Government Hiring Practices Hamper Cybersecurity Efforts - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Government Hiring Practices Hamper Cybersecurity Efforts

Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say.

Domestic Drones: 5 Non-Military Uses
Domestic Drones: 5 Non-Military Uses
(Click image for larger view and slideshow.)

Government cybersecurity practices remain hobbled by rigid human resources policies that must be changed if agencies are to more effectively recruit, train, and keep talented IT professionals, a group of experts said at a forum on cybersecurity.

"We spend a lot of time in the CIO Council talking about the lack of flexibility in hiring," said Karen Britton, special assistant to the president and CIO, Executive Office of the President.

"We're trying to get out in front" in describing the IT security skills agencies are looking for, but "we do rely on HR for position descriptions," and often, the processes for defining and recruiting IT talent don't yield the results agencies need.

Britton made the remarks May 15 at a forum hosted by the Association for Federal Information Resources Management (AFFIRM) and the US Cyber Challenge, a group attempting to develop future cybersecurity talent.

[InformationWeek's latest IT Salary Survey shows that security pros have high salaries and great job security ... but how long will it last? Tune in to InformationWeek Radio: State of Information Security Salaries & Careers.]

Gregory Wilshusen, director of information security issues at the General Accountability Office, agreed. "[We have] the government hiring practices of the 1940s and '50s in the 21st century," he said.

Within the broad term "hiring practices," there are a whole range of issues. Wilshusen said part of the problem has been that agencies such as the Department of Homeland Security, the National Institute of Standards and Technology, and the US Office of Personnel Management, among others, have not had a common terminology for positions or a common expectation of the skill sets that a given position should include. The National Initiative for Cybersecurity Education, or NICE, program being led by the NIST is "beginning to coalesce" these differences into a shared definition, Wilshusen said.

US Naval Cyber Defense Operations Command (Image: US Navy)
US Naval Cyber Defense Operations Command (Image: US Navy)

The length of time it takes to fill a position, which can stretch out for months, and the challenges even government-savvy candidates face in completing the necessary paperwork, are part of the problem. The lack of autonomy in government jobs -- real or perceived -- is seen as another challenge.

Another is that many of the most skilled cybersecurity people don't always fit the profile of individuals agencies typically look for: They may be college dropouts, or they may have gotten in trouble in the past for hacking exploits, which often disqualifies them from consideration, even though they might have the ideal experience for certain jobs.

Steve Bucci, former deputy assistant secretary for homeland defense and defense support of civil authorities at the Defense Department, said one of the biggest unnoticed consequences of classified data leaks

Next Page

Washington-based Patience Wait contributes articles about government IT to InformationWeek. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Author
5/21/2014 | 1:54:08 PM
Re: Tough Job
On the other hand, where else is someone with the right skills likely to get the kind of front row seat and training the government offers -- it's a little like getting to fly an f-35 Joint Strike Fighter. Can't find those kinds of jobs in the private sector.  But it does take someone willling to give it all for his/her country.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll