Pentagon Faces Big Challenges In Retaining Cyber Talent

The Department of Defense (DoD) faces tremendous challenges in recruiting and retaining trained and experienced cybersecurity professionals. DoD’s problem is part of a larger worldwide shortfall of this high demand resource. According to the Global Information Security Workforce Study sponsored by Booz Allen Hamilton, this shortfall is on track to hit 1.8 million by 2022.

DoD must accept the reality it cannot compete with tech giants and Silicon Valley startups strictly on the basis of salaries and benefits. Google for example, has been a very successful company in large part due to its ability to attract, retain and motivate its workforce. Google has a notoriously rigorous upfront recruitment and screening process, great salaries and benefits, ensures an employee friendly culture and develops a campus like work environment. DoD must instead focus on the advantages it does have and be creative when considering enhancing future retention efforts.

One of the greatest advantages the military has resides within its enlistment programs. DoD provides new recruits, without prerequisite experience, with core technical and cyber training through its own DoD schools and in partnership with civilian professional certification programs. DoD can also leverage the Reserve Officer Training Corps (ROTC) program, available in colleges and universities, to attract new talent.

Once training is completed personnel incur a service commitment based on the amount of education provided, normally for 4 years, but obligations can be longer based on the training received.

After the classroom training is completed DoD is quick to put both the enlisted and officer’s skills to use in challenging positions, often working directly on defense networks enabling them to develop actual practical skills. It is these skills developed from their experiences that makes them so valuable. This hands-on approach is where DoD has a distinct advantage over civilian organizations in the competition for this technical talent.

However, this is a double edged sword, because it also makes these military members highly sought after by the commercial sector when their military service obligations have been completed.

DoD must be ready to counter the lucrative commercial opportunities that are likely to be made to service members at this critical decision point. Experienced service members will likely be offered much higher salaries and benefits to switch to commercial industry. It is a fact that DoD pay lags behind the commercial industry – annual base pay for an E5 with four years of service is $32,000 and a O-3 with four years of service is $66,300 – based on the 2018 payscale. In contrast, the average civilian cyber penetration tester pay with four years of experience is approximately $115,000, DoD has an uphill battle to compete.

DoD has demonstrated success in the past in retaining other valuable critical skill sets. One example is DoD’s ability to retain aircraft pilots. Pilots are provided monetary bonuses based on their time in service and the demand for their particular aircraft platform — this bonus pay requires additional years of service commitment. This same type of incentive can be used to target and retain critical IT and cyber skills by providing similar monetary bonus for their continued service.

Recently, the United States Air Force offered a bonus of $15,000 per year for four years towards officers in the Cyberspace Operations career field currently with four to twelve years of commissioned service. The officers who accept this incentive incur an additional four-year active duty service commitment. The Army offered a similar program to specific enlisted ranks in the cyber career field with bonuses up to $50,000.

These bonus programs will certainly not keep all the trained cyber technicians on active duty. However, it will help to retain those service members who have the desire to remain in uniform by providing some financial incentive to stay. Based on these successfully examples all of the uniformed Services should increase their efforts to retain these talented personnel — targeting specific skill sets and specific points in the service members careers.

DoD also needs to recognize that a full time active duty career is not for every member of the military. Therefore, for those who do elect to leave, DoD must do a better job of encouraging those departing members to join the National Guard or Reserve Forces. The National Guard/Reserves provide a great opportunity to retain, on at least a part time basis, the IT and cyber talent that has been developed over years.

This option provides the member an opportunity to work in their civilian job and continue part time in the military. These professionals leverage the strengths from their private sector job and bring further refined talent back to the Department of Defense. In addition, these two programs provide the opportunity to create better relations between military and private sector companies by having shared employees.

It is worthy of noting many departing military members are likely to take jobs with civilian companies that are part of the Nation’s 16 Critical Infrastructure Sectors. The impact from the loss of this talented workforce within DoD is mitigated by their new positions helping to ensure the Nation’s critical infrastructure sectors are better secured against cyber threats. This, in turn, supports the mission of the Department of Homeland Defense.

Former DoD CIO Terry Halvorsen stated in 2015 that one of the areas that kept him awake at night was the risk to DoD from our National critical infrastructure vulnerabilities, especially via cyberattack, during the early stages of nation to nation conflicts, in particular the nation’s power grid and financial sectors.

There is a growing worldwide shortage of trained technical personnel and fierce competition for the most talented and experienced. DoD must accept it cannot compete and win in a direct salary war with civilian industry. However, there are areas that DoD can be successful by providing cutting edge training, specialized experience and through employing targeted retention efforts to retain specific skills and at specific points in service members careers.

Finally, DoD must work to make the National Guard and Reserve option more attractive to retain the skills of departing service members and maximize the benefits derived from their new civilian job experiences. These combined efforts in total could help enable DoD to successfully retain sufficient IT and cyber talent going forward.

The Hill:

You Might Also Read:

The Pentagon Is Busy Integrating Cyber Into Its Battle Plans

« Goldman Sachs Offers A Cyber War Games Product
Ex-GCHQ Boss: Nation State Cyber-Attacks Affect Everyone »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / Zero Trust Network Access Guide

Perimeter 81 / Zero Trust Network Access Guide

Curious how you can Implement a Zero Trust roadmap with insights from Gartner? Download this free report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DNV

DNV

DNV are the independent expert in assurance and risk management. We deliver world-renowned testing, certification and technical advisory services.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

High Wire Networks

High Wire Networks

High Wire Network’s Overwatch Managed Security Plaform-as-a-Service offers organizations end-to-end protection for networks, data, endpoints and users.

Wizard Cyber

Wizard Cyber

At Wizard Cyber, we simplify cyber security, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24/7.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Vaultree

Vaultree

We believe in an encrypted tomorrow. Vaultree technology enables a foundational change in how we communicate with each other: Safely!

Visory

Visory

Great businesses depend on great technology. We make sure our clients go to market with enterprise-level technology and world-class security for their data and infrastructure.