Government // Cybersecurity
12:45 PM
IoT & Insurance: How Big Data May Affect Your Privacy & Premiums
May 06, 2016
Gwenn Bezard is co-founder and research director at Aite Group, where he leads the insurance pract ...Read More>>

Government Hiring Practices Hamper Cybersecurity Efforts

Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say.

Domestic Drones: 5 Non-Military Uses
Domestic Drones: 5 Non-Military Uses
(Click image for larger view and slideshow.)

Government cybersecurity practices remain hobbled by rigid human resources policies that must be changed if agencies are to more effectively recruit, train, and keep talented IT professionals, a group of experts said at a forum on cybersecurity.

"We spend a lot of time in the CIO Council talking about the lack of flexibility in hiring," said Karen Britton, special assistant to the president and CIO, Executive Office of the President.

"We're trying to get out in front" in describing the IT security skills agencies are looking for, but "we do rely on HR for position descriptions," and often, the processes for defining and recruiting IT talent don't yield the results agencies need.

Britton made the remarks May 15 at a forum hosted by the Association for Federal Information Resources Management (AFFIRM) and the US Cyber Challenge, a group attempting to develop future cybersecurity talent.

[InformationWeek's latest IT Salary Survey shows that security pros have high salaries and great job security ... but how long will it last? Tune in to InformationWeek Radio: State of Information Security Salaries & Careers.]

Gregory Wilshusen, director of information security issues at the General Accountability Office, agreed. "[We have] the government hiring practices of the 1940s and '50s in the 21st century," he said.

Within the broad term "hiring practices," there are a whole range of issues. Wilshusen said part of the problem has been that agencies such as the Department of Homeland Security, the National Institute of Standards and Technology, and the US Office of Personnel Management, among others, have not had a common terminology for positions or a common expectation of the skill sets that a given position should include. The National Initiative for Cybersecurity Education, or NICE, program being led by the NIST is "beginning to coalesce" these differences into a shared definition, Wilshusen said.

US Naval Cyber Defense Operations Command (Image: US Navy)
US Naval Cyber Defense Operations Command (Image: US Navy)

The length of time it takes to fill a position, which can stretch out for months, and the challenges even government-savvy candidates face in completing the necessary paperwork, are part of the problem. The lack of autonomy in government jobs -- real or perceived -- is seen as another challenge.

Another is that many of the most skilled cybersecurity people don't always fit the profile of individuals agencies typically look for: They may be college dropouts, or they may have gotten in trouble in the past for hacking exploits, which often disqualifies them from consideration, even though they might have the ideal experience for certain jobs.

Steve Bucci, former deputy assistant secretary for homeland defense and defense support of civil authorities at the Defense Department, said one of the biggest unnoticed consequences of classified data leaks

Next Page

Washington-based Patience Wait contributes articles about government IT to InformationWeek. View Full Bio

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
Drew Conry-Murray,
User Rank: Ninja
5/21/2014 | 2:56:57 PM
Re: Tough Job
I'd say Sillicon Valley and Wall Street have pretty good front row seats. But I agree that if you want to be part of a team that gets to kick down doors or fight terrorists and drug lords, that's not an opportunity you'll get in the private sector.
User Rank: Author
5/21/2014 | 1:54:08 PM
Re: Tough Job
On the other hand, where else is someone with the right skills likely to get the kind of front row seat and training the government offers -- it's a little like getting to fly an f-35 Joint Strike Fighter. Can't find those kinds of jobs in the private sector.  But it does take someone willling to give it all for his/her country.
User Rank: Ninja
5/21/2014 | 1:30:23 PM
Re: Tough Job
Cyber and kinetic attacks are going to be a huge issue for defense in the future. I am sure that the US government has a handle on the offensive side of these types of vectors.

But I question whether or not we are properly prepared to defend these sort of attacks on a large scale. I hope that we are. 
Drew Conry-Murray
Drew Conry-Murray,
User Rank: Ninja
5/21/2014 | 10:50:31 AM
Tough Job
I don't envy government recruiters. They've got a difficult needle to thread on hiring for cybersecurity, especially post-Snowden.
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
2016 InformationWeek Elite 100
Our 28th annual ranking of the leading US users of business technology.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of April 24, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.