Pentagon Faces Big Challenges In Retaining Cyber Talent

Uploaded on 2018-06-11 in NEWS-Cybersecurity News, JOBS-Training, JOBS-Careers, GOVERNMENT-Defence, FREE TO VIEW

The Department of Defense (DoD) faces tremendous challenges in recruiting and retaining trained and experienced cybersecurity professionals. DoD’s problem is part of a larger worldwide shortfall of this high demand resource. According to the Global Information Security Workforce Study sponsored by Booz Allen Hamilton, this shortfall is on track to hit 1.8 million by 2022.

DoD must accept the reality it cannot compete with tech giants and Silicon Valley startups strictly on the basis of salaries and benefits. Google for example, has been a very successful company in large part due to its ability to attract, retain and motivate its workforce. Google has a notoriously rigorous upfront recruitment and screening process, great salaries and benefits, ensures an employee friendly culture and develops a campus like work environment. DoD must instead focus on the advantages it does have and be creative when considering enhancing future retention efforts.

One of the greatest advantages the military has resides within its enlistment programs. DoD provides new recruits, without prerequisite experience, with core technical and cyber training through its own DoD schools and in partnership with civilian professional certification programs. DoD can also leverage the Reserve Officer Training Corps (ROTC) program, available in colleges and universities, to attract new talent.

Once training is completed personnel incur a service commitment based on the amount of education provided, normally for 4 years, but obligations can be longer based on the training received.

After the classroom training is completed DoD is quick to put both the enlisted and officer’s skills to use in challenging positions, often working directly on defense networks enabling them to develop actual practical skills. It is these skills developed from their experiences that makes them so valuable. This hands-on approach is where DoD has a distinct advantage over civilian organizations in the competition for this technical talent.

However, this is a double edged sword, because it also makes these military members highly sought after by the commercial sector when their military service obligations have been completed.

DoD must be ready to counter the lucrative commercial opportunities that are likely to be made to service members at this critical decision point. Experienced service members will likely be offered much higher salaries and benefits to switch to commercial industry. It is a fact that DoD pay lags behind the commercial industry – annual base pay for an E5 with four years of service is $32,000 and a O-3 with four years of service is $66,300 – based on the 2018 payscale. In contrast, the average civilian cyber penetration tester pay with four years of experience is approximately $115,000, DoD has an uphill battle to compete.

DoD has demonstrated success in the past in retaining other valuable critical skill sets. One example is DoD’s ability to retain aircraft pilots. Pilots are provided monetary bonuses based on their time in service and the demand for their particular aircraft platform — this bonus pay requires additional years of service commitment. This same type of incentive can be used to target and retain critical IT and cyber skills by providing similar monetary bonus for their continued service.

Recently, the United States Air Force offered a bonus of $15,000 per year for four years towards officers in the Cyberspace Operations career field currently with four to twelve years of commissioned service. The officers who accept this incentive incur an additional four-year active duty service commitment. The Army offered a similar program to specific enlisted ranks in the cyber career field with bonuses up to $50,000.

These bonus programs will certainly not keep all the trained cyber technicians on active duty. However, it will help to retain those service members who have the desire to remain in uniform by providing some financial incentive to stay. Based on these successfully examples all of the uniformed Services should increase their efforts to retain these talented personnel — targeting specific skill sets and specific points in the service members careers.

DoD also needs to recognize that a full time active duty career is not for every member of the military. Therefore, for those who do elect to leave, DoD must do a better job of encouraging those departing members to join the National Guard or Reserve Forces. The National Guard/Reserves provide a great opportunity to retain, on at least a part time basis, the IT and cyber talent that has been developed over years.

This option provides the member an opportunity to work in their civilian job and continue part time in the military. These professionals leverage the strengths from their private sector job and bring further refined talent back to the Department of Defense. In addition, these two programs provide the opportunity to create better relations between military and private sector companies by having shared employees.

It is worthy of noting many departing military members are likely to take jobs with civilian companies that are part of the Nation’s 16 Critical Infrastructure Sectors. The impact from the loss of this talented workforce within DoD is mitigated by their new positions helping to ensure the Nation’s critical infrastructure sectors are better secured against cyber threats. This, in turn, supports the mission of the Department of Homeland Defense.

Former DoD CIO Terry Halvorsen stated in 2015 that one of the areas that kept him awake at night was the risk to DoD from our National critical infrastructure vulnerabilities, especially via cyberattack, during the early stages of nation to nation conflicts, in particular the nation’s power grid and financial sectors.

There is a growing worldwide shortage of trained technical personnel and fierce competition for the most talented and experienced. DoD must accept it cannot compete and win in a direct salary war with civilian industry. However, there are areas that DoD can be successful by providing cutting edge training, specialized experience and through employing targeted retention efforts to retain specific skills and at specific points in service members careers.

Finally, DoD must work to make the National Guard and Reserve option more attractive to retain the skills of departing service members and maximize the benefits derived from their new civilian job experiences. These combined efforts in total could help enable DoD to successfully retain sufficient IT and cyber talent going forward.

The Hill:

You Might Also Read:

The Pentagon Is Busy Integrating Cyber Into Its Battle Plans

« Goldman Sachs Offers A Cyber War Games Product
Ex-GCHQ Boss: Nation State Cyber-Attacks Affect Everyone »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Advent IM

Advent IM

Advent IM is one of the UK’s leading independent cyber security specialists, with a unique approach to providing holistic security management solutions.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

Trust Guard

Trust Guard

Trust Guard services provide complete security for your website.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

VTT Technical Research Centre of Finland

VTT Technical Research Centre of Finland

VTT is the leading research and technology company in the Nordic countries. Areas of activity include cyber security.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

Fortalice

Fortalice

Fortalice provide customizable consulting services built on proven methodology to strengthen your business cyber security defenses.

Cyber Security & Cloud Expo

Cyber Security & Cloud Expo

The Cyber Security & Cloud Expo is an international event series in London, Amsterdam and Silicon Valley.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

AdaCore

AdaCore

AdaCore is focused on helping developers build safe, secure and reliable software.

Content+Cloud

Content+Cloud

Content+Cloud is a leading technology services business and Managed Services Provider (MSP) with a genuine passion for helping your organisation to succeed, whatever your ambitions.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.