The Underpaid Cybersecurity Pro
Only three of 10 CIOs and CISOs interviewed by the Partnership for Public Service and Booz Allen Hamilton felt satisfied or very satisfied with pay packages they can offer prospective employees. "Even when human resources thinks the pay is generous," one CIO told survey takers, "it is not enough."
According to the study - Cyber In-Security: Strengthening the Federal Cybersecurity Workforce - more than half of CIOs, CISOs, IT hiring managers and HR professionals expressed dissatisfaction with their ability to compete with the private sector for qualified candidates. "There are some industries you can't compete with for salaries," one agency HR professional said.
Even when human resources thinks the pay is generous, it is not enough.
Even new hires expect higher salaries than the government offers. The study cites a survey by UniversumUSA of 40,000 undergraduates, and those interested in IT security expected a salary of $57,000 a year; the best the most agencies can offer is about $45,200 for someone with a bachelor's degree graduating with a 3.0 grade point average.
And, it's not just recruiting that's being hurt. Keeping qualified cybersecurity experts is tough when higher pay can be found in industry, including firms that provide IT security contracting services to the government. Low salaries and a lack of advancement opportunities drove employees away, CIOs and CISO said.
The pay problem isn't universal throughout government. Intelligence agencies and agencies not tied to the government's general schedule pay scale have more flexibility that makes them more competitive in attracting qualified IT security experts, the report said.
And, working for the federal government has its benefits, even at lower pay. The government is seen as providing better work/life balance than private employers.
"Savvy agencies create compensation packages that take full advantage of non-financial benefits," the report says. "Many applicants at all experience levels are eager to 'make a difference.' ... When the critical importance of cybersecurity work is emphasized and other benefits are explained, government is more competitive.
"As several new employees told us when we asked them why they continue to work in cybersecurity for the federal government, despite the lure of the contractor world, they stay because, 'It's fun!'"