The Office of Personnel Management is encouraging agencies to use rotational cybersecurity assignments to build and sustain a federal cybersecurity workforce and create a pipeline of cybersecurity talent.
That effort is of “national importance” to protect the data, systems and operations agencies rely on, according to a Nov. 18 memo written by OPM acting Director Michael Rigas to issue guidance on the matter.
“These developmental assignments allow cybersecurity practitioners to learn new skills through hands on experience and provides the individuals with a more comprehensive understanding of the complexity and depth of cybersecurity work across the Federal Government,” the memo reads.
The memo recommends initial 120-day rotation assignments within the employee’s current agency, another component of the agency, or in another agency completely. Those assignments would then be extendable in additional 120-day increments. When the employee returns to their original position, “the agency may identify ways to leverage the employee’s new skills and knowledge.”
The memo outlines responsibilities for the participant, home agency supervisor and host agency supervisor. It also includes a template for requesting certain rotational assignments and a sample memorandum of understanding.
There are already several federal rotational programs that have cybersecurity elements. The President’s Management Council Interagency Program, for example, includes a cyber track. The Federal Cybersecurity Reskilling Academy follows President Donald Trump’s 2018 agenda to develop a 21st-century federal workforce, offering detail assignments for federal employees to expand their cyber competencies. Finally, the Federal Cybersecurity Rotation Program, launched in 2019, sends personnel to the Department of Homeland Security and rotates DHS cybersecurity subject matter experts to other agencies.
These additional rotational programs are in response to the high demand for cybersecurity experts, which creates competition not only between agencies but also with the private sector. This newly issued guidance is similar to a 2019 Senate bill — which passed by unanimous consent — that would have established a system of cybersecurity rotational programs.
Rigas wrote that these programs are mutually beneficial to the agency and the employee.
“Cybersecurity rotations support organizational objectives with cybersecurity education, training, workforce development, and retention,” the memo reads. “Furthermore, they provide an opportunity for Federal employees to be reskilled and upskilled.”