Aug 27 2014

OPM’s Agenda for Building the Federal Cybersecurity Workforce

The agency is working with CIOs to implement existing hiring authorities and create a governmentwide data bank of cybersecurity positions.

When it comes to wooing white hat hackers for public service, federal agencies have more in their hiring arsenal than they realize.

While agencies don’t have pockets as deep as the nation’s top technology firms or workplace perks like free beer on tap or massages, federal hiring managers can do some things to present their agencies as serious contenders in this competitive marketplace.

Courtesy: OPM

Mark Reinhold, associate director of employment services and chief human capital officer at the Office of Personnel Management

Some agencies are taking advantage of the recruitment and retention bonuses and other hiring authorities, but the Office of Personnel Management wants to make sure all agencies are aware of the tools at their disposal. OPM is also leading the development of a data warehouse by year’s end that will help identify current and future cybersecurity positions across government.

A lot of these authorities are provided for in OPM's regulation, and it's up to the agencies to come up with their internal implementation plans for how they're going to … secure things like internal levels of approval, or if they want to impose other types of conditions,” Mark Reinhold, OPM’s associate director of employment services and chief human capital officer, told FedTech.

OPM is coordinating with the CIO and CHCO councils to educate agency executives. “We brought those two councils together for an opportunity to discuss the hiring and pay and leave authorities so that the CIOs are better informed and can apply those within their … specific [agencies],” OPM CIO Donna Seymour said in a joint interview with Reinhold.

The current governmentwide direct hiring authority allows agencies to fill IT positions designated as GS-9 or above, Reinhold explained. This allows agencies to hire any qualified candidate after giving public notice. But the authority to hire for certain positions changes based on the needs of specific agencies, and OPM evaluates the extent to which direct hire authorities are appropriate and necessary.

Building a Data Bank of Federal Cybersecurity Jobs

As of November, about 82,000 civilian positions fell under the IT management 2210 job series, Reinhold noted. That number includes cybersecurity professionals and project managers.

OPM is working with agencies to build a new data bank that will identify which of those 82,000 jobs focus on cybersecurity. While cyber jobs are primarily concentrated in the IT management job series, agencies will have to review all job series to ensure that every cyber position is coded properly. So far, 19 of 24 agencies working on the project are on track to meet the 2014 goal. OPM is working with the other agencies to get them on track as well.

Courtesy: OPM

Donna Seymour, CIO at the Office of Personnel Management

“In accomplishing this project, agencies will also be updating their cybersecurity positions with codes that revise the definitions of and taxonomy used for cybersecurity work,” former OPM acting Director Elaine Kaplan wrote in an August 2013 memo.

Based on the information OPM has received from agencies so far, about 2 percent of positions in the 2210 job series perform significant work in cyber. Reinhold expects the percentage will increase as OPM collects more data from agencies.

Hiring Incentives for Security Professionals

Seymour recalled using direct hiring authority to bring in an information security professional. “I would have probably brought this person in normally at ... step one of the pay scale, but because of their specialized experience and our critical need to fill the position to meet our mission needs, we were able to justify bumping that person up in the steps to increase their pay,” she said.

In other instances, Seymour said her organization has been able to reward new hires with six or eight hours of accrued annual leave per pay period, as opposed to the normal four hours. That’s because those individuals have private-sector experience equivalent to what they would’ve gained as government employees.

It basically allows us to treat that private sector experience [as] if it had be accrued in the federal sector, and therefore we can credit it toward our requirements for leave accrual,” Seymour explained.

It’s unclear how widely these types of authorities are used across government. And even the best government offer may not stack up to what experts can get from private firms.

“In some cases, even if you started somebody at step 10 of a particular grade, it's still not enough money,” Reinhold said. When asked about legislation that would enable the Department of Homeland Security to boost pay for its cybersecurity workforce, Reinhold said this could be one remedy to fix any pay discrepancies compared with the private sector. Hiring and pay flexibilities are done within the confines of the existing general schedule pay system, he added.

Despite the open suggestions from the larger IT community, OPM has no plans to make cybersecurity its own job series.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT