The federal government’s ability to recruit and retain cybersecurity talent might have taken an indirect but potentially costly hit from the latest legislative melee over funding agencies and programs, a Washington Post report said.
Historically, skilled cybersecurity employees haven't exactly looked longingly to the federal government to begin or advance a career in the field. It’s clear that the recent funding upheaval didn’t help to change that behavior, particularly considering the degree to which private sector cybersecurity job openings dwarf those available in the public sector in salary, benefits and upward mobility.
In this case, by narrowly averting, albeit temporarily, a shutdown of the federal government, legislators dodged imposing the brunt of their budget battle on the Cybersecurity and Infrastructure Agency (CISA). But make no mistake the nation’s cyber central did and still could take a large blow should Congress reprise their fisticuffs in early December when the current temporary agreement runs out.
Potential Federal Government Shutdown: MSSP Implications
How would a shutdown affect MSSPs fulfilling federal contracts? It’s difficult to say if projects would be set aside or prematurely concluded. Or if a furlough of cybersecurity employees would open the floodgates for hackers. However, one thing is certain: Amid the rapidly rising tide of cyber threats worldwide, the likely result is federal agencies would rely even more heavily on MSSPs for their expertise and experience than they already do.
Here’s how a federal government shutdown could affect the nation’s cybersecurity profile:
- Had lawmakers forced government agencies to close for lack of funding, it could have immediately undermined a number of programs the feds have rolled out to urge cybersecurity talent to consider a career in the public sector. For example, what would happen to a White House initiated a two-year fellowship program to recruit early-career technologists with skills in software engineering, data science, cybersecurity and other critical fields to begin their profession in federal service. Historically, the federal government has banked on credentials to fill out its personnel rosters. In this case, however, specific skills will take precedence with recruits gleaned not only from colleges but also from alternative resources such as apprenticeships, boot camps and certificate programs.
- How would other recruitment efforts fare? Last May the Department of Homeland Services launched a 60-day hiring campaign to add to its cybersecurity employee roster. In July, lawmakers reprised the Federal Cybersecurity Workforce Expansion Act that would create a pilot program to train veterans for careers in the field and establish an apprenticeship initiative at CISA. And in June, lawmakers reintroduced the Federal Rotational Cyber Workforce Program that offers civilian employees opportunities to advance their careers, add to their professional experience and extend their networks. The job legislation could allow MSSPs to more rapidly build relationships with multiple government agencies.
- As for CISA, a shutdown could have knee-capped the agency. More than 80 percent of the agency's 2,500 workforce would be forced to stop working, according to a Department of Homeland Security planning document viewed by the Washington Post. That would immediately roadblock a number of anti-ransomware actions CISA has begun.
- In a shutdown, thousands of cybersecurity civilian workers working to blunt cyber attackers would be furloughed, potentially opening up large system vulnerabilities for state-backed hackers to exploit, particularly in critical infrastructure where the government is endeavoring to shore up the nation’s cyber defenses.
- Without question, for potential federal cybersecurity workers, a shuttering of government operations would raise serious questions about the viability of working in the public sector. As the Washington Post points out, morale is an influencing factor when considering a job. Employees forced to stop working or denied pay in a shutdown are unlikely to think kindly of working for the government. Nevertheless, according to the Washington Post, CISA’s employment roster didn’t decline after the 2019 shutdown.
But that’s not the only indicator of whether potential cyber staffers would be interested in filling open government jobs. According to Cyber Seek, which tracks cybersecurity jobs, in the U.S. some 465,000 cybersecurity jobs remain unfilled as of May, 2021, roughly 36,250 of which are in the public sector, where about 60,700 cybersecurity employees currently work. Cyber Seek categorizes the supply of cybersecurity workers in the public sector as “very low.” By comparison, the private sector appears far more enticing for cybersecurity candidates, considering its 430,000 job openings, 900,000 current employees in the field and the supply also categorized as very low.
On average, cybersecurity roles take 21 percent longer to fill than other IT jobs, based on Cyber Seek’s figures. That doesn’t bode well for the federal government’s pitch to cybersecurity candidates. Nevertheless, cybersecurity jobs will be a key factor in post Covid-19 economic recovery over the next five years, a BurningGlass Technologies report found.