The federal government has trouble attracting people to cybersecurity jobs and keeping those it does hire.
Some federal employees are looking to change career fields, out of desire or necessity, but they are not qualified for those jobs.
Demand, meet supply.
The government early in 2019 will launch the Federal Cyber Reskilling Academy, a training program for federal employees who do not work in information technology-related positions. The program is intended to prepare the workers to move into that high-demand field. While the initial phase will involve only 25 employees, the administration considers it “just a first step,” Federal Chief Information Officer Suzette Kent said.
“This is one of the areas in technology where we have higher vacancies and shorter tenures. We’re in the same situation as many private-sector industries where we’re fighting tooth and nail for cyber professionals,” Kent said in a phone interview.
In recent years, White House initiatives, congressional hearings and reports from the Government Accountability Office and others have focused on the government’s need to bolster its cybersecurity workforce. While there is general agreement that a “skills gap” exists, it is not well defined. Under a 2015 law, agencies are working to inventory their cyber-related positions and to document their shortfalls.
While the salaries the government can offer commonly are blamed for its recruitment troubles, its slower and more complex hiring process also can put it at a disadvantage against the private sector. The Office of Personnel Management recently allowed agencies to use shortcut hiring procedures in many cyber fields, but moving existing employees into those jobs “lets us take people who have gone through the process and in a short time get them ready for a different type of contribution, a contribution that we need,” Kent said.
In laying out its plans for government management and for the federal workforce, the Trump administration has called for retraining federal employees in light of new technologies and other workplace changes that could eliminate some current jobs.
Meanwhile, many current federal employees set out on a career path long before cybersecurity became a hot field: The average age is above 47; and 6 percent are younger than 30, a quarter of the national average.
“There are many jobs that are evolving and changing, and this is a channel for us to keep those individuals engaged in the federal workforce,” Kent said. “There are many who maybe didn’t have the opportunity to enter into this field at whatever point they transitioned into the federal government. This is a really unique opportunity to get skills and have your employer invest in building those skills.”
The training program, which will be at no cost to employees, started accepting applications Nov. 30 and will continue to accept them through Jan. 11. Applicants will be sent an assessment form, and those who are accepted will be notified in late February for training in March through June.
The response so far has been “fantastic,” Kent said. “They know it’s a national priority; they’re very aware that technology is a key component of what we do in every single agency.”
To participate, employees need the approval of their supervisors, who will be risking losing them. Kent said that has not been a concern and that agency officials are “very supportive of this as a way to keep great employees who understand the mission and who are a part of the federal workforce. That individual may end up staying in that agency, just in a different role.”
The curriculum will consist of three training courses, parts of which will be virtual and parts held on-site at Education Department headquarters. Those who complete the training successfully are not guaranteed a cybersecurity job with the government, but they should emerge with the skills needed for entry-level jobs, and they will be given further help to break into the field, according to the federal CIO Council, which is running the program.
A second pilot project is planned for next year that will be open to employees in IT but who are looking for further specialized training. Other phases are to focus on improving skills with new technology and on developing cybersecurity leaders.
“This one is specifically aimed at people who are not in IT, but they have a lot of the qualifications that would lead us to believe they could be very successful in a cyber role,” Kent said. “We’re going to set how we go forward based on the outcome of this first pilot. . . . The hopeful outcome from this is that we have proven this to be one of the tools that will work to build our cyber workforce.”