DHS recent hiring sprint shows promise, but lawmakers still see gaps in the federal cybersecurity workforce
The federal government continues to face challenges in recruiting a skilled cybersecurity workforce, amid heavy private sector demand and obstacles built into the hiring process, but there are some recent signs that longstanding efforts to improve the situation are starting to pay off.
The federal government continues to face challenges in recruiting a skilled cybersecurity workforce, amid heavy private sector demand and obstacles built into the hiring process, but there are some recent signs that longstanding efforts to improve the situation are starting to pay off.
At a Thursday hearing of the Cybersecurity, Infrastructure Protection and Innovation subcommittee of the House Homeland Security Committee, panel chairwoman Rep. Yvette Clarke (D-N.Y.) called attention to recent cybersecurity workforce "sprint" at the Department of Homeland Security.
"I want to commend Secretary [Alejandro] Mayorkas for making enhancing the cyber workforce the second of DHS's 60-days cyber sprint," she said. "By prioritizing this aggressive approach, Secretary Mayorkas has made meaningful progress in reducing significant cyber vacancies at the department while taking additional steps to address the shortage of cyber professionals nationally."
Earlier this month, Mayorkas announced the hiring of 293 cyber professionals and the extension of tentative job offers to 500 additional candidates.
David Pekoske, the head of the Transportation Security Administration, referenced the sprint and the program development behind it during a Tuesday hearing of the Senate Commerce Committee.
"It's called the Cybersecurity Talent Management System.… [It] allows us to go into a direct-hire process, which means you don't have to go through the USAJOBS process that takes a good amount of time," he said, adding that the program also has built-in pay flexibilities.
Lawmakers and witnesses aired some impatience at the time it has taken for the Cybersecurity Talent Management System (CTMS) to come online. Legislation to authorize the system passed in 2014, but the program only recently came online to support the hiring sprint at DHS. Agency officials say that final rules for the program should go live this September.
"That's too long," said Max Stier, the president and CEO of the Partnership for Public Service, at the Thursday hearing of the House Homeland subcommittee. "You can't wait seven years for this kind of action."
Subcommittee ranking member Rep. Andrew Garbarino (R-N.Y.) also noted the slow pace of bringing the new hiring authorities online.
"CISA has been plagued by hiring delays, long dated onboarding processes, a lack of professional human resources specialists and duplicative and arbitrarily onerous vetting requirements," Garbarino said. "It is important that we continue to hold CISA and the department accountable when it comes to these troubling issues, and I appreciate the chairman working with me on our oversight of the Cyber Talent Management System rollout. I am pleased that CISA director, Jenny Easterly, has said this will be a top priority during her tenure."
Currently, there are 464,420 cybersecurity job openings nationwide, according to Cyberseek, a database backed by the Department of Commerce and the National Institute of Standards and Technology. From the federal government's point of view, the dire need is exacerbated by the age of the federal workforce.
Stier pointed out that less than 6% of the federal cyber workforce is under the age of 30, and opportunities for young people to join the federal government via programs employing current students and recent graduates are scarce. Currently, only 4% of new hires come from federal programs employing current students and recent graduates, he said.
Apprenticeships could be a valuable tool in addition to federal internships, said Tony Coulson, the executive director of the Cybersecurity Center at California State University in San Bernardino and the lead of the National Centers of Academic Excellence in Cybersecurity Community.
"I think that the apprenticeship model has been incredibly underused and there's a lot of energy coming out of other parts of the government, and I would like to see that in national security because it allows us to mentor and produce and validate talent while they're in school and while they're working," Coulson said. It could also strengthen partnerships with educational institutions.
Fixing federal problems will be necessary for agencies to capitalize on any progress writ large, said Garbarino.
"No matter how much education we provide to our students, no matter how much interest we cultivate, none of it matters if we can't bring qualified and interested individuals into the government service," he said.