Higher pay, less red tape: U.S. launches effort to recruit talent to fight cyberattacks
Seven years after Congress first directed the Department of Homeland Security (DHS) to build a federal recruiting tool aimed at courting professionals to help guard the nation against cyberattacks, the Cyber Talent Management System has launched.
The new system is designed to speed up a notoriously red-taped hiring process and offer higher pay.
Monday's launch comes in the wake of an avalanche of ransomware attacks targeting critical infrastructure, including oil and gas pipelines, and nearly a year after the discovery of Solarwinds, the Russian spy campaign that accessed more than 18,000 government and private computer networks and ultimately targeted nine federal agencies and scores of U.S. companies.
"As our Nation continues to face an evolving threat landscape, we cannot rely only on traditional hiring tools to fill mission-critical vacancies," DHS Secretary Mayorkas said in a statement.
DHS will initially post 150 "priority" jobs on Monday. Positions fall under the federal government's newest outfit, the Cyber Security Infrastructure Agency (CISA), created in 2018, as well as DHS' Office of the Chief Information Officer.
An interim final rule, when finalized, will allow DHS to hire cybersecurity professionals in 2021 at salaries of up to $255,800 — equal to the vice president's salary — and in special circumstances, with an "upper limit of 150% of EX-I" or $332,100. DHS plans to use "competency based assessments" as part of its hiring criteria.
"We built these to test real skills that we actually need at DHS," a senior homeland security official said, describing new simulations designed to quiz potential recruits on everything from network forensics to incident response. "These [assessments] test actual skills versus how well applicants can put together a résumé."
There are nearly 500,000 vacancies for cybersecurity jobs nationwide, according to Cyber Seek — a tech job-tracking database from the U.S. Commerce Department — and the trade group CompTIA. More than 1,500 of those empty positions can be found within the federal government, senior homeland security officials estimate.
Since this past summer, DHS has hired nearly 500 cybersecurity professionals.
One area the federal government has struggled: Recruiting a young, diverse workforce. According to Office of Personnel Management data, approximately 3% of the federal government's IT workforce is under age 30. Altogether, there are 16 times more federal IT workers over the age of 50 than there are under the age of 30.
Just a quarter of government cyber workers are women, despite making up nearly half of the federal workforce writ large. CISA Director Jen Easterly has made near daily hiring appeals via Twitter and other social media platforms.
"This is one of the reasons that I'm spending so much time as our chief recruiter and chief culture officer," Easterly told "CBS Mornings" last month. "I want to have the type of culture that will be able to reflect what it means to be inclusive, what it means to be innovative – with collaboration, trust, transparency, ownership and empowerment. And really, if young girls and women see me, then they can see themselves in the cyber space."
Other organizations are helping to unclog the pipeline of diverse cybersecurity talent into the federal government, ranging from the Girl Scouts to the nonprofit Partnership for Public Service. But in the wake of high-profile ransomware attacks like the forced shutdown of Colonial Pipeline and JBS meat processing plants, experts concede the government is still playing catch-up.
"It's a different world, and our government hasn't kept up," Max Stier, head of the Partnership for Public Service, told CBS News. The basic compensation system across the entire government is fundamentally out of step with the nature of work and professional labor market.
And while the federal government hopes to recruit cyberexperts with a range of expertise — including "white hatters" — all new hires will remain subject to federal background tests, posing potential obstacles for former hackers.
Since 2014, DHS has received a whopping $62 million to create the new recruiting system, with an additional $16 million requested in Fiscal Year 2022 to launch and administer the program.
Meanwhile, federal agencies responsible for safeguarding the security and personal data of millions of Americans earned a C- report card earlier this year, part of a 47-page audit by the Senate Homeland Security Committee.
The report found eight critical agencies, including DHS), the State Department and the Social Security Administration, are relying on outdated systems, ignoring mandatory security patches and failing to protect sensitive data such as names, date of birth, income, Social Security numbers and credit card numbers.
In 2020, the White House reported 30,819 information security incidents across the federal government — an 8% increase from 2019. Ransomware payments reached over $400 million last year, according to the FBI.
Cybersecurity experts hope the new recruiting tool marks the first of many moves by the federal government to treat cyber as a top national security priority.
"This is not a tech issue. It's not even a staff issue," Stier said. "This is a much larger question about strategic prioritization and recognition of a fundamental risk that cuts across pretty much everything that we do. And we need to treat it as such. And I don't think we're there yet at all."