DHS ‘blew up’ its hiring system for cybersecurity talent
The Department of Homeland Security “blew up” federal hiring in designing a Cyber Talent Management System that will offer market-sensitive pay across the board, its chief human capital officer said Tuesday.
Testifying before a Senate subcommittee, Angela Bailey said DHS is investing in economic surveys to clarify pay in a way that won’t “necessarily” conform to the old General Schedule (GS) system.
DHS is currently working with subject matter experts to determine what technical and leadership skills they need and building state-of-the-art assessments. The goal is to move away from the “post and pray” way of recruiting talent on the federal government’s jobs board USAJOBS, Bailey said.
“We’re going to have the ability to go to Black Hat and some of the different conferences and be able to recruit directly and make job offers directly to those folks out of those different technical conferences and things like that,” she told the Regulatory Affairs and Federal Management Subcommittee.
All new DHS hiring regulations should be cleared by spring 2020 and the first hires made by that summer at the latest. The department created a new portal for job applications and will put up to $40,000 into training, Bailey said.
During the hearing, subcommittee Chairman James Lankford, R-Okla., voiced concerns about cybersecurity personnel leaving government for the private sector and then returning.
“In some specialties, quite frankly, we’re OK with that,” Bailey said. “In the cyber world, I don’t really expect anybody to come in and be a 30-year employee.” She added, “We’ll be able to keep track of these folks and almost have a DHS alumni program if you will.”
The Cyber Talent Management System will pay returning personnel at the level requisite with the experience and education they acquired while in the private sector, Bailey said. Under the current General Schedule way of doing things, a returning GS-11 would still be a GS-11 regardless of what they’d done and any degrees or certifications they’d obtained while away.
The Government Accountability Office supports such rehiring practices as long as agencies measure their impact and meet statutory requirements, said Yvonne Jones, director of the watchdog’s strategic issues team.
“We need to look at ways to make hiring or rehiring federal staff more flexible, so long as the agency has thought about the policies that they need to do it,” Jones said.
Strategic human capital management has been on GAO’s High-Risk List due to skills gaps and inadequate workforce planning in areas like cybersecurity and information technology.
A March GAO report found most agencies have likely miscategorized the work roles of many IT and cyber positions — making it harder to identify critical staffing needs. In specific, many agencies made a mistake characterizing the GS-2210 IT specialist occupational category role or hadn’t finished validating or defining GS-2210 positions, Jones said.
While seven agencies used their own standards to define positions and decided not to code them as cybersecurity unless they performed a certain percentage of cyber-related work, another 12 agencies felt Office of Personnel Management guidance was unclear on how to code GS-2210 positions, she said.
GAO also found OPM has yet to implement 29 recommendations since 2012 concerning the guidance it offers agencies concerning job categorizations.
OPM needs to work “carefully” with other agencies to define roles, Jones said, and agencies can form working groups and task forces as well.
“I wouldn’t expect that OPM has made a lot of progress since [March],” she said.