Better than any report on the federal government’s “critical skills gap,” the cybertheft of 22 million federal personnel records demonstrates Uncle Sam’s need for cyber experts.
So when the University of Central Florida Knights, the 2015 National Collegiate Cyber Defense Competition champions, traveled to Washington recently as part of their victory tour, it was a great opportunity for them to get a taste of cyber careers in the federal government.
They did, but too late. Most of them were already committed to private industry.
That illustrates one reason cybersecurity, or more accurately cyber-insecurity as shown by the Office of Personnel Management data breach, remains on the Government Accountability Office’s 2015 high-risk list. “Although steps have been taken to close critical skills gaps in the cybersecurity area,” GAO says, “it remains an ongoing problem and additional efforts are needed to address this issue government-wide.”
Part of that effort should be recruiting bright, creative and eager folks like those in the Knights. Recruiters also should look for older cyber experts with valuable experiences. During a Federal Diary conversation with two Knight team members, it was clear they are impressed with the government’s mission, even while noting shortcomings in Sam’s recruiting efforts.
Kevin DiClemente, for example, recalled a recruiting call he received from the National Security Agency. Secrecy being endemic to the NSA, the caller ID indicated an unknown number. That might make sense for the agency’s regular business, but it’s not the best way to get recruiting calls answered. DiClemente mentioned the unknown number to the NSA recruiter, and, to the agency’s credit, subsequent calls were not cloaked in that level of secrecy.
Jason Cooper, another team member, said he had not considered a public-sector career before the collegiate competition. He encouraged government recruiters to increase school visits.
“At the University of Central Florida, we don’t get too many visits like that,” Cooper said. “Getting that exposure for students really is critical.”
Neither DiClemente nor Cooper chose to work for the federal government. Both accepted jobs in the private sector, DiClemente with Microsoft and Cooper with Amazon.com. (Amazon and The Washington Post have the same owner.)
The talent shortage also affects government contractors, said David Wajsgras, president of Raytheon’s intelligence, information and services business. Raytheon and the Department of Homeland Security were sponsors of the competition. Wajsgras said about 95 percent of the company’s work is on government contracts.
Neither government nor industry focuses enough on “the direct benefit that these folks with these specific skill sets can bring to the overall mission,” Wajsgras said. “We have collectively not done as good a job as we need to in attracting expertise.”
GAO offered three recommendations to help government focus on closing the skills gap. In January, GAO told OPM it should strengthen how it identifies and addresses the skills gap in cybersecurity and other critical areas, “establish a schedule and process for collecting government-wide staffing” data and develop a core set of metrics for use by all agencies in government-wide workforce analyses.
OPM agreed with the first and third recommendations, but not the second. “Funding and resource constraints negatively affect our ability to support agencies’ efforts to address their workforce competencies,” OPM said in its reply to GAO. In plain English, it costs too much.
But if GAO’s recommendations help prevent additional massive thefts of personal information, like the two OPM announced in June that pilfered current and former federal employee, contractor and family records going back to at least 2000, then it’s worth the cost.
“We’re going to have to take extraordinary moves to try to develop a broader set of talent and skill base in that area,” Tony Scott, the U.S. chief information officer, told the National Council on Federal Labor-Management Relations last month, noting that recruiting cyber talent is “the hardest recruiting that there is on the planet today.”
One move Sam might consider is better pay for cyber experts like DiClemente, Cooper and their UCF teammates. An April report by the Partnership for Public Service and the Booz Allen Hamilton consulting firm said the “compensation gap” is causing the federal government to fall behind private companies, including contractors such as Raytheon. The private sector, the report said, “can simply hire away the best cybersecurity talent and rent it back to the government at a higher hourly rate.”
Yet Gregory J. Touhill, the retired Air Force general who now is the DHS deputy assistant secretary for cybersecurity operations and programs, said the U.S. Computer Emergency Readiness Team gets 45 applicants for every job opening, though not all of them are qualified.
The U.S. doesn’t need to get into a bidding war, he added during an interview, because Congress demands fiscal responsibility and compensation can be broadly defined to include intangibles such as the mission, service and the quality of the work environment.
Touhill met with the UCF students this year and last, when the team also won the championship. The OPM data breach did not scare them away from federal service, he said, but “magnified the importance of bringing in young fresh talent to . . . thwart adversaries.”
Will some of them eventually find a federal career?
“I sure hope so,” Touhill said. “They are an impressive bunch.”
This post has been updated to correct information from a public relations firm that said Raytheon will hire about half of the UCF team.