The commission charged with advising the next president on cybersecurity should “think big” on workforce issues, Commerce Secretary Penny Pritzker urged Monday, saying agency heads lacked the authority and resources to hire the IT security specialists they desperately need.
“I feel a little bit like Sisyphus here,” said Pritzker, comparing herself to the Greek king condemned to spend eternity rolling a boulder up a hill — only to see it roll down again as soon as he was done each time.
Since arriving at Commerce, she told the President’s Commission on Enhancing National Cybersecurity, she had “faced a chronic shortage both in quantity and quality of cybersecurity personnel.”
Often, she explained, “by the time we bring someone new on board, someone else has been lured away by private sector perks or poached by an agency that offers hiring bonuses or higher pay.”
Nationwide, there are more than 200,000 cybersecurity jobs unfulfilled, but Pritzker said the federal government’s problems were “compounded by a smaller talent pool, uncompetitive salaries, and a cumbersome hiring process,” adding that, “I do not have the authority, flexibility, or resources to do enough about it.”
“To attract the best and brightest,” she urged the commission, hosted by the Kogod Cybersecurity Governance Center at American University, “I ask you to think big.”
She asked them to consider “a centralized system to recruit, train, and place federal cybersecurity personnel.”
That cut against the grain of much of the rest of her testimony, where she pushed back hard against calls for more power to be vested in the White House cyber czar or the new federal CISO and declared herself “wary” of centralization.
Whatever structure the commission recommended, the federal government needs “specialized pay scales” to compete with lucrative private sector pay rates — “like those used for the financial industry.”
“We must also end the musical chairs of cybersecurity workers among federal agencies,” Pritzker said, suggesting it might be time “for contracts with preset time commitments or even private-sector style non-compete agreements.”
To solve the hiring shortage, she said, “bold ideas” were needed “like debt forgiveness for graduates with certified programs; tuition-free community college in return for federal service; and cybersecurity apprenticeships within civilian agencies.”
The commission Monday held its final public meeting. Its recommendations on strengthening long-term U.S. cybersecurity in the federal government and the private sector are due Dec.1.