Disconnect Exists between CISOs, HR Recruiters

Views Differ on Quality of Government Cybersecurity Recruits
Disconnect Exists between CISOs, HR Recruiters
A disconnect exists between federal government CIOs, CISOs and IT hiring managers and the human resources professionals charged with finding qualified candidates with cybersecurity skills, according to a just-published report.

The report, Cyber In-Security: Strengthening the Federal Cybersecurity Workforce from the Partnership for Public Service, concludes that IT managers are less satisfied than their HR counterparts with the quality of cybersecurity recruits and the time it takes to hire IT security personnel.

"The human capital management process is broken; operations and HR people should be joined at the hip and collaborate across the government," the report quotes Norman Lorentz, former chief technology officer at the White House Office of Management and Budget.

Indeed, one third of chief information officers, chief information security officers and IT hiring managers surveyed for the report expressed unhappiness with candidate quality vs. 10 percent for HR managers. Sixty-one percent of HR managers vs. 40 percent of IT managers expressed satisfaction with candidate quality (see chart).

The report highlights the differing views on this disconnect. Here's one side:

"A frustrated CIO at a major government department said his HR people 'don't know the difference between good and bad candidates. They don't get it. We don't have enough good people. They just don't get it unless they are enmeshed in our world.'"

And, here's the other side:

"An agency HR official said hiring managers and CIOs 'don't always understand that it must be a fair and open application process.' HR professionals are often forced to be the guardians of multiple rules, regulations and procedures, which are perceived by many as barriers to timely hiring decisions."

The frustration IT executives and HR professionals expressed with one another is even more intense with the Office of Personnel Management. The survey takers asked, "When it comes to identifying and recruiting qualified candidates for your cyber/information security positions, how satisfied are you with the level of collaboration between your organization and OPM?" Of the respondents, 41 percent of the CIOs/CISOs and 38 percent of HR managers reported being either dissatisfied or very dissatisfied at the level of collaboration with OPM. From the report:

"Much of the dissatisfaction with OPM seems to stem from difficulties obtaining or using 'direct hire authority' (DHA) for cybersecurity positions. In 2003, OPM provided government-wide direct hire authority for Information Technology Management (Information Security), GS-2210, GS-9 and higher jobs. DHA can be declared for jobs where there is documented to be a critical hiring need or severe shortage of candidates. Using this authority, an agency can hire without regard to competitive ratings and rankings, veterans' preference, and other procedures."

The report contends that federal cybersecurity leaders feel major government departments seek wider authorities to recruit and hire specialized cybersecurity talent. Still, OPM must balance its responsibilities to protect the merit hiring process and assure compli;ance with hiring regulations with the need to help agencies identify the talent the need, an often difficult balance, the report says. It's a challenge understood by Angela Bailey, associate director of OPM's Center for Talent and Capacity Policy. As cited in the report, Bailey recognizes the frustrations agencies have with recruiting IT security talent:

"It is made even more difficult when the term 'cybersecurity' means different things to different leaders/agencies. A step in the right direction is to pull all of the interested parties together in one room and define cybersecurity."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.