Federal agencies need to invest strategically and heavily in their benefits strategy if they’re going to successfully compete for cybersecurity talent, according to the Center for Cyber Safety and Education Global Information Security Workforce Study (GISWS).
One of the largest studies of the information security profession ever conducted, the survey of over 19,600 information security professionals included responses from 2,620 U.S. Department of Defense, federal civilian and federal contractor employees.
When asked to rate the importance of factors needed to effectively secure an organization’s infrastructure, 87 percent of federal respondents placed the hiring and retaining of qualified information security professionals at the top of the list. To retain existing information security professionals and attract new hires, federal respondents indicated that offering training programs, paying for professional cybersecurity certifications, boosting compensation and providing more flexible and remote work schedules and opportunities were the most important initiatives.
“It’s crystal clear that the government must enhance its benefits offering to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand; unfortunately, the layers of complexity involved in fulfilling that goal are significant,” said Dan Waddell, (ISC)2 managing director, North America.
Key takeaways for federal agencies
Key takeaways for federal agencies looking to attract and retain information security professionals include:
- In competing with the private sector for skilled professionals, hiring women and those from underrepresented groups should be a key component of the government’s talent acquisition strategy given that 70 percent say their organization offers a program that encourages diverse hiring in information security, compared to just 55 percent in the private sector.
- Government agencies will need to increase annual salaries of information security personnel by approx. $7,000 in order equal the annual salaries of their private sector counterparts.
- The NIST Cybersecurity Workforce Framework should be established as the foundation for workforce policy moving forward, as its effectiveness is being demonstrated by its early adoption by a considerable number of federal government agencies.
- Cloud remains the area in highest demand for training and education. As more government agencies move their data to the cloud, they must consider training initiatives to help ensure that staff across multiple roles and departments is aware of the security risks and benefits.
- There is an ongoing need for front-line experience within the federal cybersecurity workforce, with the greatest demand being at the non-managerial staff level.
- Professionalization of the workforce through certification remains strong, as 73 percent of federal agencies require their IT staff members to hold information security certifications.
“The mission of government cybersecurity professionals is critically important,” said Ron Sanders, senior executive advisor and fellow at Booz Allen Hamilton. “In today’s environment where cyber talent is scarce, organizations must recruit and train untapped talent pools, focusing on women, minorities, veterans and older workers. And while it can be difficult for government agencies to compete on salary alone when vying for these cyber warriors, they can appeal to a recruit’s sense of mission and purpose, tout the cutting-edge work being done and highlight opportunities for advancement.”