National Cyber Director Chris Inglis speaks at the Council of Foreign Relations on April 20, 2022. Drew Angerer/Getty Images
Sign up for our newsletter.
An expert panel is calling on the White House-based Office of the National Cyber Director to steer a governmentwide cybersecurity workforce strategy to address long-standing workforce shortages.
The report, issued Thursday, comes from an offshoot of the congressionally chartered Cyberspace Solarium Commission called CSC 2.0, housed at the nonprofit Foundation for the Defense of Democracies.
It's a "blueprint to help address the problem," CSC 2.0 co-chair, Rep.Mike Gallagher (R-Wis.), told FCW.
The panel wants National Cyber Director Chris Inglis to use his position to review agencies' cyber budgets, revamp hiring mechanisms across the government and potentially even work with Congress to establish expected service authorities for cyber personnel across the government.
"I think we should be concerned about the jobs that have cyber [or] IT in them that go unfilled," said Inglis, himself a member of the original Solarium Commission, during a Thursday panel discussion held by the Foundation for the Defense of Democracies.
His role, he continued, is making sure that authorities and resources are aligned across the government.
"We have to make sure we first have a strategy that defines what's missing," Inglis said. "We then have to make use of all the parts that are already there and connect them to that strategy."
There are nearly 600,000 cyber job openings nationwide, and for the government alone, there are almost 39,000 job openings, according to the National Institute of Standards and Technology-based CyberSeek.
Currently, the government's strategy is ad hoc. Federal hiring practices are onerous, and degree and level of experience requirements for jobs often block out entry-level hires. The government's existing cyber workforce is also less diverse than the rest of the federal workforce.
As with another cyber workforce report issued this year by a different expert panel at the National Academy of Public Administration (NAPA), the latest recommendations call on Inglis to coordinate existing, disparate efforts with new leadership and coordination structures.
One key focus is chronic problems with actually hiring cyber workers into government using antiquated and bulky processes.
"We all know how many jobs we'd like to fill, but there aren't any vehicles, or many vehicles, that essentially would take that aspiration and meaningfully assist people" to be hired into government jobs, said Inglis, continuing to point to qualification requirements and saying that the government needs to be more flexible and invest in early career hires. "People who show up today at the front door of a government organization with a bachelor of science in computer science, but no experience in hand, typically are turned away," he said.
The report's authors recommend various fixes, such as working with the Office of Personnel Management to modernize cybersecurity job codes or expand existing direct hire authorities.
The preference is a third option, though, something report co-author and CSC 2.0 director, Mark Montgomery, called the "Rosetta Stone."
That recommendation is that Inglis push Congress to authorize governmentwide excepted service authorities for cyber personnel, a category distinct from the competitive service -- the majority of rank-and-file feds, governed by particular civil service rules for hiring, firing and pay -- or the administrators of the senior executive service.
The report references the Department of Homeland Security's Cybersecurity Talent Management System, an excepted service system for cyber professionals that launched last fall, but has struggled to scale, only onboarding in a few new hires thus far.
The Department of Defense has similar hiring authorities.
"In essence, this option would take the authorities that underpin CTMS and CES and expand them to the whole of the federal government," the report states. "This option would maximize the federal government's flexibility in hiring and managing cyber talent, by creating systems built for the cyber workforce."
Such a move would likely face opposition, Montgomery said Thursday.
"This will be tough. There will be people who fight this both in Congress and in federal government organizations. And it's going to cost money, but … no one ever thought fixing federal cybersecurity workforce was going to be a cheap endeavor," he said. "We really do have to come up with a new hiring mechanism."
The recent NAPA report also referenced CTMS, saying that it should be evaluated and, if successful, scaled to other agencies.
The CSC 2.0 also pushes Inglis to use his office's congressional mandate to assess the effectiveness of cyber policies and annual budget proposals from agencies, and the double-hatting of one top official, Chris DeRusha, as the deputy cyber director and federal chief information security officer out of the Office of Management and Budget, to "review and align" agencies' cybersecurity workforce budgets alongside OMB.
Finally, one of the top challenges is data about the government's cyber workforce, which is inconsistent and siloed within agencies, said Montgomery.
The NAPA study recommended a cybersecurity data bureau, while this latest report calls for Inglis to focus accountability for existing data mandates and for Congress to extend and amend the law governing data collection on the government's cyber workers, the Federal Cybersecurity Workforce Assessment Act of 2015.
NEXT STORY: Why Commerce went against Microsoft on rule to control cyber exploits
Do Not Sell My Personal Information
When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.
Strictly Necessary Cookies - Always Active
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
Sale of Personal Data, Targeting & Social Media Cookies
Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link
If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.
Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page. Save Settings
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.
We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.
We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.
Help us tailor content specifically for you: