Something more worthy of attention from the recent Office of Personnel Management data breach has slipped past the public’s senses. The issue did not only underscore the poor state of cybersecurity in the United States’ federal infrastructure. More significantly, the attack uncovered the reality of a dire lack of cyber experts working for the U.S. government.
Indeed, the federal cyber system needs an immediate modernization. But so does the human resources who are responsible for the work. Without a team of well-trained cyber experts, even the most modern cyber infrastructure could not withstand sophisticated attacks.
Even if a secure and modern cyber network was in place for an organization, protecting the sensitive data contained in it would still be in question because of a shortage in cyber workforce. And the U.S. government is in a dire need for one.
The government admits it is currently facing challenges in its efforts to hire cyber experts and assign them specific tasks meant to help respond to cyber intrusions. What it needs to do is expand existing skill sets required for cyber warriors in keeping with sophisticated and persistent threats.
But even that looks like a pipe dream because of the slim amount of attention being directed toward cyber talent recruitment. Legislators are more concerned about upgrading the technology, a move they see apt in response to the OPM breach, drowning the need for skilled cyber experts in the long run.
So there is not only an issue of cyber expert scarcity, but also the matter of prioritization between talent and technology. But both weigh equally in importance. Where the U.S. government fails is to strike the balance between the two.
Although the government openly admits its cyber talent gap, it still remains blind to the need to put in place a comprehensive recruitment and retention strategy for cyber experts. In other words, there is no urgency in its actions.
There are factors that contribute to the challenges the government is facing, albeit within their control. That means they can do something about them. First is cheap compensation. Another is the strategy to retain talent. Then there are the issues of slow recruitment process, inconsistent training and human resource development.
Some questions: how can the government build up a robust pool of cyber talent? Just how great is its demand for cyber workforce that it fails to recognize? Is the government doing enough to attract these experts?