Study: Feds Face Severe Shortage of InfoSec Specialists

Fragmented IT Workforce Described; No One in Charge Eric Chabrow (GovInfoSecurity) • July 22, 2009

Government IT is at risk because of a dearth of IT security professionals working in the federal government, and the lack of leadership in developing a framework to recruit and retain cybersecurity specialists, concludes a report issued by the not-for-profit Partnership for Public Service and the management consultancy firm Booz Allen Hamilton.

"President Obama has declared cybersecurity to be 'one of the most serious economic and national security challenges we face as a nation' and has pledged to address these threats," partnership CEO Max Stier said in a statement accompanying the release of the report "The only way to get it done is to build a vibrant, highly trained and dedicated federal cybersecurity workforce."

According to the partnership, the report, Cyber IN-Security: Strengthening the Federal Cybersecurity Workforce identifies serious problems within the professional community charged with protecting the government's computer networks against attacks from foreign nations, criminal groups, hackers, virus writers and terrorist organizations.

The report identifies four primary challenges that threaten the quality and quantity of the federal cybersecurity workforce:

The pipeline of potential new talent is inadequate. The government needs nearly 1,000 graduates annually to fill entry-level cybersecurity jobs whereas only 120 entry-level jobs were filled through a successful scholarship program.

Fragmented governance and uncoordinated leadership hinders the ability to meet federal cybersecurity workforce needs. No one in government is charged with cybersecurity workforce planning.

Complicated processes and rules hamper recruitment and retention efforts. The hiring process is deemed cumbersome, which deters talent from entering government service.

A disconnect exists between front-line hiring managers and government HR specialists. Within agencies, hiring managers and human resources offices are often not on the same page.

The report recommends that the White House develop a government-wide strategic blueprint to acquire, train and retain IT security talent. Other key recommendations:

Devise new job classifications, one classification hasn't been updated since the 1980s.

Creating a dedicated, high-level team within Office of Personnel Management to identify and remove barriers to hiring top cybersecurity talent.

Encourage members of Congress to expand and fund programs that train graduate and undergraduate students in cybersecurity.

Develop training programs to ensure a state-of-the-art federal cybersecurity workforce.

The Partnership and Booz Allen based their report on a survey of federal chief information officers, chief information security officers and HR officials, and focus groups at 18 federal agencies along with examination of public testimony, reports and documents.

"Our federal government will be unable to combat cyber threats to our national security without a more coordinated, sustained effort to increase cybersecurity expertise in the federal workforce," the report says.

The Partnership for Public Service is a nonpartisan, not-for-profit organization that encourages people to work in federal government and transform the way government functions.