Workforce
DHS is poised to remake
cybersecurity hiring
The CybersecurityTalent Management System has been years in the making, but DHS officials say it will finally come online this year
BY NATALIE ALMS AND JUSTIN KATZ
Since the beginning of the year, there has been an alarming increase in the cadence and severity of cybersecurity threats. They include the supply chain attack waged via SolarWinds’ Orion platform and attributed to Russia’s Foreign Intel- ligence Service and a China-linked cyber-espionage attack that exploited flaws in Microsoft’s Exchange Server email software.
President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity, issued in May, mandates improved cyber hygiene and puts gov- ernment contractors on the hook for reporting breaches. However, experts say the presidential command cannot counter a workforce shortage that is exacerbated by the government’s anti- quated hiring system.
In an initiative that has long been in motion, the Department of Home- land Security and the Cybersecurity and Infrastructure Security Agency are finally poised to advance a series of policy changes to reduce the time it takes to hire cybersecurity profes- sionals, redefine how DHS evaluates cybersecurity skill sets and facilitate competitive pay rates.
Before launching the Cybersecurity Talent Management System (CTMS), DHS must publish the rules for public
comment. That is scheduled to occur in September, said Travis Hoadley, director of innovation in DHS’ Office of the Chief Human Capital Officer, in an interview with FCW.
But why is DHS just now bringing online a system it was authorized to cre- ate in 2014, when Biden was still vice president?
“We have to roll out a fairly significant human capital system, completely doing away with the existing General Sched- ule that we have used” for decades, Acting CISA Director Brandon Wales told lawmakers in May. “That required a large-scale rulemaking effort that is finishing up now. It’s taken longer than anyone wanted, but it appears that we are on the cusp of getting the program live and we’re ready to use it.”
Fiscal 2022 budget justification docu- ments indicate that DHS has a goal of hiring 150 cybersecurity professionals in fiscal 2021 and an additional 150 in fiscal 2022. The budget documents also show the impact of the delays in field- ing CTMS: A chart noted that DHS was supposed to bring in 109 cybersecurity professionals in fiscal 2020, but the actu- al number of hires that year was zero.
DHS officials are determining what skills and positions they will prioritize once the system is live, Hoadley said, adding that DHS views it “in the cat-
egory of a civil service reform pilot.” Officials plan to onboard the first hires under the new system by the end of this calendar year.
All this is happening in an extreme- ly tight labor market. According to the latest data from the National Institute of Standards and Technology’s Cyber- Seek project, there were approximately 36,000 unfilled public-sector cyberse- curity jobs from April 2020 to March 2021. In that same time period, Cyber- Seek estimated that a total of about 60,000 workers were employed in such positions.
Building a 21st-century system
CTMS has its roots in the Border Patrol Agent Pay Reform Act of 2014, which gave the DHS secretary the authority to establish a new personnel system for cybersecurity jobs. The broader outlines of CTMS in its current state took form in 2019, but the system has experienced delay after delay in its implementation.
One key provision allows DHS to hire cybersecurity professionals under the excepted service, as opposed to the competitive service (which governs the majority of rank-and-file federal employees and has specific rules for hiring, firing and pay) or the Senior Executive Service (which applies to high-level administrators and has its
40 June/July 2021 FCW.COM