As OPM begins rolling out its notifications to personnel affected in the breach of approximately 20 million current or former security clearance holders and applicants, the negative effect on cleared recruiting is already being felt.
In a ClearanceJobs.com survey of recruiters and hiring managers in the cleared space, 77 percent said the breach affected hiring, with 30 percent calling that effect ‘significant.’
In a separate survey of more than 300 cleared job seekers, 9 percent said the OPM breach had significantly affected their job search or online networking activities, 14 percent said it has been affected somewhat, 43 percent said no, and 32 percent were not sure.
“The OPM breach, along with the more than 20 percent reduction in the total number of security-cleared personnel over the last 18 months, have contributed to a roller coaster year in the world of cleared recruiting,” said Evan Lesser, Founder and Managing Director of ClearanceJobs.com. “There are fewer cleared professionals for employers to hire, and since the OPM data breach, we’re seeing many cleared workers flee the industry to pursue a career in the uncleared private sector where their skills are equally in demand.”
Recruiters expressed concern about how security clearance policies would change following the breach, if at all. Many recruiters and hiring managers in the cleared space have federal security clearances themselves, which means their own data was compromised. The data breach and changes to clearance policy have a personal and professional impact.
“It has made cold contacting people very difficult,” said Mike Keith, a recruiter who sources for cleared talent. “Everyone is concerned about CI [counterintelligence] issues.”
Survey responses from cleared candidates reinforced the difficulty for recruiters trying to reach new talent. Only 3 percent of cleared candidates surveyed said they would respond to an unsolicited email from a recruiter, 22 percent said they would ignore it. Seventy percent said they would look up the recruiter before replying. Dozens of respondents indicated they would delete any email without opening it, and several said they report unsolicited emails from a recruiter to their security officer.
Many recruiters pointed to the uncertainty around the OPM breach as a factor. Notifications to the second round of victims – the approximately 20 million current or former clearance holders whose information was breached – didn’t begin until early October. Many individuals who believe they have been affected say they still haven’t received any notification.
“Information is not forthcoming,” said one security clearance holder surveyed. “I don’t understand what happened and how I am impacted.”
Recruiters said the slow pace of response means they expect to be dealing with the aftermath of the breach for months, if not years, to follow.
The problem for many recruiters is the need to ‘cold call’ candidates – candidates who are now more security conscious than ever.
“I removed all security clearance and specific government contract information from all public resumes on all job sites (except ClearanceJobs.com),” said one survey respondent. “I am much more circumspect about sharing information with potential ‘employers’ online,” noted another.
Several said they would no longer submit resume details to applicant tracking systems typically used by defense companies, because they don’t want that information compromised.
When asked specifically about LinkedIn, 20 percent said they do not consider LinkedIn a good place to connect with recruiters. Thirty-seven percent were not sure how they felt about the site.
“I consider LinkedIn just as risky as any other portal such as Monster.com, etc,” said one respondent. “There is no validation process for people that establish accounts.”
“It is not secure. Anyone can data mine,” noted another.
LinkedIn has been the source of several spear phishing and data mining operations from nefarious actors, just in the past month alone. An October 7 CNN report noted Iran-based hackers are setting up fake profiles on LinkedIn, specifically to data mine professionals in the cleared and government space. “The fake personas fell into two groups: one set that were fully developed profiles posing as recruiters for major worldwide government contractors and international corporations, and another set that were less developed and designed to lend legitimacy to the primary accounts through endorsements and connections,” the CNN report stated. For employers, this means that security-conscious candidates are not likely to click ‘accept’ the next time an unknown recruiter reaches out.
When it comes to company reputation, post-OPM breach, that’s an increasingly high concern for security clearance holders – only 26 percent of those surveyed said they would apply for a job if they’d never heard of the company. Thirty-six percent of respondents said they would not apply for a job if they hadn’t heard of the company.
For smaller companies wondering how they can assure security conscious candidates, the survey pointed to one area employers have direct control over – their company profiles. Forty-eight percent of respondents said they would be more likely to connect with a recruiter if that recruiter had a completed profile on a site like ClearanceJobs.com.
AN ONGOING PROBLEM: PROCESSING DELAYS
For both recruiters and job seekers, there is one issue with implications beyond trust and accountability – and that’s lengthening delays in security clearance processing times. Seventy-nine percent of recruiters surveyed said processing delays are affecting their ability to hire. Thirty-six percent of the already-cleared respondents said reinvestigations were taking longer than usual.
“The OPM breach has delayed my reinvestigation several times for over a year now (including a period of unemployment). I was finally able to re-submit (4th time) my SF-86 for a final adjudication last week. Still crossing my fingers for no more delays!” said one respondent.
Several recruiters complained that being unable to place candidates into contracts due to security clearance processing delays resulted in corporate fines due to contract requirements not being met. Defense contractors are literally paying the price for the OPM breach in some cases, as they wait for personnel to be cleared and able to work. The federal government is also feeling the effect – delays in security clearance processing times have been blamed at least in part for Customers and Border Protection’s national staffing shortage. The agency had received approval to hire 2,000 customs officers by the end of the year, but has only been able to fill 800 positions.
“It takes as long as 12 to 18 months to get a clearance. That’s insane,” said U.S. Senator John McCain said during a recent visit to Tucson. A number of the current openings are in McCain’s home state of Arizona.
THE END RESULT: FEWER QUALIFIED CANDIDATES
The bigger issue for the federal government is the problem with recruiting talented cleared professionals. In the midst of a severe STEM and cyber skills shortage, the OPM breach is making many currently cleared candidates move to commercial careers, where a hiring boom is underway.
“I will no longer seek employment that requires a security clearance because of poor handling of data by defense contractors and the United States Government,” said one respondent. “They were warned of this over 5 years ago. They show that they cannot be trusted with even the simplest things – like the protection of personal information.”