Every position in the federal workforce now has a cybersecurity job code listed in its description for more effective tracking of the lagging cyber workforce, even if the job isn’t cybersecurity-related.
The Office of Personnel Management introduced the new codes in fiscal year 2013 as part of a cross-agency presidential directive to find and eliminate skills gaps in federal government. The deadline for agencies to fully integrate the codes, which reflect the National Institute of Standards and Technology’s National Cybersecurity Workforce Framework, into OPM’s Enterprise Human Resources Integration data warehouse recently passed.
Sydney Smith-Heimbrock, deputy associate director for strategic workforce planning, said during the exploration into the most-lagging parts of the federal workforce, cybersecurity immediately rose to the top of the high-risk occupations in need of attention.
“If we can’t effectively recruit, retain and develop the right people to protect our information, it puts the entire government at risk,” Smith-Heimbrock said.
After identifying the cybersecurity skills gap, OPM began to realize that many who work in the field might not have a title or description that reflects it, and therefore quantifying and analyzing that workforce segment could be a hassle.
“We have a huge database of federal positions and employees, and what we have been unable to do governmentwide until now is look at that database and identify everybody who is working in cybersecurity because we have known that cybersecurity workers reach way beyond … our IT security people,” Smith-Heimbrock said. “So there’s a lot of other people in government whose jobs have something to do with cybersecurity, if not full-time at least part-time, but they’re not necessarily counted.”
OPM added to its “Guide to Data Standards” a new categorization field “used to identify incumbents or positions for which the primary function is cybersecurity” and may be “in a number of different occupational series based on the nature of the work,” the guide says, requiring all agencies reflect that by the end of fiscal year 2014.
It’s a simple system: noncybersecurity-related jobs get a “0” in that field so they wouldn’t show up in a search. But those based in cybersecurity get one of dozens of two-digits codes for a category or specialty area to which the jobs apply.
For now, the codes are meant as “back-office tool” only, Smith-Heimbrock said. The intention isn’t to give workers, who for instance might be perusing around the USAjobs.gov website, better insight into positions that might not be as obviously related to the cybersecurity field.
“On the actual job listing, it wouldn’t necessarily be meaningful for an applicant to see a code,” she said. “Because a code wouldn’t say anything to a regular person who’s looking at USAjobs.gov.”
Rather, the coding helps OPM “make sure that we really know who makes up the cybersecurity workforce in the federal government,” Smith-Heimbrock said. “So once we have coded and cataloged all of the cybersecurity-related positions, then we’ll understand where cybersecurity specialists have been hired into, not only by agencies but by position, by work type, eventually by competency, and that then gives us the information we need to do workforce planning for future recruitment, hiring and training efforts.”
And that’s the direction OPM is taking in fiscal 2015 with all cybersecurity positions now codified — the job now is to use analytics and develop other methods to “be faster about making sure we’re closing [skills gaps] governmentwide,” Smith-Heimbrock said.
“It’s really all about the security of federal information systems and federal data and making sure we have the people in place now and moving forward in an occupation that everybody recognizes is extremely dynamic,” she said. “It’s all evolving very rapidly, so it’s important for us to have this information in a way that we can flex and pre-position the federal government for emerging challenges rather than constantly be reacting.”