Pentagon Faces Big Challenges In Retaining Cyber Talent

Uploaded on 2018-06-11 in NEWS-Cybersecurity News, JOBS-Training, JOBS-Careers, GOVERNMENT-Defence, FREE TO VIEW

The Department of Defense (DoD) faces tremendous challenges in recruiting and retaining trained and experienced cybersecurity professionals. DoD’s problem is part of a larger worldwide shortfall of this high demand resource. According to the Global Information Security Workforce Study sponsored by Booz Allen Hamilton, this shortfall is on track to hit 1.8 million by 2022.

DoD must accept the reality it cannot compete with tech giants and Silicon Valley startups strictly on the basis of salaries and benefits. Google for example, has been a very successful company in large part due to its ability to attract, retain and motivate its workforce. Google has a notoriously rigorous upfront recruitment and screening process, great salaries and benefits, ensures an employee friendly culture and develops a campus like work environment. DoD must instead focus on the advantages it does have and be creative when considering enhancing future retention efforts.

One of the greatest advantages the military has resides within its enlistment programs. DoD provides new recruits, without prerequisite experience, with core technical and cyber training through its own DoD schools and in partnership with civilian professional certification programs. DoD can also leverage the Reserve Officer Training Corps (ROTC) program, available in colleges and universities, to attract new talent.

Once training is completed personnel incur a service commitment based on the amount of education provided, normally for 4 years, but obligations can be longer based on the training received.

After the classroom training is completed DoD is quick to put both the enlisted and officer’s skills to use in challenging positions, often working directly on defense networks enabling them to develop actual practical skills. It is these skills developed from their experiences that makes them so valuable. This hands-on approach is where DoD has a distinct advantage over civilian organizations in the competition for this technical talent.

However, this is a double edged sword, because it also makes these military members highly sought after by the commercial sector when their military service obligations have been completed.

DoD must be ready to counter the lucrative commercial opportunities that are likely to be made to service members at this critical decision point. Experienced service members will likely be offered much higher salaries and benefits to switch to commercial industry. It is a fact that DoD pay lags behind the commercial industry – annual base pay for an E5 with four years of service is $32,000 and a O-3 with four years of service is $66,300 – based on the 2018 payscale. In contrast, the average civilian cyber penetration tester pay with four years of experience is approximately $115,000, DoD has an uphill battle to compete.

DoD has demonstrated success in the past in retaining other valuable critical skill sets. One example is DoD’s ability to retain aircraft pilots. Pilots are provided monetary bonuses based on their time in service and the demand for their particular aircraft platform — this bonus pay requires additional years of service commitment. This same type of incentive can be used to target and retain critical IT and cyber skills by providing similar monetary bonus for their continued service.

Recently, the United States Air Force offered a bonus of $15,000 per year for four years towards officers in the Cyberspace Operations career field currently with four to twelve years of commissioned service. The officers who accept this incentive incur an additional four-year active duty service commitment. The Army offered a similar program to specific enlisted ranks in the cyber career field with bonuses up to $50,000.

These bonus programs will certainly not keep all the trained cyber technicians on active duty. However, it will help to retain those service members who have the desire to remain in uniform by providing some financial incentive to stay. Based on these successfully examples all of the uniformed Services should increase their efforts to retain these talented personnel — targeting specific skill sets and specific points in the service members careers.

DoD also needs to recognize that a full time active duty career is not for every member of the military. Therefore, for those who do elect to leave, DoD must do a better job of encouraging those departing members to join the National Guard or Reserve Forces. The National Guard/Reserves provide a great opportunity to retain, on at least a part time basis, the IT and cyber talent that has been developed over years.

This option provides the member an opportunity to work in their civilian job and continue part time in the military. These professionals leverage the strengths from their private sector job and bring further refined talent back to the Department of Defense. In addition, these two programs provide the opportunity to create better relations between military and private sector companies by having shared employees.

It is worthy of noting many departing military members are likely to take jobs with civilian companies that are part of the Nation’s 16 Critical Infrastructure Sectors. The impact from the loss of this talented workforce within DoD is mitigated by their new positions helping to ensure the Nation’s critical infrastructure sectors are better secured against cyber threats. This, in turn, supports the mission of the Department of Homeland Defense.

Former DoD CIO Terry Halvorsen stated in 2015 that one of the areas that kept him awake at night was the risk to DoD from our National critical infrastructure vulnerabilities, especially via cyberattack, during the early stages of nation to nation conflicts, in particular the nation’s power grid and financial sectors.

There is a growing worldwide shortage of trained technical personnel and fierce competition for the most talented and experienced. DoD must accept it cannot compete and win in a direct salary war with civilian industry. However, there are areas that DoD can be successful by providing cutting edge training, specialized experience and through employing targeted retention efforts to retain specific skills and at specific points in service members careers.

Finally, DoD must work to make the National Guard and Reserve option more attractive to retain the skills of departing service members and maximize the benefits derived from their new civilian job experiences. These combined efforts in total could help enable DoD to successfully retain sufficient IT and cyber talent going forward.

The Hill:

You Might Also Read:

The Pentagon Is Busy Integrating Cyber Into Its Battle Plans

« Goldman Sachs Offers A Cyber War Games Product
Ex-GCHQ Boss: Nation State Cyber-Attacks Affect Everyone »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

Assuria

Assuria

Assuria Cyber Security solutions provide protective monitoring of systems and user activity across the whole IT infrastructure.

Seclab

Seclab

Seclab is an innovative player in the protection of industrial systems and critical infrastructure against sophisticated cyber attacks.

X-act Forensics

X-act Forensics

X-act forensics are computer forensic experts with experience in cases of computer fraud, intellectual property theft, and social networking cases.

Niagara Networks

Niagara Networks

Niagara Networks is a Network Visibility industry leader, with emphasis in 1/10/40/100 Gigabit systems and mission-critical IT and security appliances.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

VXRL

VXRL

VXRL is a Hong Kong-based cybersecurity company. We provide consulting services, penetration testing, and corporate training.

M12

M12

M12 (formerly Microsoft Ventures) is the corporate venture capital subsidiary of Microsoft.

CoverWallet

CoverWallet

CoverWallet combines deep analytics, thoughtful design and state of the art technology to help small businesses with all their insurance needs including Cyber Liability.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

Traceable

Traceable

Traceable was founded to protect applications from next-generation attacks.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Alcatel-Lucent Enterprise (ALE)

Alcatel-Lucent Enterprise (ALE)

We are Alcatel-Lucent Enterprise. Our mission is to make everything connect with digital age networking, communications and cloud solutions.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.