Earlier this year, the Education Department issued a request for help identifying and defining skills its future cyber workers will need, for advice on how to retain those people and for metrics to measure their success.
DHS receives thousands of applications each year, but still struggles to find enough workers to fill its 11,000-plus cybersecurity positions. The agency has developed innovative recruiting tactics:
- Capture and code: The agency’s HR team defined which jobs were related to cybersecurity in non-IT areas such as law enforcement. “We have a gap in highly specialized areas, like forensics analysis, network operations and vulnerability assessments,” Bailey explains. “Now we work hard to make sure that we are filling our most critical needs first.”
- Measure and target: Agency hiring managers advertise cyber jobs in magazines that are go-to sources for the cyber community, attend specialized cyber conferences and events, scan LinkedIn resumes to identify top candidates and fill the pipeline with college and high school students through internships.
- Attract and appeal: DHS hosts webinars featuring front-line employees to help job candidates get a sense of a typical day in the life of a cybersecurity worker. At joint hiring events, “we bring out every cool toy that DHS has,” Bailey says, including the president’s limo, FEMA response vehicles, canine teams and cyber setups.
The strategy is making a difference. DHS webinars have attracted more than 10,000 viewers each, and at a recent joint hiring event, DHS components made job offers on the spot to 300 candidates and hired another 350 shortly after — an expedited hiring process that’s novel for the federal government.
“By really studying and paying attention and knowing exactly what we need and how to go about finding it, we are being far more successful in getting the talent that we’re looking for to enhance our mission,” says Bailey. “And we think we’re getting smarter and better at that.”
HHS Turns to YouTube to Attract Cybersecurity Workers
The Health and Human Services Department, grappling with an 18 percent vacancy rate in cybersecurity positions, is also turning to unusual means (for a government agency) to attract potential employees.
One example: When job candidates visit USAJobs.gov to search for open cybersecurity positions, they may find that IT postings from HHS include more than the usual job description and contact information — some have a link to a YouTube video.
“We’ve put together basically a 90-second commercial to sell folks on the HHS mission,” explains Lisa Dorr, the agency’s former director of IT and cybersecurity workforce planning.
HHS protects the personal health information of one out of every three Americans, so filling cyber positions is critical. The first job posting that included the video garnered enough response that the surprised HR department alerted Dorr.
“We and the rest of the federal government are trying to attract folks who are used to literally hitting the ‘Apply Now’ button for a job from their phone and almost immediately getting a response,” says former CIO Beth Killoran. “That’s a real problem, because we have to work within a much slower, much more onerous hiring process.”
MORE FROM FEDTECH: Learn about how the Department of Homeland Security will launch a new cybersecurity risk score for agencies!
Take Creative Approaches to Cybersecurity Recruiting and Training
HHS took other initiatives to speed up the months-long process. The agency co-piloted a hiring event in which HHS cybersecurity teams worked with the Office of Management and Budget’s HR teams to review resumes, classify candidates and interview them on the spot.
With the Federal CIO Council, HHS tested non-IT professionals and recent college graduates for competency and aptitude, and then trained them for specific cyber jobs after they were hired. The agency also retrained current, non-IT workers interested in a cyber career.
“If we can take a more 21st-century approach and push for changes within the process, we might be able to tap into employee markets that are more technically savvy,” Killoran says.
Cybersecurity is often seen as a solo job that can be performed only by “cyber ninjas” with an impossible-to-teach, innate technical instinct. Not even close, says Rodney Petersen, director of NICE.