A document describing Best Practices for Attracting, Finding, Hiring and Retaining Cybersecurity Talent is attached
I think the government needs to realize that there are big bucks to be made in the private sector if you are really good at this, and so they can't expect people to stay in Government. The Government should be prepared to depend on private sector contractors, who can do this work well.
However, experience in other... more »
Spur renewed interest in both education and training channels that increase STEM talent in the U.S. Motivation originates from both increased funding and availability of relevant coursework and from concerted marketing to create an ethos and national goal equivalent to the objective of landing a man on the moon.
• Federal agencies, especially those with a more clearly evident information/computer security (cybersecurity) mission should identify and prioritize those areas that are of the greatest criticality, relative to cybersecurity talent – and substantive and affirmative investments should occur in those areas, even if detrimental to other lower priority areas.
• More aggressively leverage non-traditional channels for cybersecurity candidates (military, technical schools, associate degree programs, high school, etc.), where candidates can still be shown to meet job relevant requirements, as non-traditional education sources continue to rise in prominence/predominance now, and in the future.
Actively and selectively manage the availability of training opportunities which correlate to new and/or increased levels of required skills in cybersecurity, even if detrimental to other lower priority areas.
Information/computer security (cybersecurity) services for which the United States Government (USG) contracts out for services, and which represent an enduring, long-term function, should be assessed for whether greater cost-effectiveness and capability would be better realized if the USG were to assume the performance of that function.
Organizations can use assessments measuring the knowledge, skills, abilities, and personal characteristics required for successful performance in cybersecurity jobs, to ensure they hire qualified job candidates; make job placement decisions based on a candidate’s interest in the job and their ability to perform on the job, and/or provide trainings that address a candidate’s specific developmental needs