Study finds federal agencies pay, benefits for cyber workforce lag behind private sector
WASHINGTON May 9, 2017 According to the Center for Cyber Safety and Education™ Global Information Security Workforce Study (GISWS), sponsored by (ISC)²®, Booz Allen Hamilton and Alta Associates, federal agencies need to invest strategically and heavily in their benefits strategy if they're going to successfully compete for cybersecurity talent. U.S. federal data from the study was released today during a panel discussion of experts at the (ISC)2 CyberSecureGov training event in D.C., which included Dan Waddell, (ISC)² managing director, North America, Rodney J. Petersen, director of National Initiative for Cybersecurity Education, NIST, and Ron Sanders, senior executive advisor and fellow at Booz Allen Hamilton.
One of the largest studies of the information security profession ever conducted, the survey of over 19,600 information security professionals included responses from 2,620 U.S. Department of Defense, federal civilian and federal contractor employees. When asked to rate the importance of factors needed to effectively secure an organization's infrastructure, the majority (87 percent) of federal respondents placed the hiring and retaining of qualified information security professionals at the top of the list. To effectively retain existing information security professionals and attract new hires, federal respondents indicated that offering training programs, paying for professional cybersecurity certifications, boosting compensation and providing more flexible and remote work schedules and opportunities were the most important initiatives.
"It's crystal clear that the government must enhance its benefits offering to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand; unfortunately, the layers of complexity involved in fulfilling that goal are significant," said Waddell. "Thanks to the record-number of federal GISWS respondents this year, we now have substantial data that will support actionable take-aways and help move agencies closer to achieving that goal."
Key takeaways for federal agencies looking to attract and retain information security professionals include:
- In competing with the private sector for skilled professionals, hiring women and those from underrepresented groups should be a key component of the government's talent acquisition strategy given that 70 percent say their organization offers a program that encourages diverse hiring in information security, compared to just 55 percent in the private sector.
- Government agencies will need to increase annual salaries of information security personnel by approx. $7,000 in order equal the annual salaries of their private sector counterparts.
- The NIST Cybersecurity Workforce Framework should be established as the foundation for workforce policy moving forward, as its effectiveness is being demonstrated by its early adoption by a considerable number of federal government agencies.
- Cloud remains the area in highest demand for training and education. As more government agencies move their data to the cloud, they must consider training initiatives to help ensure that staff across multiple roles and departments is aware of the security risks and benefits.
- There is an ongoing need for front-line experience within the federal cybersecurity workforce, with the greatest demand being at the non-managerial staff level.
- Professionalization of the workforce through certification remains strong, as 73 percent of federal agencies require their IT staff members to hold information security certifications.
"The mission of government cybersecurity professionals is critically important," said Sanders. "In today's environment where cyber talent is scarce, organizations must recruit and train untapped talent pools, focusing on women, minorities, veterans and older workers. And while it can be difficult for government agencies to compete on salary alone when vying for these cyber warriors, they can appeal to a recruit's sense of mission and purpose, tout the cutting-edge work being done and highlight opportunities for advancement."
For a complete set of U.S. federal findings from the 2017 GISWS, go to: www.IAmCyberSafe.org/GISWS
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and EducationTM. For more information on (ISC)², visit www.isc2.org, follow us on Twitter or connect with us on Facebook.
© 2017 (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CCFP, ISSAP, ISSEP, ISSMP and CBK are registered marks, of (ISC)², Inc.
About the Center for Cyber Safety and Education
The Center for Cyber Safety and Education (Center), formerly (ISC)² Foundation, is a nonprofit charitable trust committed to making the cyber world a safer place for everyone. The Center works to ensure that people across the globe have a positive and safe experience online through their educational programs, scholarships and research. Visit www.IAmCyberSafe.org.
About Booz Allen Hamilton
Booz Allen Hamilton (NYSE: BAH) has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering, and innovation expertise.
With international headquarters in McLean, Virginia, the firm employs more than 23,000 people globally, and had revenue of $5.41 billion for the 12 months ended March 31, 2016. To learn more, visit BoozAllen.com.