The House Cybersecurity and Infrastructure Protection Subcommittee recently held a hearing titled “Challenges of Recruiting and Retaining a Cybersecurity Workforce.”
Subcommittee Chairman John Ratcliffe (R-TX) was dismayed because he believes DHS has not made better use of hiring authorities it was granted specifically to address cyber hiring needs. His opening statement said, “The Homeland Security Committee passed several pieces of legislation that were signed into law to augment the cybersecurity workforce at DHS, including the Border Patrol Agent Pay Reform Act of 2014 that expanded DHS’s hiring authorities, allowing the Department to better recruit and hire qualified cyber professionals. Unfortunately, these new authorities have not yet been fully implemented.”
Ranking member Cedric Richmond (D-LA) said “The federal government, and DHS in particular, is struggling to compete with the private sector for cyber talent.”
The congressmen may be right, but their comments do not address the larger problem of hiring rules and practices in general.
Virtually everyone agrees that the federal hiring process is abysmal. It is hard to understand, confusing, and makes it difficult for agencies to hire the people they need when they need them. In this case, the subject was cyber hiring, where DHS and other agencies have more flexibility.
It is easy to point to DHS and say they need to do more, as if DHS is unique in struggling to hire cyber professionals. Nor are they alone in being accused of not using the flexibilities they already have. Agencies often go to the Office of Personnel Management (OPM) seeking direct hire authority or some other kind of hiring relief. The argument is usually based on the demand for talent, the problems with the federal hiring process, and the government’s difficulties in hiring. OPM’s response usually begins with “What have you done with the flexibilities you already have?” Surprisingly, sometimes the answer is “not much.”
The truth is that much of federal hiring is driven by inertia. Agencies often do what they have always done. That means some agencies do not fully implement the flexibilities they already have. Even when they do, other problems get in the way. Security clearances are a great example. If hiring managers and HR work together to recruit and make offers to people in high demand positions, but those folks have to wait for months to get through security, the talent may move on to other employers that are able to put them on the payroll more quickly.
Even though agencies often do not use the flexibilities they already have, this may not be one of those situations. Cybersecurity positions are in extremely high demand everywhere. All you have to do is watch the news to see the cyber threats that we face. Every level of government and much of the private sector are hiring cybersecurity professionals. Even when agencies use every hiring flexibility they have, there may not be enough interested talent available to meet the demand.
That does not mean agencies are not trying. As Federal News Radio recently reported, the CIO Council, OPM and the Office of Management and Budget are hosting a hiring fair in November. One key aspect of the hiring fair is that some candidates will receive conditional offers at the event. The more the government can move to a rapid hiring approach, the better it will be able to compete for in-demand talent. One event does not eliminate the problems with the hiring process, but it does show that OPM, OMB, and hiring agencies are willing to get out of their comfort zones. In fact, the event is similar to one DHS conducted in 2016, where it made offers to over 150 people. DHS hired more IT professionals in 2016 (467) than it had in any of the preceding 3 years (330, 244 and 297).
The fact that DHS conducted that hiring event and used it to make a lot of job offers shows that DHS has not been sitting around doing nothing. One thing I learned when I was DHS CHCO is that DHS will always be the target of congressional oversight. It seems that every step we made was accompanied by someone on the Hill saying it was not enough. The growing cyber threats and increased focus on border security mean that DHS is a growth business. If they met every need they have today, they will still need more tomorrow.
The government is most likely going to continue to struggle to hire cyber talent. When they compete with the private sector, the government comes to the table with less flexibility in its hiring process, less flexibility in pay, and a security clearance process that takes far too long. Some folks point to contractors doing business with the government and make the argument that the private sector has the same security clearance problems. That is true for government contractors, but it is not true for other companies that are looking for cybersecurity talent. There are many more of those than there are federal contractors, and those folks can hire more quickly and offer whatever pay they can afford. We should not be surprised when the government struggles to compete.