By C. Todd Lopez
WASHINGTON (Nov. 14, 2019) -- Pay matters, but sometimes the mission is itself a big draw. That's the case for at least some who are hired on to do cyber protection work within the Defense Department, the deputy chief information officer for cybersecurity and chief information security officer said today in Washington.
Jack Wilmer said industry can pay more for cyber professionals than can the government. "The interesting thing we have, and what I've found when I talk to most of the folks in our organizations across DOD, is that obviously what brings people to the DOD is not going to be the salary -- but it is that mission. It's people that like a challenge, that want to be able to go up against some of the world's best cyber actors and want to be able to have an opportunity to try to defend against those attacks, and contribute to our other missions as well," he said.
The DOD mission itself, Wilmer said, for those who join in uniform and for those who become involved as a civilian, "is much more compelling than anything we can do salarywise."
Speaking during a forum on the federal workforce, Wilmer discussed challenges to recruiting and retaining talent for the cyber mission within DOD.
He said one area the department has made great strides in is recruiting. The DOD Cyber Excepted Service Personnel System, he said, has allowed the department to reach out and recruit some of the best and brightest.
The authorities granted by Cyber Excepted Service Personnel System have been rolled out already to agencies like U.S. Cyber Command, the Defense Information Systems Agency, and most recently the Navy and the Marine Corps this summer. One benefit is shortening the amount of time it takes to bring a new hire into federal service.
"They were able to take the average time to hire from 111 days down to about 44," he said. "Anything that we can do to help shrink that down is going to increase the likelihood that people will actually join our organization. That's a huge win in terms of being able to leverage those authorities to be able to bring people in faster, that frankly, we run into fewer cases where a person accepts a job initially, but because it takes so long to actually bring them on board they end up finding another opportunity before they can join our organization."
Another avenue for bringing in new talent is retraining existing federal personnel, Wilmer said. The department has some 70,000 cyber professionals, but he said there are thousands of positions open that need to be filled. Looking inward -- even at those who aren't currently doing cyber work, is an option.
Wilmer pointed to the federal CIO Council's efforts to bring existing federal employees into the cyber workforce. The "Federal Cybersecurity Reskilling Academy" provided two cohorts of federal employees with hands-on training in cybersecurity.
"We've already sent a number of DOD people through that program and I'm really excited to see where that program can take us," Wilmer said. "People compete for it. They basically apply with their background, take some basic skills tests and those that seem like cyber might be a good fit for them are able to then apply for some of the new opportunities."
Diversity in hiring also matters for the department, Wilmer said. Given the complexity and variety of what adversaries are doing in terms of their attacks, he said, a good defense is implemented by a diverse defenses force.
"When you look at what our adversaries are actually doing, the approaches they are taking, they really do have some very clever and creative things they are doing," Wilmer said. "If we only have a set of people that all think kind of the same way and were taught and grown up the same way, we're probably not going to be able to come up with the right set of things the adversary might try to use against us. So diversity in terms of recruiting is really important for us."
Wilmer said bringing more women into the federal cyber workforce, on both the military and civilian side is important. "But diversity as a whole I think is a really important aspect."