Pentagon Faces Big Challenges In Retaining Cyber Talent

Uploaded on 2018-06-11 in NEWS-Cybersecurity News, JOBS-Training, JOBS-Careers, GOVERNMENT-Defence, FREE TO VIEW

The Department of Defense (DoD) faces tremendous challenges in recruiting and retaining trained and experienced cybersecurity professionals. DoD’s problem is part of a larger worldwide shortfall of this high demand resource. According to the Global Information Security Workforce Study sponsored by Booz Allen Hamilton, this shortfall is on track to hit 1.8 million by 2022.

DoD must accept the reality it cannot compete with tech giants and Silicon Valley startups strictly on the basis of salaries and benefits. Google for example, has been a very successful company in large part due to its ability to attract, retain and motivate its workforce. Google has a notoriously rigorous upfront recruitment and screening process, great salaries and benefits, ensures an employee friendly culture and develops a campus like work environment. DoD must instead focus on the advantages it does have and be creative when considering enhancing future retention efforts.

One of the greatest advantages the military has resides within its enlistment programs. DoD provides new recruits, without prerequisite experience, with core technical and cyber training through its own DoD schools and in partnership with civilian professional certification programs. DoD can also leverage the Reserve Officer Training Corps (ROTC) program, available in colleges and universities, to attract new talent.

Once training is completed personnel incur a service commitment based on the amount of education provided, normally for 4 years, but obligations can be longer based on the training received.

After the classroom training is completed DoD is quick to put both the enlisted and officer’s skills to use in challenging positions, often working directly on defense networks enabling them to develop actual practical skills. It is these skills developed from their experiences that makes them so valuable. This hands-on approach is where DoD has a distinct advantage over civilian organizations in the competition for this technical talent.

However, this is a double edged sword, because it also makes these military members highly sought after by the commercial sector when their military service obligations have been completed.

DoD must be ready to counter the lucrative commercial opportunities that are likely to be made to service members at this critical decision point. Experienced service members will likely be offered much higher salaries and benefits to switch to commercial industry. It is a fact that DoD pay lags behind the commercial industry – annual base pay for an E5 with four years of service is $32,000 and a O-3 with four years of service is $66,300 – based on the 2018 payscale. In contrast, the average civilian cyber penetration tester pay with four years of experience is approximately $115,000, DoD has an uphill battle to compete.

DoD has demonstrated success in the past in retaining other valuable critical skill sets. One example is DoD’s ability to retain aircraft pilots. Pilots are provided monetary bonuses based on their time in service and the demand for their particular aircraft platform — this bonus pay requires additional years of service commitment. This same type of incentive can be used to target and retain critical IT and cyber skills by providing similar monetary bonus for their continued service.

Recently, the United States Air Force offered a bonus of $15,000 per year for four years towards officers in the Cyberspace Operations career field currently with four to twelve years of commissioned service. The officers who accept this incentive incur an additional four-year active duty service commitment. The Army offered a similar program to specific enlisted ranks in the cyber career field with bonuses up to $50,000.

These bonus programs will certainly not keep all the trained cyber technicians on active duty. However, it will help to retain those service members who have the desire to remain in uniform by providing some financial incentive to stay. Based on these successfully examples all of the uniformed Services should increase their efforts to retain these talented personnel — targeting specific skill sets and specific points in the service members careers.

DoD also needs to recognize that a full time active duty career is not for every member of the military. Therefore, for those who do elect to leave, DoD must do a better job of encouraging those departing members to join the National Guard or Reserve Forces. The National Guard/Reserves provide a great opportunity to retain, on at least a part time basis, the IT and cyber talent that has been developed over years.

This option provides the member an opportunity to work in their civilian job and continue part time in the military. These professionals leverage the strengths from their private sector job and bring further refined talent back to the Department of Defense. In addition, these two programs provide the opportunity to create better relations between military and private sector companies by having shared employees.

It is worthy of noting many departing military members are likely to take jobs with civilian companies that are part of the Nation’s 16 Critical Infrastructure Sectors. The impact from the loss of this talented workforce within DoD is mitigated by their new positions helping to ensure the Nation’s critical infrastructure sectors are better secured against cyber threats. This, in turn, supports the mission of the Department of Homeland Defense.

Former DoD CIO Terry Halvorsen stated in 2015 that one of the areas that kept him awake at night was the risk to DoD from our National critical infrastructure vulnerabilities, especially via cyberattack, during the early stages of nation to nation conflicts, in particular the nation’s power grid and financial sectors.

There is a growing worldwide shortage of trained technical personnel and fierce competition for the most talented and experienced. DoD must accept it cannot compete and win in a direct salary war with civilian industry. However, there are areas that DoD can be successful by providing cutting edge training, specialized experience and through employing targeted retention efforts to retain specific skills and at specific points in service members careers.

Finally, DoD must work to make the National Guard and Reserve option more attractive to retain the skills of departing service members and maximize the benefits derived from their new civilian job experiences. These combined efforts in total could help enable DoD to successfully retain sufficient IT and cyber talent going forward.

The Hill:

You Might Also Read:

The Pentagon Is Busy Integrating Cyber Into Its Battle Plans

« Goldman Sachs Offers A Cyber War Games Product
Ex-GCHQ Boss: Nation State Cyber-Attacks Affect Everyone »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

DOS

DOS

DOS is an Ecuadorian company with 3 decades of presence in the market and extensive experience in the planning, management and execution of IT Service Integration Projects.

AXA XL

AXA XL

AXA XL is the P&C and Specialty Risk Division of AXA. Professional insurance products include Cyber Insurance.

Armis

Armis

Armis offers the markets leading asset intelligence platform designed to address the new threat landscape that connected devices create.

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

Com Olho

Com Olho

Com Olho provides the measurement, analytics, quality assurance, and fraud protection technologies brands need for their business and customers.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.

DACTA Global

DACTA Global

DACTA was established with the aim of simplifying the perception of complexity surrounding digital security challenges and solutions.