Government Hiring Practices Hamper Cybersecurity Efforts - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity

Government Hiring Practices Hamper Cybersecurity Efforts

Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say.

Domestic Drones: 5 Non-Military Uses
Domestic Drones: 5 Non-Military Uses
(Click image for larger view and slideshow.)

Government cybersecurity practices remain hobbled by rigid human resources policies that must be changed if agencies are to more effectively recruit, train, and keep talented IT professionals, a group of experts said at a forum on cybersecurity.

"We spend a lot of time in the CIO Council talking about the lack of flexibility in hiring," said Karen Britton, special assistant to the president and CIO, Executive Office of the President.

"We're trying to get out in front" in describing the IT security skills agencies are looking for, but "we do rely on HR for position descriptions," and often, the processes for defining and recruiting IT talent don't yield the results agencies need.

Britton made the remarks May 15 at a forum hosted by the Association for Federal Information Resources Management (AFFIRM) and the US Cyber Challenge, a group attempting to develop future cybersecurity talent.

[InformationWeek's latest IT Salary Survey shows that security pros have high salaries and great job security ... but how long will it last? Tune in to InformationWeek Radio: State of Information Security Salaries & Careers.]

Gregory Wilshusen, director of information security issues at the General Accountability Office, agreed. "[We have] the government hiring practices of the 1940s and '50s in the 21st century," he said.

Within the broad term "hiring practices," there are a whole range of issues. Wilshusen said part of the problem has been that agencies such as the Department of Homeland Security, the National Institute of Standards and Technology, and the US Office of Personnel Management, among others, have not had a common terminology for positions or a common expectation of the skill sets that a given position should include. The National Initiative for Cybersecurity Education, or NICE, program being led by the NIST is "beginning to coalesce" these differences into a shared definition, Wilshusen said.

US Naval Cyber Defense Operations Command (Image: US Navy)
US Naval Cyber Defense Operations Command (Image: US Navy)

The length of time it takes to fill a position, which can stretch out for months, and the challenges even government-savvy candidates face in completing the necessary paperwork, are part of the problem. The lack of autonomy in government jobs -- real or perceived -- is seen as another challenge.

Another is that many of the most skilled cybersecurity people don't always fit the profile of individuals agencies typically look for: They may be college dropouts, or they may have gotten in trouble in the past for hacking exploits, which often disqualifies them from consideration, even though they might have the ideal experience for certain jobs.

Steve Bucci, former deputy assistant secretary for homeland defense and defense support of civil authorities at the Defense Department, said one of the biggest unnoticed consequences of classified data leaks

Next Page

Washington-based Patience Wait contributes articles about government IT to InformationWeek. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
5/21/2014 | 10:50:31 AM
Tough Job
I don't envy government recruiters. They've got a difficult needle to thread on hiring for cybersecurity, especially post-Snowden.
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
5/21/2014 | 1:30:23 PM
Re: Tough Job
Cyber and kinetic attacks are going to be a huge issue for defense in the future. I am sure that the US government has a handle on the offensive side of these types of vectors.

But I question whether or not we are properly prepared to defend these sort of attacks on a large scale. I hope that we are. 
WKash
50%
50%
WKash,
User Rank: Author
5/21/2014 | 1:54:08 PM
Re: Tough Job
On the other hand, where else is someone with the right skills likely to get the kind of front row seat and training the government offers -- it's a little like getting to fly an f-35 Joint Strike Fighter. Can't find those kinds of jobs in the private sector.  But it does take someone willling to give it all for his/her country.
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
5/21/2014 | 2:56:57 PM
Re: Tough Job
I'd say Sillicon Valley and Wall Street have pretty good front row seats. But I agree that if you want to be part of a team that gets to kick down doors or fight terrorists and drug lords, that's not an opportunity you'll get in the private sector.
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll