Government Hiring Practices Hamper Cybersecurity Efforts
Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say.
Domestic Drones: 5 Non-Military Uses
(Click image for larger view and slideshow.)
Government cybersecurity practices remain hobbled by rigid human resources policies that must be changed if agencies are to more effectively recruit, train, and keep talented IT professionals, a group of experts said at a forum on cybersecurity.
"We spend a lot of time in the CIO Council talking about the lack of flexibility in hiring," said Karen Britton, special assistant to the president and CIO, Executive Office of the President.
"We're trying to get out in front" in describing the IT security skills agencies are looking for, but "we do rely on HR for position descriptions," and often, the processes for defining and recruiting IT talent don't yield the results agencies need.
Britton made the remarks May 15 at a forum hosted by the Association for Federal Information Resources Management (AFFIRM) and the US Cyber Challenge, a group attempting to develop future cybersecurity talent.
Gregory Wilshusen, director of information security issues at the General Accountability Office, agreed. "[We have] the government hiring practices of the 1940s and '50s in the 21st century," he said.
Within the broad term "hiring practices," there are a whole range of issues. Wilshusen said part of the problem has been that agencies such as the Department of Homeland Security, the National Institute of Standards and Technology, and the US Office of Personnel Management, among others, have not had a common terminology for positions or a common expectation of the skill sets that a given position should include. The National Initiative for Cybersecurity Education, or NICE, program being led by the NIST is "beginning to coalesce" these differences into a shared definition, Wilshusen said.
US Naval Cyber Defense Operations Command (Image: US Navy)
The length of time it takes to fill a position, which can stretch out for months, and the challenges even government-savvy candidates face in completing the necessary paperwork, are part of the problem. The lack of autonomy in government jobs -- real or perceived -- is seen as another challenge.
Another is that many of the most skilled cybersecurity people don't always fit the profile of individuals agencies typically look for: They may be college dropouts, or they may have gotten in trouble in the past for hacking exploits, which often disqualifies them from consideration, even though they might have the ideal experience for certain jobs.
Steve Bucci, former deputy assistant secretary for homeland defense and defense support of civil authorities at the Defense Department, said one of the biggest unnoticed consequences of classified data leaks
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.