The $1.7 trillion omnibus spending bill recently signed into law by President Joe Biden shows that the federal government is poised to spend millions more to improve cybersecurity, but hire and retain enough talented tech and cybersecurity professionals to meet the administration’s goals. remains a major challenge.
A look at the bill, which Biden signed Dec. 29, shows significant increases in cybersecurity spending across the federal government over the next year. For example, the United States Agency for Cybersecurity and Infrastructure Security is expected to receive $2.9 billion under the bill, an increase of more than $300 million from the agency’s previous annual budget.
Additional cybersecurity spending increases contained in the bill include:
- $200 million for the Department of Energy’s Cybersecurity, Energy Security and Emergency Response Service
- $100 million for the Treasury Department Cyber Security Enhancement Account
- $422 million for the Office of Personnel Management for cybersecurity and hiring
- Nearly $22 million to help fund the Office of the National Cyber Director
- $50 million to deal with cyber threats from Russia and other overseas advisories
While the allocation of these funds sets the priorities and direction for cybersecurity across the federal government, the administration still needs skilled technology and cybersecurity professionals to carry out these various initiatives. Here, the administration faces a significant shortfall.
In September, the Federal Cyber Workforce Management and Coordination Task Force published a report indicating that, of the 700,000 cyber positions open in the United States, 40,000 of these jobs are in the public sector. As the document also notes, the Bureau of Labor Statistics found that the cyber labor market “will grow 13% from 2020 to 2030, faster than the average for all occupations.”
According to the United States Office of Government AccountabilityIn its December report, the Pentagon spends hundreds of millions of dollars on cybersecurity training, but the armed forces lack uniform requirements to ensure its personnel remain on duty to ensure the department American Defense receives its return on investment and retains its talent.
“This year, we will continue to see the labor gap widen both within industry and government,” Jim Hoppe, senior vice president for the Americas at the company, told Dice. Delinea security. “The additional funds will provide tremendous support, but the government needs to do a better job of attracting more new and diverse talent to join the cybersecurity workforce. The way we attract new talent to the cyber industry and accelerate hiring must evolve, as hiring the right people is no longer just about basic technical skills, but rather a diverse skill set that also includes communication. , collaboration, marketing, design and psychology.
Bringing more cyber talent to government work
While the pay the difference between those working in private sector cybersecurity and their public sector counterparts is well documented, industry experts note that the U.S. government still has unique opportunities to offer those looking to start and advance a career in cyber.
One way is to appeal to a unique sense of mission and government service, especially as the United States continues to build its cyber capabilities, Hoppe said.
“Never underestimate the power of mission and the desire to be part of something bigger, but building a strong safety-focused culture takes time, ideas and action. It requires a mindset shift that creates a shared, value-driven approach,” Hoppe added. “Agencies should also consider assigning a ‘cybersecurity champion’ to each department who understands the unique security challenges and challenges a department faces, who can help enforce security policies and can authentically vouch for additional security resources and training if needed.”
Another way to attract more cybersecurity talent to government is to appeal to entry-level candidates who want to embark on a career in cyberspace but need experience, said Sounil Yu, CISO at JupiterOne.
“The government can beat the private sector when it comes to hiring and training entry-level talent. As such, he should consider significantly increasing the budget of the CyberCorps Program, which offers scholarships to students who commit to working for the government after graduation,” Yu told Dice. “The Omnibus Bill increases CyberCorps’ budget by about 10%, but that amount needs to increase significantly if the government is to create a meaningful pool of talent that will eventually stay in government.”
While pay is one area where the private sector has a clear advantage, industry watchers note that the government’s overall hiring practices — which many see as a jumble of endless red tape and paperwork — are also hampering hiring top tech and cybersecurity talent.
Federal agencies are also placing less emphasis on hiring people with specialized skills, which can drive talent away, said Dr. Stephanie Carter, director of FedRAMP consulting services at consulting firm Coalfire.
“The biggest issues with recruiting and retaining federal employees are all the hurdles and red tape you have to go through just to get the job,” Carter told Dice. “The requirements for these jobs are too extensive and if you don’t know anyone inside, you won’t be able to be selected as a candidate. And these requirements are not the industry requirements for cyber certifications and training, which the civilian sector recruits for these special skills and succeeds in recruiting and retaining talent.
Closing the skills and talent gap
To attract more technology and cybersecurity professionals to careers in the public sector, the government must ensure that agencies can provide training for those who want to follow this professional path and help build a better culture.
There are three specific areas where government agencies need to invest some of their new cyber dollars to help build a skilled workforce, said Kyle Dewar, director of technical account management for the federal government at the Tanium security company. These include:
- Strong programming skillsincluding the ability to solve complex problems and critical thinking skills.
- Experience in data analysisincluding how to discover, identify, mine and leverage the data in meaningful ways.
- Experience using industry standard tools to help accelerate IT operations, security, compliance, and risk management activities.
Dewar, who also served as head of talent management for the U.S. Marine Corps Forces Reserve, added that the federal government must also keep pace with the evolution of the cybersecurity industry.
By doing so, the government can better recruit and retain talent. “Government and industry want high quality talent. The belief is that like baseball or basketball or other sports teams, the highest payroll will win,” Dewar told Dice. “Government organizations need to understand how their cyber missions are evolving. Understanding the skill dynamics of a cyber workforce will inform investment decisions on which skills to purchase as part of a strategic talent management plan. A football team needs a quarterback, but they need five offensive linemen, etc.
Even with the extra funds from Congress, Darren Guccione, CEO and co-founder of Keeper Security, still thinks the government needs to do more to recruit and train the cyber and tech talent it needs to improve its defenses. He added that his company investigation shows even the private sector, which has the funds to pay top talent, is struggling to meet hiring needs.
“Just as business leaders are challenged to find the cybersecurity talent needed to keep their organizations safe, so is the federal government,” Guccione told Dice. “While corporations have the financial advantage, government agencies offer other incentives such as entry into the field, top-notch training and federal benefit programs, as well as intangible benefits such as patriotism. and service to the country.”