Skip to main content
close search
site logo
Dive Brief

Private sector pay and opportunity pose big threat to federal talent retention

Published Aug. 3, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
CC0 Public Domain Free for commercial use No attribution required Pexels

Dive Brief:

  • Federal agencies need to shift their focus on retaining cybersecurity talent because hiring it is not the issue, said Shane Barney, acting CISO of the U.S. Citizenship and Immigration Services (USCIS), speaking at a Meritalk's 2018 Cybersecurity Brainstorm in Washington Thursday. "I can hire people all day long" until a company like Cisco comes along and offers a much larger salary, he said. In the private sector, ideas aren't left in theory or mired in red tape, but can see application, according to Matt Conner, CISO of the National Geospatial Intelligence Agency. 

  • To address retention, the government needs to reevaluate how it classifies and interprets skills, said Michele Thomas, CISO of the Department of Transportation, National Highway Traffic Safety Administration. Tech jobs aren't just about tech, she said. Professionals should have skills interpreting policies and how to communicate technology to non-technical leadership.

  • While policies are important, federal agencies cannot function properly when trying to design their actions around them, according to the panelists. Agencies can choose to ignore policies because they are outdated or don't make sense for the current framework, said Barney. Frameworks need to adapt to current environments but they aren't always reliable to help predict or handle future scenarios.

Dive Insight:

The biggest takeaway from the panel was that security experts and leaders across the public sector are still figuring out the most effective ways for the U.S. to address cyber risks, mandates and maintaining its defense against nation-state actors.

The federal government has seen its share of cyber woes. Federal agencies, in terms of cybersecurity, are still where they were five or six years ago, pre-OPM breach, said Thomas. Agencies are in need of getting the people who write the policies to "appreciate the things like risk management framework so the policy and mission intersect," she said.

The first questions CISOs ask is "what are our risks," not, "are we compliant," said Barney. Though compliance is always going to be relevant, it shouldn't be the core focus of actions. The USCIS is "not a compliance shop," though it still has to deal with checking all the boxes.

The issue of tackling a cyber event and protecting an agency of a breach is maneuvering around the policies, said Conner and agencies cannot rely on policies alone to drive change. "There's not going to be the cyber Pearl Harbor" because bad actors aren't bringing capabilities down, they are stealing data, according to Ron Ross, fellow at the National Institute of Standards and Technology.

There is a slow bleed that is a result of blips intentionally being placed by adversaries. Increasingly, bad actors are trying to take small action that appear to have little significance.

Filed Under: Security, Leadership

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell