Nearly a year away from the deadline imposed by the White House to meet zero-trust goals, a third of federal agencies say they won’t have a fully staffed cybersecurity team to implement them.
Those in the tech space have joked, facetiously, that that’s where AI can come in: to do the jobs that there aren’t humans for. But in a jest there is some truth: automation and other accessible forms of artificial intelligence can help supplement hiring efforts or at least relieve IT teams of rote processing to focus on more involved projects.
“I think automation, artificial intelligence — those are things that are absolutely going to help those folks do more with the resources they do have,” said Cody Cornell, chief strategy officer at Swimlane, a supplier of automation software to industry and government. “I’ve spent almost two decades at this point working in security, and I’ve never been fully staffed and never really expected that I would [be], I think what people need is some mechanism of a force multiplier.”
More than 80% of federal agencies report having vacancies on their IT security teams, according to a survey of 106 security professionals and executives at U.S. federal agencies by Swimlane. The Federal CIO Council also found in a 2020 report that nearly two thirds of the government IT workforce is over 40 years of age.
That’s not surprising, survey authors said, given IT talent shortages plaguing almost every sector, but for federal agencies that are at a competitive disadvantage because of pay and slow onboarding processes, insufficient staff makes it difficult to achieve many of the cyber goals being demanded of them by the President and Congress.
“If you’re trying to get a program in place, and you’re trying to do something on a timeline, but you just can’t even get the people to do the work, that’s a really difficult spot to be in,” said Cornell.
Meanwhile, agencies are still being expected to jettison aging IT that’s weighing them down, modernize programs to improve customer service and cut back on manual processes to free up the few employees they do have. To do all that amid a struggle for talent, they have gotten creative, whether it’s hiring workers out of retirement to work on ancient systems only they know, leveraging special salary rates or eliminating college degree requirements to broaden the applicant pool.
Still, not all of those are quick fixes.
“I think that’s why people are looking at automation, they’re looking at AI because they basically have resigned themselves to the fact that they’re never going to be able to hire the people that they’ll absolutely need,” Cornell said. “And they need alternatives to help them close that gap.”
More than two-thirds of survey respondents also said it takes longer to fill a security position now than it did two years ago.
The survey doesn’t provide granular data on why that is, but Cornell said anecdotally, the shift from remote work to in-person work post-pandemic may be driving some difficulties behind recruiting workers to agencies.
Government also has less autonomy to change workplace policies than private sector firms do, which means if a contract specifies the work will be done in person, then that contract is obligated to get people back on site, he said.
Molly Weisner is a staff reporter for Federal Times where she covers labor, policy and contracting pertaining to the government workforce. She made previous stops at USA Today and McClatchy as a digital producer, and worked at The New York Times as a copy editor. Molly majored in journalism at the University of North Carolina at Chapel Hill.