OPM's new cyber worker definition to improve hiring

Monday - 2/28/2011, 7:03am EST

OPM's Nancy Kichak

Click below to hear the interview

Download mp3

By Jason Miller
Executive Editor
Federal News Radio

The Office of Personnel Management, as of now, has no plans to make cybersecurity its own career series.

OPM and the Chief Information Officer's Council found that most federal employees in the cybersecurity field fall into the GS-2210 series.

"We are on the beginning of a long process on cybersecurity," said Nancy Kichak, OPM's associate director for employee services. "We have learned that cybersecurity is extremely broad, including some areas in engineering and telecommunications, it's not apparent to us that there is a one-size fits all definition. What we will need to go forward will be informed by what we learn about what's needed for recruiting and training."

She added that OPM will see if their current techniques to hire people with specific skills meets the 2210 or engineering (0855) or telecommunication series (0391), or if a new one is needed.

OPM and the CIO Council collected data on what skills and capabilities are needed to be a cybersecurity professional. OPM released their findings Feb.16 detailing what employees need to know at the GS-9 to GS-15 levels. It collected data from agency hiring managers, cyber professionals and others CIOs identified to develop the definition and competencies.

OPM and the council started the data collection November 2009.

"Some of the competencies we found it required were attention to detail, ability to work on team, ability to write and then some tech competencies were also found to be important such as technology management," Kichak said. "The thing that surprised us was how broad this was. I tend to think that information technology represents cybersecurity. But we also found that cybersecurity work is performed by electronics engineers, computer engineers and telecommunications specialists."

She added that work also helped OPM and the CIO Council come to a common definition of a cybersecurity worker.

"The definition is quite long," Kichak said. "It is policy and standards regarding security of operations in cyberspace. It encompasses threat reduction, vulnerability reduction, deterrence, international engagement, incident response, recovery policies and activities, information assurance, law enforcement and intelligence missions as they relate to the security and stability of global information."

She said agencies now can be on the same page when they recruit or train cybersecurity workers. In fact, one of the biggest benefits of this new competency model is that standardization.

Kichak said OPM will work with agencies to find out what their cyber needs and how best to recruit skilled workers.

"We've already held several workshops with hiring managers and recruiters where we've shared that information," she said. "We want to bring the community together so they can share what they know and what works."

Agencies can use certain authorities to bring cybersecurity workers on more easily. Kichak said OPM gave direct hirer authority for computer security specialists, but not specifically cybersecurity professionals.

"Cybersecurity is a broader occupation that not only is involved in the protection, but also involved in more active threat reduction, deterrence and incident response," she said.

Agencies can hire cyber professionals under Schedule A authority, which speeds up the hiring process. She said OPM is waiting to see how these work before granting direct hire authority for cybersecurity.

This story is part of Federal News Radio's daily Cybersecurity Update brought to you by Tripwire. For more cybersecurity news, click here.

(Copyright 2011 by FederalNewsRadio.com. All Rights Reserved.)