Solving the Cybersecurity Workforce Crisis Research Paper

Introduction

Government agencies have significant difficulty in hiring cybersecurity staff in the US. Ward and Subramanian (2020) named inadequate staffing in public cyber security positions as a major threat to IT security in government agencies. Bergal (2015) stated that 86% of states had trouble filling the vacant positions in IT, and 46% stated that it took between three and five months to fill senior positions. The problem is rooted in several aspects of the changing internal and external environment. First, government agencies are not always able to offer competitive salaries for IT talents. Since cyber security specialists are highly demanded in the current market, the private sector has been offering increased compensation in comparison with the government sector, which has led to decreased interest in IT positions in the public sector (Bergal, 2015). Second, the number of people that have adequate education is lower than the number of people required in high-skills positions (National Governors Association, [NGA], n.d.). There are not enough educated people to meet the needs of the current reality that requires more IT specialists.

Third, it is crucial to notice that even though many potential employees have the education required to fill cyber security positions, their level of skill and knowledge is inadequate (Loeb, 2015). In other words, current training practices of security specialists are inadequate as graduates do not meet the needs of the industry (Loeb, 2015). Finally, an aging workforce is another growing concern for IT security in the public sector (NASCIO, 2015). The problem is that many baby boomers reached retirement age, which increased the need for qualified IT personnel in the government sector (NASCIO, 2015). Thus, the government needs to address these problems to minimize cyber security risks.

Reasons for Problems with Hiring Cyber Security Personnel

Even though there are numerous reasons for problems arising with hiring cyber security personnel in the public sector, all of them can be narrowed down to five major concerns. The list of these concerns with detailed explanations is provided below.

1. The overall shortage of IT specialists in the market. The demand for cyber security personnel in the market is growing fast, and there are currently not enough specialists (Ward & Subramanian, 2020). Thus, there are not enough candidates on the market.
2. Compensation. As has been mentioned in the introduction, the growing demand for cyber security specialists caused a significant boost in the expected salaries. Even though the government recognizes IT security as a source of saving taxpayers’ dollars, years of tight budgets limited the ability of government agencies to offer competitive salaries for IT personnel (Bergal, 2015).
3. Stringent educational and experience requirements. Bergal (2017) stated that the requirements for skills, experience, and education in government agencies are very high. According to Loeb (2015), the current cyber security training system cannot prepare enough professionals to meet the needs of the industry. Combined with the decreased level of compensation and the disappearance of generous government retirement plans makes a little number of candidates that fit the criteria almost impossible to attract (Bergal, 2017).
4. Unclear career path. While government jobs have a high level of security, the lack of a clearly defined career path makes the positions in the public sector unattractive to young specialists (Loeb, 2015). Since young professionals have high career expectations, government vacancies do not attract their attention due to the lack of long-term career opportunities.
5. Lack of interest from the youth. College and high school students demonstrate a decreased interest in public service.

Strategies to Address the Problems

The present section aims at outlining strategies that can help to address the five problems described above. The strategies aim at deemphasizing compensation, as increasing compensation is one of the most obvious approaches to increasing the attractiveness of jobs (Biggs& Richwine, 2014).

1. Engaging in workforce planning. As mentioned by Bergal (2015), finding and hiring security IT personnel may require a long time. Therefore, government agencies must engage in forecasting the need for a cyber security workforce and start hiring pro-actively to reduce threats to IT security (Department of Homeland Security, 2015).
2. Rethinking the requirements for hiring. The public sector may seek alternative candidates who have shown interest in public service or demonstrated expertise in similar disciplines, such as coding (Bergal, 2017). Veterans appear to be a promising source of potential cyber security employees (Bergal, 2017; NASCIO, 2015).
3. Putting increased emphasis on a career. Government agencies need to define clear career paths for IT employees (Bergal, 2015; Molis, 2019).
4. Involving employees in recruiting. Molis (2019) suggests that employees can have recruitment cards that can be given out to potential employees. These cards are expected to boost interest in working in the government agency (Molis, 2019).
5. Engaging in private-public partnerships. Government agencies can increase the number of partnerships with higher education institutions and schools to develop an interest in both public sector and cyber security jobs (National Governors Association, n.d.; NASCIO, 2015).

Recommendations

Below is a list of recommendations designed to attract cyber security talents and reduce cyber security shortage based on the analysis provided above and recommendations from authoritative sources.

1. Decrease the requirements for hiring. The overall shortage of specialists in the industry, inability to compete with private companies in terms of salary, and inadequate training practices will lead to the inability to fill the vacancies timely (Bergal, 2017). Thus, it is crucial to decrease the requirements for hiring.
2. Partner with schools and colleges. The popularization of the public sector and cyber security industry in schools and colleges, along with creating scholarships for cyber security specialists, can help to increase interest in working as government IT specialists (Molis, 2019).
3. Develop clear career paths. Employees need to understand the opportunities that come with working for the government. Career opportunities can be increased by partnering with the private sector (NASCIO, 2015).
4. Create a functional workplace culture. Developing an employee-focused corporate culture that emphasizes life-work balance and development can retain talent, which is crucial for addressing the cyber security employee shortage (Molis, 2019).
5. Plan workforce. Ensure that the demand for employees is forecasted to proactively fill all future vacancies.

Summary

The present paper revealed that several forces affect the shortage of employees in the cyber security sector in the US. This shortage, along with other industry-specific reasons, such as lack of interest in working in the public sector and stringent hiring requirements, limits the ability of government agencies to fill all cyber security vacancies. Thus, it is recommended to decrease these requirements, partner with colleges and schools, develop clear career paths, create employee-centered workplace culture, and plan the workforce to ensure adequate staffing in these agencies.

References

Bergal, J. (2015). Hiring cybersecurity staff is hard for states. Pew.

Bergal, J. (2017). Desperate for Cybersecurity Workers, States Help Build the Next Generation.Governing.com.

Biggs, A. & Richwine, J. (2014). Overpaid or Underpaid? A State-by-State Ranking of Public Employee Compensation.

Deloitte-NASCIO. (2018). 2018 Deloitte-NASCIO cybersecurity study.

Department of Homeland Security. (2015). Best Practices for Planning a Cybersecurity Workforce White Paper.

Loeb, M. (2015). Cybersecurity talent: Worse than a skills shortage, it’s a critical gap. The Hill.

Molis, J. (2019). Attracting and retaining top talent: 5 ways to make them come to you. Triangle Business Journal.

National Governors Association. (n.d.). Aligning State Systems for a Talent-Driven Economy.

NASCIO. (2015). State IT Workforce: Facing Reality with Innovation.

Ward, M., & Subramanian, S. (2020). States at risk: The cybersecurity imperative in uncertain times.Deloitte.