Legislators call for more flexible cyber hiring and training

Three Democratic members of Congress want the government to look to private sector practices as a model for hiring and training the federal cybersecurity workforce

Shutterstock imag (by Benjamin Haas): cyber coded team.
 

Three Democratic members of Congress want the government to borrow private-sector practices to improve federal hiring and training and bolster the cybersecurity workforce.

In a letter to Office of Management and Budget Acting Director Kathleen McGettigan, Reps. Derek Kilmer (D-Wash.), Josh Gottheimer (D-N.J.) and Kathleen Rice (D-N.Y.), who co-chair the New Democrat Coalition Cybersecurity Task Force, suggested ways to tackle the “unprecedented” cybersecurity challenges and lackluster government recruitment and retention of skilled cyber professionals.

“In recent years we've seen that our infrastructure, our economy, and even our very democracy are vulnerable to cyber attacks,” said Kilmer in a May 4 statement.

Specifically, the lawmakers called for increasing employee training and expanding the requirements for cyber jobs as ways to strengthen the federal talent pool.

In the letter, they asked OPM about agencies’ authorities to train their employees, and encourage the adoption of private sector training practices.

“Federal agencies have the authorities to provide training, including non-governmental training resources, for employees,” they wrote, adding that employing industry-recognized certification testing “would be a valuable tool for agencies to recruit and retain highly-qualified cyber professionals.

The lawmakers noted that agencies do not offer this benefit, and asked OPM if there is anything that precludes agencies from using these tests, and how to best encourage their use.

They also inquired about OPM’s degree requirements for cybersecurity-related government jobs.

Although OPM does not mandate federal cyber hires to have a four-year degree, “the vast majority of job postings” list having a four-year degree as a prerequisite, the letter states.

“Given the increasing need for cybersecurity personnel, OPM should be more flexible with job requirements,” the legislators wrote. “For many of these jobs, a two-year degree or other non-traditional education paths… can sufficiently prepare workers, especially in combination with high-value experience.”