Gary Barlet, Public Sector Chief Technology Officer, Illumio
July 16, 2024
4 Min Read
Source: vska via Alamy Stock Photo
COMMENTARY
In the past year, we've seen an influx of attacks on critical infrastructure, which has steadily become a concern for the federal government, including for the healthcare sector, and even the US Department of Health and Human Services (HHS). However, with this rise in attacks across industries, we're still seeing a gap in available cyber professionals to address it. Case in point: 71% of organizations have unfilled cybersecurity positions. This is due largely to outdated training, costly certifications, and the industry's narrative of being difficult to enter. And each of these factors discourages prospective talent from joining the workforce.
To increase accessibility to the industry, the White House announced a commitment to skill-based hiring in order to recruit cybersecurity talent for the private sector and in-demand federal positions. This is a significant step for the federal government, which has long used arcane methods of recruiting cybersecurity professionals. However, it remains saddled with the perception that it's behind the times due to its reliance on legacy technology.
Stuck in the Past
Federal employees spend most of their time and energy on maintaining legacy security systems. As a result, government agencies are lagging in implementing modern security strategies. Limited funding, expertise, and technology make it virtually impossible for them to break this cycle. They just can't compete with the private industry for new hires aspiring to the cybersecurity big leagues.
Consequently, agencies are experiencing an IT skills deficit, specifically at the technician level, where protecting information and data from national security threats is critical. The money to recruit cyber talent and implement new technologies instead goes into maintaining legacy systems.
The question that needs an immediate answer is, How can the federal government close this gap in resources and incentives to attract top cybersecurity talent?
What Motivates Cybersecurity Pros?
Young people want to apply their skills to an organization at the cutting edge of technology. When deciding where to work, they consider salary, benefits like unlimited paid time off, bonuses, stock options, and the opportunity to work with the latest cybersecurity solutions. Sacrificing higher pay and perks to serve their country is a less desirable option for many.
Permitting remote working arrangements is another key consideration. The pandemic revealed that working from home is feasible, and convinced a wave of employees they don't have to commute to an office.
Therefore, the government needs to incentivize and get creative with how it recruits and encourages talent to enhance and maintain national cybersecurity standards. This is a challenge, as the current generation of workers is actively redefining the workforce as we know it.
To make itself more appealing to the younger generation, the federal government needs to reconsider the benefits it offers, moving away from more traditional long-term incentives to a focus on more immediate, short-term perks. Case in point: The military has revamped its benefits to entice current and retired military personnel, with benefits including supplemental allowance for basic needs, housing, and enhanced healthcare options. This step recognizes the shift in what prospective employees value in a job.
Ways the Government Can Incentivize Prospective Security Talent
The government will not close the cybersecurity talent gap until it provides incentives that compel prospective employees to transfer their skills from the private sector to positions with federal agencies. Such incentives could include:
More opportunity for short-term financial upsides
Part- or full-time remote working policies
Thrift Savings Plan (TSP) matching
In addition to recruiting individuals with cybersecurity skill sets, the government needs to ensure that it's recruiting blooming talent into its ranks and keeping them informed on the latest developments in the cybersecurity landscape, including threats, programs, tactics, and more.
Employees want benefits and the opportunity to learn and develop their skills. We've seen this first-hand in other federal programs: The Air Force runs a program called Education with Industry (EWI), which loans its fellows for an integrated, experiential learning program among industry partners within the private sector. The program gives participants access to the latest technologies, as well as hands-on learning experience for industry best practices.
To replicate this process, the government should partner with the private sector to develop security talent, offering employees the opportunity to work with the private sector while obtaining that same cutting-edge experience and then return to the federal government so they can apply that knowledge to national security.
From my own personal experience, having government experience on your résumé puts you ahead of those who have only private experience — especially as the private and public sectors continue to lean on each other and partner more heavily. The same could be accomplished for other cyber talent. Once they've gained experience in the private sector, they could be brought back to the government to apply their skills.
We're operating at a time when bad actors are launching unprecedented waves of attacks against government agencies. The threat to our nation has never been higher, and the federal government remains woefully underprepared. It must become more proactive and purposeful in how it recruits cybersecurity talent if it's going to level the cyber battlefield.