US federal agencies need to invest strategically and heavily in their benefits strategy and in women and minority workers if they’re going to successfully compete for cybersecurity talent, new research has revealed.
According to the Center for Cyber Safety and Education’s Global Information Security Workforce Study (GISWS), a vast majority (87%) of federal respondents placed the hiring and retaining of qualified information security professionals at the top of the list of factors needed to effectively secure an organization’s infrastructure.
Yet, to effectively retain existing information security professionals and attract new hires, federal respondents indicated that offering training programs, paying for professional cybersecurity certifications, boosting compensation and providing more flexible and remote work schedules and opportunities were the most important initiatives.
Money is important too: Government agencies will need to increase annual salaries of information security personnel by approximately $7,000 in order equal the annual salaries of their private sector counterparts.
“It’s crystal-clear that the government must enhance its benefits offering to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand; unfortunately, the layers of complexity involved in fulfilling that goal are significant,” Dan Waddell, managing director, North America at (ISC)², one of the sponsors of the survey. “Thanks to the record-number of federal GISWS respondents this year, we now have substantial data that will support actionable take-aways and help move agencies closer to achieving that goal.”
The report also concluded that in competing with the private sector for skilled professionals, hiring women and those from underrepresented groups should be a key component of the government’s talent acquisition strategy. About 70% say their organization offers a program that encourages diverse hiring in information security, compared to just 55% in the private sector.
“The mission of government cybersecurity professionals is critically important,” said Sanders. “In today’s environment where cyber talent is scarce, organizations must recruit and train untapped talent pools, focusing on women, minorities, veterans and older workers. And while it can be difficult for government agencies to compete on salary alone when vying for these cyber warriors, they can appeal to a recruit’s sense of mission and purpose, tout the cutting-edge work being done and highlight opportunities for advancement.”
There is an ongoing need for front-line experience within the federal cybersecurity workforce, the report found, with the greatest demand being at the non-managerial staff level, and professionalization of the workforce through certification remains strong, as 73% of federal agencies require their IT staff members to hold information security certifications.
The study also uncovered that cloud remains the area in highest demand for training and education. As more government agencies move their data to the cloud, they must consider training initiatives to help ensure that staff across multiple roles and departments is aware of the security risks and benefits. Further, the NIST Cybersecurity Workforce Framework should be established as the foundation for workforce policy moving forward, as its effectiveness is being demonstrated by its early adoption by a considerable number of federal government agencies.