A follow-on report to the Cyberspace Solarium Commission has called on federal cyber hiring authorities to be revamped and for pay flexibility to be increased in a bid to tackle a widespread shortage of public sector cyber talent.
According to the report, which was published Thursday, the Office of the National Cyber Director (NCD) should work with the Office of Personnel Management to modernize coding structures for the cybersecurity jobs and establish a cadre of human resource specialists trained in recruiting cyber expertise.
The report was written by Laura Bate and Mark Montgomery, members of CSC 2.0, the nonprofit organization that has continued the work of the original commission after its charter expired in December 2021.
The follow-on comes as the government continues to face a shortfall of cyber talent, with nearly 39,000 vacant openings, compared with a total employed public sector cybersecurity workforce of just over 75,000 in the U.S.
Since January last year, the Biden administration and federal agencies have worked to find new ways to fast-track the acquisition of cyber talent and bring private-sector technologists, including from Silicon Valley, into government.
In October, DHS launched a Cyber Talent Management System, which was intended to overhaul how it hires cyber personnel and opened up the possibility of a cybersecurity professional making as much money as the vice president of the United States.
This was just one feature of a dramatic revamp of cyber recruitment, including at the State Department and the Department of Defense, and was implemented as private sector organizations and government agencies alike continued to struggle to recruit and retain cyber expertise.
Currently, across the private sector, federal, state and local governments combined, there are almost 600,000 open cybersecurity jobs, and the private and public cybersecurity sectors combined employ just over one million professionals.
The latest study also calls on NCD to establish a cyber workforce strategy across the federal government and to establish a cyber workforce coordinating working group. NCD should also work closely with OPM to share data on the federal cyber workforce more effectively, according to the report.
Lawmakers and congressional committees have for years sought to prioritize this issue, passing laws such as the Cybersecurity Enhancement Act of 2014 and the Federal Cybersecurity Workforce Assessment Act of 2015.
Bills currently under consideration, including the America COMPETES Act of 2022 and the Federal Cybersecurity Workforce Expansion Act, include further provisions intended to boost the cyber workforce.
In its annual report published last August, the Solarium Commission warned that major barriers remained over the designation of cybersecurity responsibilities under the Defense Production Act. At the time, the commission called on the federal government to use the DPA to foster domestic production of critical technology and components, and to ensure resources are available if foreign supply chains are disrupted.