All Parties Pitch in to Build a Cyber Workforce
Acting strategically and tactically is essential for training and retaining.
Schooling at an early age, an appeal to patriotism and a government program that trades tuition support for public sector work may be necessary to produce the skilled cyber professionals so badly needed across the spectrum of technology jobs in the United States. While the current number of cyber workers is woefully insufficient, the demand increases. For government, the cyber threat escalates daily. For industry, cyber applications proliferate constantly.
Ironically, while the private sector can outbid government for scarce cyber workers, the federal government may have an edge in recruiting talent. Experts say that most young people entering the cyber realm are enticed by the challenging and exciting work that defines government cyberspace operations.
The shortage of skilled cyber workers is the biggest challenge facing both industry and government, says DeEtte Gray, president of U.S. operations at CACI and chairwoman of the board of directors for AFCEA. Both sectors compete for the same skill sets in the same manner that dot-com companies vied for software developers 20 years ago.
Philip O’Reilly recently completed work as chief technology officer for the Federal Group at Brocade Networks and general manager for the data center practice at Extreme Networks. He offers that the staffing challenges facing the cyber workforce is not a new problem. It existed when the workforce focused on networking technology, and the challenges are well understood.
Today, he says, the main problem is that capabilities in the cyber realm are new and constantly evolving. The education system, particularly at the university level, has been reluctant to begin the development of people with these skill sets. Calling this a missed opportunity, O’Reilly said it should have happened 20 years ago. Now, the entire technology sector faces the problem, but it is most acute on the government/military side.
“The reason is simple economics—supply and demand,” he states. “With a very limited number of skilled resources, the value of those resources goes up dramatically to the point where the private sector can compete significantly more effectively for these scarce resources—trained cyber experts—than the public sector can.”
O’Reilly wants university environments to create governmental partnerships. “The government can play a pretty profound role in directing the university and academic sectors toward certain things—by maybe less stick and more carrot in terms of incentivizing universities to fast-track these programs,” he suggests.
Gray points out the community colleges can be a valuable resource in this effort. “Some of the skills you’re looking for don’t necessarily require a four-year degree,” she notes. Community colleges can offer both cyber classes and cyber activities to institute and maintain interest among students. Industry already is teaming with academia for cyber education on a limited basis, and government can step up with greater efforts to promote cyber education at community colleges.
O’Reilly suggests that another way to interest students in cyber and then transition into public sector jobs is for the federal government to provide financial incentives for study. He envisions a program similar to those that entice doctors or dentists to work for the government or serve regional needs by funding their medical school tuitions. For cyber professionals, government might pay off some of their student debt or even provide full scholarship aid for earning an undergraduate degree in a cyber field in exchange for the promise to work in the public sector for a fixed number of years.
“The federal government has the opportunity to incentivize people not only to study the subject but also to go into public service—sort of like a digital Peace Corps,” O’Reilly says.
“The generation that grew up with STEM as a core educational process is now reaching high school and early college years,” he continues. “These are the people that are going to be the most likely to take up these careers, and this would be the opportunity to incentivize them to make this transition.”
Gray states that fueling the cyber workforce pipeline must begin at the elementary school level and continue through middle school and high school. Math and science are the two basic educational curricula that will provide future cyber workers, and these two disciplines must be emphasized as early as possible. “We need more students to get excited about STEM education in math and science,” she says. “Getting children interested about going into cyber is something we have to start early on.”
O’Reilly believes that cyber education should begin in first grade. This will lead to young students who are comfortable and facile with the topic and its material. “These are the people who will take the next step,” he says.
One focus needs to be on teachers. Gray suggests that the government should endeavor to staff schools with teachers who have some degree of cyber education.
Gray compares today’s cyber challenge to the one the United States faced in the wake of the Soviet Union’s successful Sputnik launches in the late 1950s. U.S. efforts to equal those feats at first fell short, and the Eisenhower administration launched a nationwide effort to spur math and science education at all levels. Ten years later, Americans were walking on the moon, and the impact of that effort lasted for many more years. The same challenge confronts the country today, and government should take greater steps to promote cyber education at all levels to meet it, she says.
“It’s not going to go away anytime soon, if ever,” she says of the cyber workforce shortage. “An initiative at the national level would greatly help strategically over a long period of time. We need to do more.”
For the short term, government has both a greater challenge and an untapped asset that it can use to bring in good people for the cyber workforce. “Government starts behind to begin,” O’Reilly notes. Industry can offer greater flexibility and higher pay. Also, government agencies often put up barriers to information exchange even among professionals in the same field.
Government agencies need to be more flexible, agile and team-oriented toward their cyber workforce, he continues. If government offers an environment in which young cyber professionals perceive themselves as part of a team and view problems more broadly than traditional, confined-box constructs, these people will be more attracted to public sector service, O’Reilly suggests.
And that approach will dovetail with one asset government has to offer—the quality of the challenge. “There is almost unanimous agreement that the mother lode of developing capabilities is in the public sector,” O’Reilly says. “The problems there really have the most profound potential impact.” Government cyber work offers the potential to far outstrip its private sector equivalent in importance and quality.
This should be a strong selling point for government, he continues. It offers far more intriguing and exciting challenges for cyber professionals than the private sector. O’Reilly notes that the current generation of cyber professionals entering the workforce are enticed by tasks that they find challenging and different from mundane work in their field.
A related approach would be to emphasize service to the nation. Younger people today have a more positive view of being an American than did their baby boomer progenitors, O’Reilly posits. Government should tap this attitude of patriotism by presenting the public sector cyber workforce as a way to fundamentally contribute to the nation’s well-being as either a civilian or a military recruit. “At the end of the day, I think that’s an important piece that might be of some value in attracting and retaining talent,” he states.
Gray offers that both government and industry strive to attract cyber workers by being the employer of choice. Government has an advantage in that it can offer more challenging jobs, as can some businesses that provide cyber service to the U.S. government. Within companies, workers want to perform challenging work and improve in their profession. So commercial employers must offer competitive professional packages to retain their workers.
“Interesting work is something unique that the government and the federal industry market can provide that sometimes commercial companies can’t,” she says of the national security arena. These interesting and challenging missions help draw and retain some cyber workforce talent, she adds.
“In a lot of technical areas, people want to support the mission,” Gray says. “So, for them, the number one thing is not compensation.” And the number one thing that people entering the cyber workforce want is challenging work, she emphasizes.
This does not remove compensation as a factor in recruiting this generation of cyber professionals. Government must be able to offer at least a comparable compensation package that would satisfy workers being enticed by private sector salaries, Gray says.
O’Reilly emphasizes that today’s cyber workforce challenge is viewed as a software problem. It is, in a manner, but that distorts the perspective of who can fill these roles. Many government agencies post job descriptions that he describes as too narrow—requiring a four-year degree, a two-year master’s degree and 10 years’ experience in cyber coding, for example. This disqualifies many people who would be able to carry out the job requirements effectively.
Drawing on his decades of technology expertise, O’Reilly offers that government can obtain what it needs from people working in related areas. “A typical network engineer, viewed by [a government official] as someone that programs routers or switches, is doing work that is software related,” he charges. “There are a lot of really skilled technical people who are thrown in the bucket of ‘traditional network technology,’ which is really perceived as a hardware activity.” Those people are inadvertently disqualified as potential candidates in the cyber area.
“But I believe that if we allowed people like that—who had the right aptitude and good basic training—to come into [on-the-job training] programs where the training occurred within the agency, you could probably attract a lot of people,” he continues. “A lot of these technical people in networking see the handwriting on the wall. They’re anxious to begin transitioning to a more software-based environment, and this is a golden opportunity to attract people like that.”
This nontraditional cyber workforce probably has 75 percent of what they need for modern cyber, O’Reilly adds. These people comprise project engineers, field engineering resources at traditional networking companies, and experts at hardware companies. The remaining 25 percent of vital skills could be filled by training when they are brought into these fields, he says.
Yet another roadblock to building the cyber workforce is clearances. Virtually every cyber job seeking a good candidate requires at least a Top Secret clearance, O’Reilly and Gray report. Most are Top Secret/Sensitive Compartmented Information (TS/SCI) or higher, they note, and both industry and government are competing for these scarce qualifications. Government must find a way to improve the clearance process—not necessarily faster, but more effectively—or this scarcity will continue.
This will require better coordination among agencies, better streamlined processes, increased funding and some degree of automation to the clearance technology, O’Reilly says. For example, social media is now a part of the clearance process, which expands the volume of data to be reviewed. Applying machine learning to sifting through this data could help the evaluation process, he offers.