Today’s typical federal cybersecurity professional is over 40 years old and a GS-13 with more than 10 years of information technology experience.
The problem: These cybersecurity professionals are nearing retirement — a third will be eligible to retire within three years — and could leave behind a young workforce lacking critical skills.
“An aging cybersecurity professional population could lead to a manpower shortage in the federal cybersecurity field, particularly in management and leadership positions,” according to a new assessment released Wednesday.
The assessment, prepared by the federal by the Chief Information Officers Council and the National Initiative for Cybersecurity Education, downplayed the possibility of employees retiring as soon as they become eligible. But the combination of decreasing budgets, pay freezes and concerns about proposed reductions in employee pensions are forcing some IT professionals to opt for retirement earlier, CIOs have said.
Nearly 23,000 employees from 52 department and agencies were surveyed for the assessment, with a large portion of participants — 36 percent — representing the Department of Homeland Security’s cyber workforce. The Agriculture Department, Navy and Defense Department headquarters also comprised a large portion of respondents.
Of those surveyed:
79 percent are above age 40. Only 5 percent are age 30 or younger.
12 percent are eligible for retirement in less than a year. Another 21 percent are eligible for retirement in the next three years.
61 percent are GS-11, 12 or 13. Less than 1 percent are senior executives.
Participants said they want more training in:
Information assurance compliance, or validating that new IT systems meet security requirements.
Vulnerability assessment and management, which includes evaluating security threats and recommending how best to respond.
Knowledge management, or properly identifying and accessing employees’ institutional knowledge.
Both government and industry have long struggled to define the cybersecurity talent they possess and to understand their hiring needs. The challenge for many agencies is that cybersecurity professionals are dispersed across numerous job series and there lacks a clear, common definition of what is a cybersecurity professional and what are his duties. For example, the CIO Council identified more than 200,000 federal IT civilian employees across 39 job series with cybersecurity duties.