Getting and keeping top cybersecurity staff in government isn't always easy, but there are strategies available to build your workforce.
History teaches us that great leaders build great teams. Surveys confirm and reconfirm that attracting and retaining talent is key to achieving organizational objectives and building a culture that makes a positive difference.
But attracting or retaining professionals with any credible cybersecurity experience into government positions has never been harder than it is right now. Constraints such as compensation packages make it hard to compete in our new “talent war.”
Further complicating this problem are government employees eligible for retirement. A public-sector “brain drain” is still predicted when staff with more than 30 years’ experience decide to retire.
Sadly things will likely get worse. One study by Frost & Sullivan forecasts a cybersecurity industry worker shortage of 1.8 million workers by 2022. Meanwhile, in mid-August 2017, four more top cybersecurity officials announced that they are leaving federal government.
In response to this competition for talent, a variety of government staff retention programs are commonplace. Offering telework, more vacation and flexible hours, and emphasizing very competitive health insurance plans are a few ways to keep staff from jumping ship. Defined benefit retirement plans are still available in some state and local governments, but these incentives are going away.
And while pay scales for technology and cybersecurity professionals are being raised in some public-sector organizations, it’s hard to see how governments can compete with private-sector pay — especially if stock options and bonuses are included.
So what can be done? Here are three strategies to consider:
1. Grow your own team. Just like in professional baseball, you can build a “farm team” of young cyberprofessionals, students, interns and recent college graduates with technology knowledge and passion, but less experience. There are ways to attract young talent into government roles, since research has shown that public service and making a difference in society are a higher priority than pay for millennials.
There is a strong case to be made for starting one’s career in government IT, since public-sector positions often offer a wider breadth of opportunities and challenges than initial private-sector roles.
TIP: Make a concerted effort to recruit and engage young people starting in high school and early college. Get involved with cybercompetitions to find the right students.
2. Retrain staff from other parts of government. Offer cross-training and technology transfer programs from the business side of government. Since cybersecurity roles often pay more, agency staff from other parts of the tech organization and/or business areas are often keen to make the jump to security roles. These pros know how government runs, so they bring added value to the security team.
TIP: Consider programs like Hiring Our Heroes to bring military veterans into the workforce. These veterans often bring hands-on experience from the front lines of cyberbattles around the world.
3. Ensure vendor management excellence. Enlarge your vision and make sure the best private-sector cyberpros keep working on your contracts.
Most governments rely on vendor staff to meet cybersecurity needs. Whether you use a staff augmentation approach, outsource certain functions or both, government leaders must ensure that contracts are well written and professionally managed after signing. Successful security leaders ensure that their private-sector partners don’t rotate out the best contract staff after an initial period or lower the quality of their work using bait-and-switch techniques.
TIP: Attract and maintain the best contract oversight staff who understand procurement and keep the top vendor talent working on your projects. Also, include these contract professionals in team-building events.
Our future promises autonomous vehicles, robots and more, which means millions of Americans will need to be retrained to use new technology. Artificial intelligence may help someday, but these innovative paradigm shifts should challenge gov tech managers to rethink their recruitment practices now. Security may be the most noticeable part of government’s staff retention challenges, but other areas like database administrators and programmers with secure-coding skills are also difficult to keep.
Finally, could a tech bubble burst change the hiring landscape? Government jobs have offered stability during hard times, and no doubt, this will happen again at some point.
My advice: Be ready whenever cybertalent becomes available.