Should Cybersecurity Workers Get Bonuses?

There are few federal agencies today that can offer bonuses to their best and brightest cybersecurity workers.

The State Department is one of them. Cybersecurity professionals there receive competitive pay for their skills, and “when we get good people, we can generally keep them,” said Peter Gouldmann, director of information risk programs for the State Department’s Office of Information Assurance. “That’s because we employ a retention bonus program that a lot of agencies don’t do.”

Under existing law, not even the Department of Homeland Security has this authority, despite its role as defender of the dot-gov domain. But top lawmakers are hoping to change that with legislation that would allow the DHS secretary to make direct appointments, set rates of basic pay, and provide additional compensation, benefits, incentives and allowances, according to details released by the Senate Committee on Homeland Security and Governmental Affairs.

“Hiring and retaining top cybersecurity talent for the federal government is extremely difficult,” the committee noted. “There simply aren’t enough specially trained experts to fill all of the vacant positions in government — a problem that is compounded by the fact that the private sector is also seeking critically needed cybersecurity professionals.”

The DHS Cybersecurity Workforce Recruitment and Retention Act of 2014 was reported out of committee by a voice vote May 21 and now goes to the Senate floor for a full vote.

“Our government needs the best and brightest to combat 21st century threats,” said Committee Chairman Sen. Tom Carper following the committee’s approval of the bill. “I would like to thank my colleagues for working with me to create effective legislation that will provide DHS with the personnel authorities it needs to respond to evolving threats in the digital realm.”

Engaging the Cybersecurity Workforce

Workforce recruitment and retention are among the top issues that keep Jill Vaughan, the Transportation and Security Administration’s deputy CIO, awake at night. Part of her challenge, and that of other CIOs, is how to keep cybersecurity professionals energized and engaged so that they want to stay at the agency. One perk that Vaughan offers employees is the opportunity to get professional certifications.

But keeping morale afloat in the midst of fiscal constraints and other issues can be challenging, said Vaughan, who also serves as the deputy assistant administrator for the TSA’s Office of Information Technology.

Boosting DOD’s Civilian Cybersecurity Talent

Hiring critical cybersecurity talent is not an issue for civilian agencies only. A provision in the Senate version of the National Defense Authorization Act for fiscal 2015 directs the military services to assess “whether recruiting, retention, and assignment of service members with cyber skills requires bonuses or special and incentive pays” and report their findings by January 2015.

The bill also calls for the principal cybersecurity adviser to provide recommendations to the secretary of defense for improving the Air Force’s civilian personnel support to U.S. Cyber Command. In a summary of the NDAA markup, the U.S. Senate Committee on Armed Services wrote that the Senate feels “enhanced personnel authorities are needed for hiring, compensating and promoting civilian personnel supporting U.S. Cyber Command.”

The House passed its version of the NDAA but did not include similar provisions for compensating cybersecurity talent, according to Nextgov. Both chambers would have to reconcile any discrepancies before passing a final bill.

How is your agency recruiting and retaining cybersecurity professionals? Let us know in the comment section below.