The Department of Homeland Security (DHS) is hoping to overhaul how it recruits, hires and retains cybersecurity employees with the launch of a new talent management system. The new program, which went live on Monday, includes a more streamlined talent acquisition process, a new compensation system and a heavier emphasis on career development.
The newly launched Cybersecurity Talent Management System (CTMS) has been in the works since 2014, when legislation first gave the DHS the authority to set up a hiring system that is exempt from existing rules around talent management for the federal government. The program also comes as the U.S. government amps up its efforts to defend against high-profile cyberattacks, including ransomware attacks on critical infrastructure.
The DHS said it will initially leverage CTMS to fill high-priority jobs at the Cybersecurity and Infrastructure Security Agency (CISA) and DHS Office of the Chief Information Officer. Starting next year, it said DHS cybersecurity service jobs will be available across several DHS agencies “with a cybersecurity mission.”
“Cybersecurity related threats - from ransomware to assaults on our elections and other critical infrastructure like pipelines - directly endanger our communities, our economy and our democracy,” said Alejando Mayorkas, secretary of the DHS, in a statement on Monday. “As these threats continue to grow and change, our department must remain agile enough to front them and to defend a free and secure cyberspace.”
The New Talent Management System
An integral part of CTMS is its strategic talent planning process, which gives the DHS more flexibility to adapt to changes in both cybersecurity work and the talent market. As part of this process, the DHS will continuously pinpoint evolving qualifications for personnel, analyze the cybersecurity talent market for overarching trends and administer a “work valuation system” to classify various positions.
This system allows the department to utilize methods beyond the government's traditional, more rigid hiring processes, which are based on a classification method called the General Schedule. General Schedule is a government regulated pay scale for federal employees across professional, technical and administrative positions. As part of its application process for cybersecurity employees, for instance, the DHS is including competency-based assessments, including real-world simulations, to focus on the skillsets of cybersecurity employees.
“While CTMS is an innovative approach to talent management, featuring new, specialized practices not present in many Federal civilian personnel systems, CTMS remains a merit system in which Federal employment is based on merit and individual competence instead of political affiliation, personal relationships, or other non-merit factors,” according to the DHS in an outline of the new system.
Other hallmarks of the new program include a new compensation system, starting at between $56,950 to $84,755 for entry-level professionals (such as cybersecurity specialist), and going up to $240,800 for executive-level positions (such as senior cybersecurity executives). The DHS has also bolstered its program with career development opportunities, promising employees access to regular training and professional development.
Cyber Workforce Challenges
The acquisition and retaining of cyber workforce talent has been top of mind for the DHS, which in July announced it filled 12 percent of more than 2,000 cybersecurity job vacancies across the department as part of a 60-day sprint. This included the onboarding of nearly 300 cybersecurity professionals and the extension of an additional 500 tentative job offers.
Clar Rosso, CEO of ISC2, said the DHS program's focus on professional development - as well as more competitive pay and a streamlined hiring process - are all a “step in the right direction.”
In the 2021 ISC2 Cybersecurity Workforce Study, which collected data from 4,753 cybersecurity professionals across small, medium and large organizations, almost half (42 percent) of participants said the development and retention of existing staff would have the greatest impact on shrinking the cybersecurity workforce gap. Respondents pointed to an investment in training, flexible working conditions, an investment in certifications and a focus on diversity initiatives as the biggest ways that they would address their own security workforce gaps.
When looking at CTMS, “the career development opportunities align really well with what we found in our research,” Rosso said. “In order to retain people, some helpful things that a company can do include investing in their education and professional development and helping them earn those certifications.”