leaky pipeline
Even those agencies that have robust hiring practices and higher salaries — such as the NSA with starting salaries around $65,000 — keeping these employees from leaving for brighter pastures is another challenge. Cybersecurity professionals often leave within five years at the agency.
“You’re making the person that others want to hire,” said John Yelnosky, technical director in NSA’s Associate Directorate for Human Resources, in Federal News Radio. “They share their parting thoughts on our internal social media and often say, ‘I love the NSA, but I can’t afford to stay here.'”