The U.S. is facing a severe shortage of cybersecurity expertise, and agencies need to rethink their hiring methods if they want to keep up their digital defenses, according to the Homeland Security Department’s cyber chief.
“There’s not enough capability to go around,” said Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency. ”There’s no question there’s a security consolidation happening—particularly with some of the big tech companies, the rich are getting richer.”
As cyber talent gravitates toward higher paying, more flexible jobs in the private sector, the government must look beyond its traditional employee pools, Krebs said Thursday at the Forcepoint Cybersecurity Leadership Forum. And his agency is already broadening its sights.
In a field like cybersecurity, real-world experience could be just as valuable as any degree or credential, but the government’s current hiring process may overlook those with less traditional backgrounds, he said. The current schedule system also lumps together every cyber specialist into a single job code, which “doesn’t work” when building a workforce with such a wide array of specialities, he added.
A personnel system set to launch later this year could help Krebs and other federal tech leaders bring on specialists who might otherwise fall through the cracks.
The Cybersecurity Talent Management System, first announced in the White House’s 2018 reorganization plan, would allow Homeland Security to speed up the hiring process, offer more competitive salaries and attract more people from nontraditional educational background. According to its most recent budget request, the department plans to use the additional authorities to hire at least 150 people by the end of fiscal 2020.
Once the department works out the kinks in the new system, it will work with the Office of Management and Budget to roll it out at agencies across government.
The system “gives me those capabilities to hire people based on their skill sets, not what’s on a piece of paper,” Krebs said. “I need a different set of hiring authorities and that’s part of what we’re doing.”
The new system will also make it easier for the department to hire cyber specialists on a continuous basis, he said, mirroring the approach taken by the intelligence community. People may drop out midway through the hiring process, “so we’re trying to figure out how we keep … that pipeline established and just keep running people through,” Krebs said.
“I would love to be in a situation where I don’t have enough seats to put somebody,” he added. “If I’m there, that means we’ve done something right. [We’re doing] something wrong in the meantime.”