In response, government at various levels has attempted to correct the problem by better defining the workforce and the expectations around it. At the federal level, the creation of career pathways and more organized workforce resources is one potential solution.
Federal officials discussed the problem and their moves to address it during a panel at the RSA Conference the afternoon of Monday, Feb. 29.
Giving Clarity to the Ecosystem
Rodney Petersen, director of the National Initiative for Cybersecurity Education (NICE) within the National Institute of Standards and Technology, said his organization is working to better define and develop the talent.He said the priorities of his organization fall to accelerating learning and skills development, diversifying the cybersecurity community, and providing career development opportunities within the cybersecurity field.
“Really, what NICE is trying to do is integrate and develop an ecosystem of cybersecurity education, training, workforce development across the public and private sectors. And to really, as the picture depicts here, knit together a quilt. We have lots of individual initiatives or pieces that are happening beautifully, and we are trying to be that thread that sews it together to create a national story or a national picture.”
The director said the demand for skilled workers is outpacing the supply and is forcing government into a position of having to think more creatively. He pointed to the potential for those within industry and academia to make late-stage career transitions to public-sector positions as one such example.
“We also need to look at ways we can take the existing federal workforce or private-sector workforce and retrain or retool them, so there are lots of opportunities through what community colleges are doing, in what training organizations are doing to accelerate that learning and skills development.”
Within the Department of Homeland Security (DHS), Benjamin Scribner, program director of National Cybersecurity Professionalization and Workforce Development, said workforce frameworks provide a new level of clarity in an otherwise disjointed field.
According to Scribner, the DHS has made available tools and resources though the Web portal to assist in workforce training and planning.
“Everything that we have in our portal … is keyed to the national cybersecurity workforce framework, which is a fantastic, incredible new development for our nation, because for the first time it gives us a consistent standard for cybersecurity in the private sector, the public sector, across academia and industry,” Scribner said.
Permeability and the Cybersecurity Sea Change
Among other key considerations, Greg Rattray, director of Global Cyber Partnerships and Government Strategy with JPMorgan Chase & Co., said that while government employees can easily leave the public sector, their transitions back into public employment has not been optimized.He refers to this loss of talent as “brain drain,” and said the inability to flow between the public and private worlds poses a significant “permeability” issue.
“Government career structures are not well attuned to moving in and out," he said. "It’s a very linear, industrial age personnel system, but if we could make it such that you could have a career and spend 20 years, 10 in the private sector and 10 [in the public sector], back and forth, that is something we really need to put a lot of attention on."
Additionally, Rattray said there is a substantial need to build “deep” people for the roles in cybersecurity rather than simply filling seats. He points to sought after skills like program and risk management, customer and industry relations, and data analytics as important additions to the more typical technical skills.
“This is a field which is overwhelmed with data now," he said, "so the ability to tell a simple story and bring the important thing through from all the information we have is as skill that is sort of inherent actually to a lot of the other skills that are up there."
Rattray also called attention to the changed winds of the cybersecurity ecosystem. He said where governments once led the charge in the cybersecurity arena, companies are now at the helm.
“From my career, starting in the government and the military, it used to be cybersecurity was a government-dominated space,” he said. “It’s making that rapid transition to the workforce, and the frontlines for defense is in the private sector, so working closely with government to build national frameworks, we leverage it in our team and our position descriptions are aligned to it.”
The prevalence of technology across government and industry means that the adversaries once drawing personnel to military service are the same adversaries now attacking private companies.
Building Interest and Educating New Talent
The DHS's Scribner highlighted creative solutions to building talent in the government space, like apprenticeship grants and educational-credit programs, and his colleagues on the panel said curriculum needs to be developed for cybersecurity-focused education.Don Davidson, deputy director of Cybersecurity Implementation and Acquisition integration with the Department of Defense-CIO for Cybersecurity, said there is real value in developing comprehensive cybersecurity curriculum.
