DHS Cybersecurity Workforce Needs Training, Competitive Salaries

The U.S. Department of Homeland Security needs a skilled cybersecurity workforce to protect federal networks and work with businesses, but it can be difficult to compete with the private sector for talent.

In a March 7 hearing, the House Homeland Security Committee will address efforts by DHS—the nation’s lead cybersecurity agency—to bolster its cybersecurity workforce.

Cybersecurity is increasingly important to the federal government and the private sector. DHS should offer more competitive salaries, recruit college and high school students, and train every agency staff member in order to strengthen its cybersecurity workforce, former DHS officials told Bloomberg Law March 6.

Shoring up the cybersecurity workforce should be a DHS priority, Jonathan Meyer, former deputy general counsel at DHS and now a partner in Sheppard, Mullin, Richter, & Hampton LLP’s Washington office, told Bloomberg Law.

“Not having enough people defending our country from cyberthreats can be as dangerous as not having enough people protecting our borders or doing security at airports or in the military,” Meyer said.

High Demand

All federal agencies, including DHS, need to go through a “cultural shift” to make cybersecurity training and hiring part of daily responsibilities, James Norton, former deputy assistant secretary of legislative affairs for DHS under President George W. Bush and founder and president of strategic consulting firm Play-Action Strategies LLC, told Bloomberg Law. All government positions, not just those designated for cybersecurity, should build in training to get the workforce prepared for cyberattacks, he said.

DHS recruiting for cybersecurity roles needs to include people with technical skills in addition to those with cyberpolicy experience, Norton said.

Cybersecurity is also an emerging issue in the private sector, so there is a growing demand from government and companies to hire anyone with skills in the area, Meyer said.

DHS needs to think about how to offer a competitive salary to attract skilled workers, because a federal job salary is “not really comparable for someone interested in going to Silicon Valley,” Norton said. Building a skilled cybersecurity workforce requires funding, and the timing of the hearing could align with opportunities in Congress to consider legislation allowing managers to hire more employees, he said.

Training programs for high school and college students could spark interest in government work and help forge early connections to DHSand the cybersecurity field, Meyer said.

Long Hiring Process

The agency can also improve the difficult and lengthy hiring process for federal jobs to more quickly bring in cybersecurity talent, Norton said.

The DHS Cybersecurity Workforce Recruitment and Retention Act of 2014 gave the agency authority to expedite the hiring process for cyber positions.

Congressman John Ratcliffe (R-TX), chairman of the Cybersecurity and Infrastructure Protection Subcommittee, told Bloomberg Law that he plans to ask DHS officials at the hearing when the agency anticipates using the expedited hiring authorities and why it has taken so long to implement the process.

“There are reports that those hiring authorities have yet to be used to onboard a single cybersecurity worker over the past four years,” Ratcliffe said in an email.

Federal Workforce Helps Private Sector

In addition to protecting federal networks, DHS has an often “underappreciated and overlooked” role in helping the private sector with cyberattacks and other cybersecurity issues, Meyer said. DHS sends staff to help companies respond to data breaches, and that capability is harmed if there aren’t enough trained cybersecurity staffers, he said.

DHS facilitates information sharing between the government and the private sector, as well as among companies themselves, which “helps companies better defend themselves by learning about the threats out there that others are encountering,” Meyer said. “If DHS is under-resourced, they are less able to do this work.”

The agency also sets cybersecurity standards and rules that influence the private sector. A lack of staff will “leave the private sector with less leadership and guidance on these issues,” he said.

To contact the reporter on this story: Sara Merken in Washington at smerken@bloomberglaw.com

To contact the editor responsible for this story: Barbara Yuill at byuill@bloomberglaw.com