Blog
May 31, 2022
3 Ways to Attract Top Cybersecurity Talent to the Federal Government
Protect your org from cyber threats by investing in hands-on cybersecurity skills training. Learn about how you can get the most out of your training budget.
1 min read
The federal government is the largest employer in the United States, but it has struggled to compete with private sector companies to attract and retain top cybersecurity talent. The cybersecurity workforce shortage continues to be a top cyber risk in both the public and private sectors. In 2019, a senior cybersecurity official at the Department of Homeland Security (DHS) deemed the government’s cybersecurity workforce shortage as a threat to national security. In a 2020 report by the Office of Inspector General, “ensuring information technology supports essential mission operations” is one of the most serious management and performance challenges that DHS faces.
As the sophistication and complexity of cyber-attacks increase, over the last several years Congress and the White House have begun to take action to address these attacks. For example, on May 12, 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity which directs the modernization of the federal government’s cybersecurity. This was followed by swift action by Congress earlier this year, when they passed legislation revising the Federal Information Security Management Act (FISMA), which hadn’t been updated since 2014.
This modernization will be completed by implementing zero-trust architecture, secure cloud services, data-driven cybersecurity risk management, and an investment in technology and cybersecurity professionals to achieve these goals.
In the wake of the Solar Winds attack linked to Russia, the Colonial Pipeline ransomware attack, cyberattacks on Ukraine, and warnings from the White House about the potential for Russian cyberattacks on our nation’s critical infrastructure, the administration has also released best practices that U.S. businesses and agencies can follow to increase cybersecurity efforts. These critical steps include actions that require skilled cybersecurity specialists with hands-on training to complete. Yet, federal agencies struggle to attract and retain top cybersecurity talent to achieve their strategic goals, which makes it difficult to implement these changes in a timely fashion.
The number of open cybersecurity positions in the United States creeps closer to the 600,000 mark every week, with nearly 40,000 cybersecurity jobs available in the public sector. In order to fulfill the need for cybersecurity talent in the public sector, DHS launched the Cyber Talent Management System to focus efforts on recruiting the best cybersecurity talent. The upper range of cybersecurity salaries was increased to $255,800, the same salary as the Vice President of the United States. In some cases, wages can go as high as $332,100 but are still not a match for some Fortune 500 cybersecurity and IT leaders who still make double that amount.
Federal agencies won’t always win the salary competition against the private sector, and top cybersecurity professionals are in high demand. But other factors can help the public sector attract and retain top cybersecurity talent. By understanding what motivates cybersecurity professionals to stay in a position and knowing what candidates are looking for in an employer, government agencies can make their open positions more attractive to cybersecurity employees. Here are 3 ways the U.S. government can attract and retain top cybersecurity talent.
Strategies to Attract and Retain Top Cybersecurity Talent to the U.S. Public Sector Jobs
The results of a study conducted by Clearance Jobs found several reasons why cybersecurity professionals stay in their current positions and what they look for in a new employer.
The top reasons that cybersecurity professionals stay in their current positions are that they feel a sense of accomplishment from their work, a sense of purpose, and that their work matters. The ability to make an impact on the organization’s cybersecurity posture and contribute to its success are key reasons why they stay.
When it comes to a new career, professional development and training are at the top of the priority list for job seekers. The ability to learn new technologies, attend relevant conferences, and earn cybersecurity certifications are all important factors in a decision to accept a new position.
Government agencies can attract top talent by understanding what motivates cybersecurity professionals, and what they’re looking for in an employer.
Strategy 1: Offer Professional Development and Certification Opportunities
One way to make federal cybersecurity positions more attractive is to offer professional development and certification opportunities. This can be through training opportunities, covering the cost of a certification exam, and building in time for employees to work on the training and certifications as part of their job. Cybersecurity is constantly evolving, so employees must have opportunities to stay up-to-date on the latest trends and technologies.
Strategy 2: Offer Challenging Work that Aligns with Candidates’ Values and has Real-World Impact
Employees want to feel like they are making a difference and that their work has an impact on society. Cybersecurity professionals want to be challenged and have opportunities to solve complex problems. Using mission-driven messaging to highlight how your agency impacts national security can help show candidates the importance of joining your team. Include information about the types of challenges the employee will face and how their work will make a difference. If you cannot provide specifics about the types of challenges, give a general overview of the problems they will be expected to solve.
Strategy 3: Write Effective Job Postings that Focus on Candidates’ Needs
When writing job postings, focus on what the candidate will get out of the position in addition to the duties and responsibilities. Highlighting opportunities for professional development, the types of challenges they will face, and how their work will make a difference is important to make positions attractive to candidates. Use clear, concise language, and avoid using jargon or acronyms that civilian candidates might be unfamiliar with. You want to make sure that potential candidates understand what the position entails and what they can expect if they are hired.
Attracting top cybersecurity talent to the public sector can be challenging. By understanding what motivates cybersecurity professionals and using the strategies outlined above, you can make your agency’s positions more attractive and ensure that you have the skilled workforce you need to protect our nation’s critical infrastructure.
Government agencies can attract top talent by understanding what motivates cybersecurity professionals, and what they’re looking for in an employer.
As highlighted, the three key strategies for attracting and retaining top cybersecurity talent involve offering professional development opportunities, communicating real-world impact, and writing effective job descriptions.
Join the public sector organizations that trustOffensive Security to train and certify their personnel. OffSec’s rigorous, best-in-class training has a proven track record of assisting U.S. government organizations and military branches in responding to cyber threats.
About the Author
Dr. Heather Monthie is a leader in Cybersecurity and IT education dedicated to developing workforce-ready professionals for the future. With a diverse background in education, leadership, and technology, she has worked with various businesses and educational institutions to develop successful cybersecurity education programs. She has served in various leadership roles within organizations that are committed to cybersecurity and STEM workforce development. She currently serves as the Head of Cybersecurity Training, Education, and Innovation at Offensive Security.
Latest from OffSec
Enterprise Security
What is Threat Intelligence?
This article explores threat intelligence, its purpose, types, and how organizations can leverage it to enhance cybersecurity.
Sep 27, 2024
9 min read
Insights
Mental Toughness in Cybersecurity: Preparing Teams for High-Pressure Situations
Mental toughness helps cybersecurity teams improve decision-making, collaboration, and resilience, enabling them to perform under constant pressure.
Sep 20, 2024
7 min read
Enterprise Security
The Role of Leadership in Cultivating a Resilient Cybersecurity Team
Learn about the role that leadership plays in cultivating a resilient cybersecurity team.
Sep 13, 2024
5 min read