The Department of Homeland Security put in motion today the creation of the DHS Cybersecurity Service and launch of the Cybersecurity Talent Management System in order to “re-envision how the federal government recruits, develops, and retains a top-tier cybersecurity workforce,” Secretary Alejandro Mayorkas said.
Published in the Federal Register, the CTMS rule will be effective on Nov. 15. Shortly after that date, DHS plans on accepting applications for the Cybersecurity Service, which Mayorkas said “will increase access to public service careers in cybersecurity.”
“Cybersecurity is a national security and economic security imperative,” he said. “Joining the DHS Cybersecurity Service will provide opportunities for better compensation, exciting career development, and the ability to shape the future of the field.”
DHS said that Cybersecurity Service employees will work across cybersecurity specializations as the department aims to better protect technology infrastructure while recruiting, hiring, and retaining top talent. DHS Cybersecurity Service jobs will first be available at the Cybersecurity and Infrastructure Security Agency and the DHS Office of the Chief Information Officer; opportunities at additional DHS component agencies are expected to become available at an unspecified later date.
The CTMS is intended to support the Cybersecurity Service with a new hiring process more customized to the applicant’s skills, higher salaries tailored to skills and expertise and intended to competitive with the private sector, and access to a range of classroom and on-the-job learning activities to expand career development opportunities.
“The Cybersecurity Talent Management System (CTMS) is a mission-driven, person-focused, and market-sensitive approach to talent management. CTMS represents a shift from traditional practices used to hire, compensate, and develop Federal civil service employees and is designed to adapt to changes in cybersecurity work, the cybersecurity talent market, and the Department’s cybersecurity mission,” said the Federal Register notice. “CTMS will modernize and enhance DHS’s capacity to recruit and retain mission-critical cybersecurity talent. With CTMS, DHS is creating a new type of Federal civil service position, called a qualified position, and the cadre of those positions and the individuals appointed to them is called the DHS Cybersecurity Service (DHS-CS).”
“CTMS will govern talent management for the DHS-CS through specialized practices for hiring, compensation, and development. Individuals selected to join the DHS-CS will be provided with a contemporary public service career experience, which emphasizes continual learning and contributions to DHS cybersecurity mission execution.” The rulemaking “adds regulations to implement and govern CTMS and the DHS-CS.”
Mayorkas stressed that cybersecurity professionals “at any stage in their career” should explore the opportunities and apply for the Cybersecurity Service when applications open.
The secretary participated Wednesday in a cyber summit at the White House with President Biden, department leaders, private-sector officials, and representatives from academia to discuss a whole-of-society approach to confront cyber threats.
Biden signed an executive order in May outlining actions to strengthen cybersecurity including requiring baseline security standards in software purchased by the government and requiring compromised companies that contract with the federal government to report breaches for the benefit of others potentially vulnerable in government or industry.
“Our skilled cybersecurity workforce has not grown fast enough to keep pace,” Biden said at the meeting, calling estimates of a half million unfilled cybersecurity jobs “a challenge” yet “a real opportunity.”
At the meeting, Microsoft, Google, IBM, Travelers, and Coalition committed to participating in a NIST-led initiative to develop a new framework to improve technology supply chain security; the administration announced the expansion of the Industrial Control Systems Cybersecurity Initiative to natural gas pipelines; and companies announced their own supply chain security initiatives.
On the topic of recruiting and developing the cyber workforce, Google announced it will help 100,000 Americans earn industry-recognized digital skills certificates, IBM announced it will train 150,000 people in cybersecurity skills over the next three years and will partner with Historically Black Colleges and Universities to increase cyber leadership diversity, and Microsoft said it will expand cybersecurity training partnerships with community colleges and nonprofits.
Girls Who Code announced announced the organization will establish a micro credentialing program and the University of Texas System announced it will expand and develop short-term credential cyber programs to help reskill workers without a traditional degree pathway. Whatcom Community College announced it has been designated the new NSF Advanced Technological Education National Cybersecurity Center with fast-track cyber education and training. “The nature of community colleges dispersed in every community in the nation makes them an ideal pipeline for increasing diversity and inclusion in the cybersecurity workforce,” the White House said.