We’ve previously looked at how many organizations are having a hard time filling cybersecurity positions, indicating a shortage of qualified and certified IT security professionals in the US. Now, Ron Nixon reports in the New York Times that the Department of Homeland Security—which as you can imagine really needs that type of employee—is also coming up short in its recruiting efforts:
Recent disclosures that Iranian hackers with ties to the government in Tehran had launched a cyberattack against a dam in New York highlighted the need for the department, which is charged with protecting government and private systems from cyberintrusions, to have a staff capable of responding to sophisticated enemies. …
To counter these intrusions, the Obama administration and Congress approved the Cybersecurity Enhancement Act of 2014, which among other things emphasized recruitment of a cybersecurity work force for the government. But the Department of Homeland Security, even with 691 people staffing its cybersecurity division, has not been able to recruit a work force to match the threat.
DHS’s hiring woes aren’t just a matter of a talent shortage, however; it also seems to be suffering from a distinctly unsexy employer brand:
“The deck is stacked against us a little bit,” said Phyllis Schneck, deputy under secretary for cybersecurity and communications at the Department of Homeland Security. “So what we are pitching to people is to explore a hybrid: Do a private sector career and then come and do some time in government. It can be a positive experience in both areas.”
Candy Alexander, a board member at the Information Systems Security Association, a trade group of cybersecurity professionals, said many cybersecurity professionals avoided working for the government, particularly the Department of Homeland Security, because it was not seen as cutting edge.