The Department of Homeland Security was reprimanded for poor cyber hiring on Thursday by both the chair of the House Homeland Security Committee’s cybersecurity subcommittee and its lead Democrat.
The chair, Texas Republican John Ratcliffe, took aim at DHS for not taking advantage of all the authorities Congress gave to better recruit and hire cyber professionals three years ago.
He added DHS needs to overcome the normal slow federal hiring processes to build the cyber workforce it needs to do its job in information security.
The ranking Democrat on the subcommittee, Cedric Richmond, accused DHS of lagging behind the FBI, NSA and other cyber-focused agencies in attracting cyber talent.
“Within the federal government, we need to promote recruitment and retention programs, particularly at DHS,” the Louisiana congressman said.
He said Homeland Security needs to be more forward looking to appeal to cyber pros’ desires for professional development and a flexible work culture.
McAfee Chief Technical Strategist Scott Montgomery charged there is a “disquieting” federal cybersecurity skills gap. He noted one estimate places the number of cybersecurity positions the federal government can’t fill because of a lack of available talent at 10,000.
To make compensation more comparable with the higher salaries available to cybersecurity pros in the private sector, Montgomery said the federal government should consider offering better retirement packages and the ability to move up federal pay grades quicker than usual.
The McAfee executive said one way the impact of the gap could be lessened is through human-machine teaming.
“Machines are best at repetitive tasks, such as making calculations across broad swaths of data. Humans, on the other hand, are best at insight and analysis,” Montgomery said.
The teaming would help, he contended, because it would give humans more time to think about the motives and processes of bad actors by freeing them from simple tasks machines could perform.
Northrop Grumman Chief Information Security Officer Michael Papay claimed the federal government’s cyber workforce training is weak.
“Cyber training across the federal government is inconsistent. The federal government as a whole needs to put a greater emphasis on ensuring its employees have the cyber understanding and tools to effectively and securely do their job,” he said.
Papay added there must be a way found to give more federal government and vendor cyber experts security clearances to ease the shortage.
International Consortium of Minority Cybersecurity Professionals Strategic Advisory Board Member Juliet Okafor said the federal government has to take a more innovative approach to cyber workforce recruitment and retention, particularly to help close the growing diversity gap in the cyber field.