In the wake of the OPM breach back in June, the federal government has been scrambling to patch cybersecurity vulnerabilities across the country. Federal CIO Tony Scott ordered a 30-day sprint, which tasked government agencies with addressing known vulnerabilities and establishing multistep authentication security frameworks. But as cyber threats against the government grow more advanced, one has to wonder if the latest technology is enough?
The Partnership for Public Service’s Tom Fox doesn’t think it is. In an interview with Chris Dorobek on the DorobekINSIDER program, Fox argued in order for the government to truly shore up its cybersecurity, agencies must look beyond technology to hiring practices.
The government’s cybersecurity problem is not just rooted in technology, but also talent. Throughout their research, the Partnership for Public Service has consistently found that the government’s chief information officers and IT hiring managers are not satisfied with the public sector’s pool of cybersecurity applicants. According to Fox, only 30 percent of federal CIOs and IT hiring managers are happy with the number of qualified IT applicants applying for open positions.
“There’s a lot of work that needs to be done on the topic of cybersecurity…It’s really not the quality of the wiring diagrams that’s going to matter most, it’s really going to be the quality of the people who can stay ahead of the issues and make sure that our information is kept safe,” Fox explained. Quality work requires quality applicants, something that the public sector currently lacks.
Fox believes that recruiting and hiring the right people for mission critical occupations will significantly improve the government’s cyber practices. However, hiring and retaining IT’s most talented is no simple task. “Our recruiting and hiring processes remain too antiquated,” Fox said. In addition, the IT pay gap between the private and public sector remains significant from entry level salaries all the way up to executive positions.
According to Fox, entry-level public sector IT employees make somewhere between $8,000 and $15,000 less than comparable private sector employees. When you look at more senior levels, those gaps increase to between a $24,000 and $30,000 annual pay difference. The cybersecurity mission compels many people; however, organizations in the public, private and nonprofit sector all have cyber needs. As a result, “sometimes money matters,” Fox said. All other things being equal, IT’s most talented individuals are drawn to the private sector for its simpler objectives and higher pay.
“We really need to figure out a way to update and streamline [the hiring] process so that we get not only high quality applicants, but we also get those high quality applicants hired to do the work that we so desperately need done right now,” Fox argued.
What can agencies do to address the talent pool problem? Fox believes that agencies must become more flexible to attract and retain the very best cybersecurity talent. “Hiring managers in Human Resource offices really need to collaborate. Our research shows that there’s a high degree of dissatisfaction on the part of both CIOs with HR and HR with their CIOs,” he said. To start hiring the best people, agencies must facilitate communication among departments to first bridge that gap.
“It’s going to require not just coordination across agencies, but really coordination from the White House, the central management agencies like OMB and OPM, and then the genuine collaboration across agencies,” he said. It won’t be easy, but in a world of rapidly advancing cyber threats, it’s necessary.
While there are very talented individuals working in public sector IT, there simply are not enough of them to adequately address existing cybersecurity problems, let alone mitigate future ones. Until now, federal agencies have used a “good enough” approach to cybersecurity. However, Fox concluded, “Good enough is not an acceptable answer at this point. Given the challenges agencies face, [government] really has to have the best, most exceptional talent you can find.” To meet future cyber demands, the government must fundamentally alter its recruitment system or risk a greater cyberattack than even the OPM breaches.