Creative Solutions for Developing the Public Sector Cybersecurity Workforce
By Gregory Crabb, CISO, VP, United States Postal Service
The Postal Service’s cybersecurity organization is committed to confronting the cyber talent shortage head-on. By defending against cyber intrusions, our cybersecurity organization protects over 600,000 dedicated career and non-career employees and every American who relies on the mail to ship important items, conduct business, and correspond with loved ones. To fulfill our mission, we need talented cyber professionals, no matter the global cyber talent shortage or the hiring challenges facing the public-sector.
Over the past few years, the Postal Service took several actions to develop and grow its cybersecurity workforce. We implemented new talent acquisition strategies for attracting the most qualified candidates. We pursued motivated candidates who bought into our critical and indispensable mission. And we developed recruits with industry-leading cybersecurity training programs focused on tomorrow’s–not yesterday’s–cyber defense practices.
"By hosting open hackathons (cyber competitions), offering internships, and partnering with other organizations to administer rotation programs, organizations can broaden their outreach to recruits"
While we have made significant progress combating the cyber talent shortage, more work needs to be done at the Postal Service and across the public sector to identify and properly develop cybersecurity talent. To overcome workforce hurdles, federal cybersecurity organizations should take steps to: (1) creatively identify and recruit cybersecurity talent; and (2) proactively develop existing cybersecurity talent to be responsive to changing threats.
I. Identifying Talent
Organizations should be creative in sourcing cybersecurity talent. As with any nascent industry, academia has yet to catch up with the professional demands of cybersecurity. Fewer than 25 percent of information technology hiring managers believe collegiate cybersecurity programs prepare students for cyber professions. As such, cybersecurity organizations should consider applicants without a formal cybersecurity education. Candidates from a range of backgrounds who possess an aptitude in problem solving, intellectual curiosity, and a willingness to learn may be just as capable as those with cybersecurity degrees. By hosting open hackathons (cyber competitions), offering internships, and partnering with other organizations to administer rotation programs, organizations can broaden their outreach to recruits.
Public-sector organizations should also look for talent within their agencies or other similar agencies, which can expedite the costly, time-consuming background check process. Accordingly, the Postal Service hosts a yearly Cybersecurity Awareness fair where attendees from across the Postal Service with an interest in cybersecurity are encouraged to apply for open positions. The Postal Service also sponsors rotation and detail programs that give employees from around the Postal Service opportunities to explore cybersecurity. And when looking for new recruits, we also make sure to attend government, ex-military, and “clearance only” career fairs.
Understanding that the field of cybersecurity changes rapidly and personnel needs fluctuate, organizations should also consider supplementing internal resources with quality contingent workforce options. At the Postal Service, we use Indefinite Delivery/Indefinite Quantity (IDIQ) contracts to bring on talented workers on an as-needed basis and make sure we always have access to new, fresh perspectives.
II. Developing Talent
The evolving nature of cyber threats means once-critical skills become obsolete quickly and new talent demands emerge overnight. To combat this trend, the Postal Service offers an annual 17-week training program in conjunction with Carnegie Mellon University to provide our cybersecurity employees with instruction on a range of cyber subjects. By administering on-the-job training that can be easily modified to incorporate new and in-demand skill sets, cyber organizations ensure employees possess the skills needed to defend against changing cyber threats. Regular cybersecurity training also bolsters talent retention. Industry-wide, almost 50 percent of cybersecurity workers cited a lack of training as a major factor in changing jobs.
Finally, even organizations committed to workforce development sometimes feel the effects of the cyber talent shortage and must consistently reevaluate and rededicate their programs. That’s why on top of our previous efforts, the Postal Service has committed to adding over 50 new cybersecurity employees over the next four years–focusing on resources with security clearances and specialized skill sets. By identifying and attracting the right candidates and developing a staff that’s responsive to emerging threats, government organizations can overcome the challenges facing their cyber workforces.