Following the invasion of Ukraine and the sanctions imposed against Russian interests by NATO allies, the U.S. is on heightened cyber alert.
Concerns about cybersecurity threats posed by foreign adversaries were on the rise even before the conflict. According to the 2022 SolarWinds Public Sector Cybersecurity Survey Report, 56% of federal IT operations and security decision-makers state foreign governments are now one of the top security threats, along with the general hacking community and untrained insiders.
To combat these threats, protect American critical infrastructure and safeguard personal information, the federal government is actively seeking to strengthen its cybersecurity workforce. Agencies must find innovative ways to compete with lucrative private sector positions to do so, but it’s a perpetual challenge. In recent years, many federal agencies have seen their pool of cyber talent shrink.
Here are some best practices federal agencies can implement to better attract and retain a federal cybersecurity workforce.
Make a Case for a Rotational Cyber Workforce Program
On June 21, President Joe Biden signed the Federal Rotational Cyber Workforce Program Act into law, offering agencies a practical solution to the cyber staffing crisis—if they act proactively.
Under this new law, the Office of Personnel Management must establish a cross-agency rotational workforce development program allowing employees to work outside a single position within a single public office. The idea is that as cybersecurity professionals move across departments, agencies will benefit from knowledge transfer and collaborative efforts to address advanced threats.
The program could also be used as a recruitment and retention tool. In theory, cybersecurity professionals will gain substantial experience across different departments, enhancing career opportunities and facilitating the expansion of each person’s professional network.
The program will be open to IT, cybersecurity, and cyber-related functions. The OPM will be charged with developing policies, processes, and procedures for detailing employees among rotational positions.
Therefore, it behooves IT and security leaders to make a case for their agencies’ participation and eligibility for the program sooner rather than later.
Address the Soft Skills Gap
Today’s cybersecurity professionals have a broad range of responsibilities. In addition to technical ability, they’re often called on to display nontechnical skills. For instance, they may be required to make a business case for IT investments, resource allocation, and new risk reduction strategies. They must also collaborate and share best practices within the federal government and industry.
Unfortunately, these “soft” or “people” skills are rarely sought or fostered within the federal cybersecurity workforce. As agencies enter a new paradigm of cyber risk, they must do everything they can to address this gap and ensure employees have the soft skills to adapt quickly and easily to the future of cybersecurity and succeed in a federal career. Indeed, strengthening and empowering the high-tech federal workforce is a key goal of the Biden administration’s management agenda.
For instance, strong communication skills are essential to ensuring teams understand the criticality of a project. Each stakeholder must appreciate the technical goals of any cybersecurity initiative and how it relates to the agency’s mission and convey all this in nontechnical terms (i.e., speak “the language of the business”). This is especially important if a project impacts many staffers and cyber professionals are called on to gain broader buy-in from the rest of the agency.
Collaboration is also vital. No agency works in a vacuum, and different groups must work together to share intelligence and accelerate efforts to lock their digital doors.
Adaptability is another crucial soft skill. Change is constant in today’s world, and the pressures on federal cyber pros have been unrelenting over the past few years. After successfully helping the federal government pivot to ensure secure remote work policies, many are hoping for a return to normal. But once again, society is at an inflection point, and there’s no room for overconfidence or security apathy.
The ability to function in this ever-changing environment is becoming increasingly important. Federal cyber pros must be able to shift their thinking quickly and be willing to embrace—and thrive through—change.
Communication, collaboration and adaptability will take on new significance with the recent implementation of the Federal Rotational Cyber Workforce Program Act. As such, IT and security leaders must revisit their job requirements (even for the most technical staffers) and prioritize skills development with strategic training opportunities capable of bringing value to the organization and the workforce—and time is of the essence.
Brandon Shopp is Group Vice President, Product Strategy, at SolarWinds, a supplier of network and systems management software.