Pentagon Faces Big Challenges In Retaining Cyber Talent

Uploaded on 2018-06-11 in NEWS-Cybersecurity News, JOBS-Training, JOBS-Careers, GOVERNMENT-Defence, FREE TO VIEW

The Department of Defense (DoD) faces tremendous challenges in recruiting and retaining trained and experienced cybersecurity professionals. DoD’s problem is part of a larger worldwide shortfall of this high demand resource. According to the Global Information Security Workforce Study sponsored by Booz Allen Hamilton, this shortfall is on track to hit 1.8 million by 2022.

DoD must accept the reality it cannot compete with tech giants and Silicon Valley startups strictly on the basis of salaries and benefits. Google for example, has been a very successful company in large part due to its ability to attract, retain and motivate its workforce. Google has a notoriously rigorous upfront recruitment and screening process, great salaries and benefits, ensures an employee friendly culture and develops a campus like work environment. DoD must instead focus on the advantages it does have and be creative when considering enhancing future retention efforts.

One of the greatest advantages the military has resides within its enlistment programs. DoD provides new recruits, without prerequisite experience, with core technical and cyber training through its own DoD schools and in partnership with civilian professional certification programs. DoD can also leverage the Reserve Officer Training Corps (ROTC) program, available in colleges and universities, to attract new talent.

Once training is completed personnel incur a service commitment based on the amount of education provided, normally for 4 years, but obligations can be longer based on the training received.

After the classroom training is completed DoD is quick to put both the enlisted and officer’s skills to use in challenging positions, often working directly on defense networks enabling them to develop actual practical skills. It is these skills developed from their experiences that makes them so valuable. This hands-on approach is where DoD has a distinct advantage over civilian organizations in the competition for this technical talent.

However, this is a double edged sword, because it also makes these military members highly sought after by the commercial sector when their military service obligations have been completed.

DoD must be ready to counter the lucrative commercial opportunities that are likely to be made to service members at this critical decision point. Experienced service members will likely be offered much higher salaries and benefits to switch to commercial industry. It is a fact that DoD pay lags behind the commercial industry – annual base pay for an E5 with four years of service is $32,000 and a O-3 with four years of service is $66,300 – based on the 2018 payscale. In contrast, the average civilian cyber penetration tester pay with four years of experience is approximately $115,000, DoD has an uphill battle to compete.

DoD has demonstrated success in the past in retaining other valuable critical skill sets. One example is DoD’s ability to retain aircraft pilots. Pilots are provided monetary bonuses based on their time in service and the demand for their particular aircraft platform — this bonus pay requires additional years of service commitment. This same type of incentive can be used to target and retain critical IT and cyber skills by providing similar monetary bonus for their continued service.

Recently, the United States Air Force offered a bonus of $15,000 per year for four years towards officers in the Cyberspace Operations career field currently with four to twelve years of commissioned service. The officers who accept this incentive incur an additional four-year active duty service commitment. The Army offered a similar program to specific enlisted ranks in the cyber career field with bonuses up to $50,000.

These bonus programs will certainly not keep all the trained cyber technicians on active duty. However, it will help to retain those service members who have the desire to remain in uniform by providing some financial incentive to stay. Based on these successfully examples all of the uniformed Services should increase their efforts to retain these talented personnel — targeting specific skill sets and specific points in the service members careers.

DoD also needs to recognize that a full time active duty career is not for every member of the military. Therefore, for those who do elect to leave, DoD must do a better job of encouraging those departing members to join the National Guard or Reserve Forces. The National Guard/Reserves provide a great opportunity to retain, on at least a part time basis, the IT and cyber talent that has been developed over years.

This option provides the member an opportunity to work in their civilian job and continue part time in the military. These professionals leverage the strengths from their private sector job and bring further refined talent back to the Department of Defense. In addition, these two programs provide the opportunity to create better relations between military and private sector companies by having shared employees.

It is worthy of noting many departing military members are likely to take jobs with civilian companies that are part of the Nation’s 16 Critical Infrastructure Sectors. The impact from the loss of this talented workforce within DoD is mitigated by their new positions helping to ensure the Nation’s critical infrastructure sectors are better secured against cyber threats. This, in turn, supports the mission of the Department of Homeland Defense.

Former DoD CIO Terry Halvorsen stated in 2015 that one of the areas that kept him awake at night was the risk to DoD from our National critical infrastructure vulnerabilities, especially via cyberattack, during the early stages of nation to nation conflicts, in particular the nation’s power grid and financial sectors.

There is a growing worldwide shortage of trained technical personnel and fierce competition for the most talented and experienced. DoD must accept it cannot compete and win in a direct salary war with civilian industry. However, there are areas that DoD can be successful by providing cutting edge training, specialized experience and through employing targeted retention efforts to retain specific skills and at specific points in service members careers.

Finally, DoD must work to make the National Guard and Reserve option more attractive to retain the skills of departing service members and maximize the benefits derived from their new civilian job experiences. These combined efforts in total could help enable DoD to successfully retain sufficient IT and cyber talent going forward.

The Hill:

You Might Also Read:

The Pentagon Is Busy Integrating Cyber Into Its Battle Plans

« Goldman Sachs Offers A Cyber War Games Product
Ex-GCHQ Boss: Nation State Cyber-Attacks Affect Everyone »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO was founded in 2015 with the aim of counteracting the threats posed by globally organized cybercrime and state-controlled industrial espionage.

Hague Security Delta (HSD)

Hague Security Delta (HSD)

The Hague Security Delta Campus is home of the leading cyber security cluster in Europe with an Innovation Centre, labs and training facilities.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

OSIRIS Lab - NYU Tandon

OSIRIS Lab - NYU Tandon

The Offensive Security, Incident Response & Internet Security Lab (OSIRIS) is a security research environment where students analyze and understand how attackers take advantage of real systems.

Rhebo

Rhebo

Rhebo Industrial Protector monitors and ensures the continuous, correct, and predictable operation of real-time Industrial Control Systems to prevent outages and reduce downtimes.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

Sevatec

Sevatec

Sevatec’s Active Cyber Defense (ACD) methodology proactively defends against adversarial kills chain, addressing active and emerging threats while reducing program vulnerabilities and risks.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Bfore.ai

Bfore.ai

Stop future attacks, today. Bfore.ai is an operational threat intelligence feed to add predictive technology to your security infrastructure.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

Guardian Angel Cyber

Guardian Angel Cyber

Guardian Angel Cyber, is your trusted ally in safeguarding your digital assets and online presence.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.

Cyberscope

Cyberscope

Cyberscope is a Web3 security firm specializing in smart contract audits, crypto security audits, and blockchain vulnerability assessments.