How to create the best federal cybersecurity workforce

Friday - 6/11/2010, 4:18pm EDT

Jeff Akin, principal, Booz Allen Hamilton

Click to hear the interview

Download mp3

Cybersecurity is perhaps one of the most important, and fastest growing, job fields in the country.

President Barack Obama has declared it to be "one of the most serious economic and national security challenges we face as a nation."

But how can the federal government take a leadership role and attract the best and the brightest cyber workers into federal service?

Booz Allen Hamilton and the Partnership for Public Service recently completed a report, Cyber In-Security: Strengthening the Federal Cybersecurity Workforce.

The report found that there is a dire need to attract more highly-skilled cyber experts if the federal government wants to successfully protect the country's networks and infrastructure.

Jeff Akin is a principal at Booz Allen Hamilton and says the initial hurdle has to do with the fact that there are a number of different needs when it comes to cybersecurity. This means that a good, component cybersecurity worker must often ave a wide variety of skills.

"It can get pretty cumbersome. I've heard of agencies, as they start to get into their diagnostic and development of some of these skills -- I'm hearing numbers of anywhere between 8 skills -- and I know when Booz Allen did it, we came up with 23 . . . and within each of those skills, you [have] to talk about [defining] proficiency levels."

23 skills for one individual is a lot. Akin says Booz Allen Hamilton defines their needs at the organizational level and then maps combinations into individual role expectations.

Still, that's complicated, and the other problem is that a lot of people aren't studying cybersecurity yet in college, mainly because 'cybersecurity' -- as a major and a job description -- hasn't been clearly defined yet.

"I think we need to know what we're asking for before we can identify what the level . . . is to meet those expectations. Once we can better define that, I think we can look at the pipeline in a different way. Many organizations, private and public sector both, are kind of looking at the up and coming talent. Who are the folks in college, and in high school even, who are demonstrating a proficiency in securing networks and programming. That's all good, but the problem is, the threat is here and now."

Booz Allen Hamilton has done a number of studies for different organizations within the federal government, examining their requisitions for cybersecurity workers.

Akin says between 30 and 50 percent of those are for manager-level talent or above, but some don't know how to reach out and grab the available talent.

"Helping organizations figure out the right marketing vehicles to use, the right professional industry organizations to go to and develop relationships with, that's an important step in trying to find the right candidates to bring into your organization and stand up that cyber capability."

Components of almost any organization's cyber mission aren't all new at this point. Akin says the integration of these components into an entire organization can be the challenging part.

"The way that we did it at Booz Allen is, we went out and, through a series of focus groups, interviews and online surveys, we touched probably 1,000 people doing cyber-related work across the firm and gathered their input on -- 'What are the requirements that you're seeing or need to complete your work? Don't be focused, by the way, on the things that you have in terms of skills you bring to the table, but think about, in an ideal world, what would your team be comprised of?' From there, we dissected [those answers] and started the iterative process to agree on language . . . that we could use to define not only requirements of work, but requirements of people, and then map those back to requirements of people by level."

Another problem for federal agencies has to do with the hiring process itself. Though President Obama and the Office of Personnel Management have vowed to change the way the federal government hires, there are still barriers.

"Our message on that topic was -- don't let the the process [over] which most agencies have very little control -- don't let that prohibit you from making progress in other areas. You [have to] kind of take the pipeline from candidate application until until the generation of assert from which you make hiring decision -- you [have] to take that in isolation and say, -- how do we increase the effectiveness of the pipeline on the front end to get better quality people coming through . . . in the first place, and then, once they get there, that they're onboarded and given a career path that's meaningful to them?"