Cyber Command has drastically cut hiring time for cybersecurity roles, says DOD CISO

The Cyber Excepted Service program is bearing some fruit, Department of Defense CISO Jack Wilmer says.

Cyber Command has recently cut down the average amount of time it takes to hire someone by approximately 60 percent — 111 days to 44 days — under the Cyber Excepted Service program, according to the Department of Defense CISO Jack Wilmer.

The CES program, intended to speed up cybersecurity candidate recruitment in the DOD through initiatives like allowing hiring managers to make direct hires, was originally authorized in 2016 by Congress.

The CES also establishes market-based pay scales and allows hiring with or without public notification or vacancy announcements, both intended to decrease red tape in the Pentagons’ hiring process.

Wilmer said the decrease has given the Department of Defense a leg up on private sector cybersecurity hiring. Since implementing the CES program, the Pentagon has seen fewer cases of candidates leaving DOD jobs on the table for the private sector.


“That is a huge win,” Wilmer said while speaking Thursday at the 2019 Workforce Summit in Washington, D.C., produced by WorkScoop and FedScoop. “Frankly we run into fewer cases [in which] someone accepts a job initially, but because it takes us so long to bring them onboard they find another opportunity.”

Beyond Cyber Command, the Navy and Marine Corps began using CES authorities this summer as part of a so-called “Phase 2” of the program. The Defense Information Systems Agency, the Pentagon’s CIO office, and the Joint Force Headquarters-DoD Information Networks have also been relying on the program.

The CES initiative also works to bring salaries closer to what the private sector can offer.

“Cyber Excepted Service … gives us the authority to bring people into the department faster and to actually provide different compensation for those individuals that is more in line with what the market can actually bear,” Wilmer said.

But while the Pentagon has been working to boost salaries, Wilmer noted that the most enticing prospect about working at the DOD is about the mission — fighting U.S. adversaries — not the pay.


As a result, Pentagon leadership isn’t necessarily focused on providing salary that surpasses averages in private sector, Wilmer said. Instead, it’s about getting Pentagon cybersecurity role compensation closer to private sector standards.

“What our goal is on the compensation front is not to try and beat industry. It’s just to enable those people that are making mission choice to work with us … to have more competitive pay.”

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts