It's probably no surprise government has trouble attracting young cyber talent, but changes to marketing and hiring processes could help fill the cyber talent pipeline, according to Doug Logan, chief technologist of the U.S. Cyber Challenge. Launched in 2010, USCC holds camps and competitions around the country, helps students burnish their resumes and introduces them to recruiters.

For all the focus on government's inability to compete with private-sector pay, the exact dollar figure, while important, isn't disqualifying, he said.

"The first reason why everyone tells me they don't want to work for the federal government is they think it's boring," he said. "The second reason …  is because they can't find job descriptions that match their entry-level capabilities because [agencies] all want people with a whole bunch of experience. The third reason is because the whole process of applying and actually getting hired in the federal government is horrible and painful and takes forever."

Andrew Meserote, whose team won the Nevada-based USCC camp's capture the flag competition last summer, plans to join the Department of Defense civilian cybersecurity workforce, pending a security clearance. He said the "the recruitment process [for government] is definitely slower than private industry." The slow hiring process means "there's still the chance that even if you get your clearance, the job's not there anymore."

Nicholas Bruno, whose team won the competition in Delaware back in 2016, currently does cyber and programming for a private company, but he said that he'd be open to part-time position -- or a stint in government -- if moving back and forth between government and industry was more viable.

The most appealing aspects about working in government he cited include the training government jobs could provide, the work he wanted to do and the prospect of obtaining a security clearance as a badge for proving trustworthiness.

USCC National Director Glenn Hernandez said not enough emphasis is put on marketing federal cybersecurity employment to job candidates.

"OPM doesn't advertise these positions because they leave it to agencies to push their own things, and there's not that type of recognition that these types of folks that are coming into the workforce need to have a different culture in order to attract them," Hernandez said.

Once new hires are on board, it's important to challenge them with interesting work.

"If they're staring at a screen for eight to 10 hours a day, you just lost them. Within months," he said.

The administration is piloting ways of getting those already in government to fill those vacant positions. Department of Education CIO Jason Gray said the early interest among current federal employees on learning cybersecurity skills via the Cyber Reskilling Academy is a good starting point.

Gray, who also chairs the CIO Council's IT Workforce Committee, said the pilot’s "real goal" was to see if the model of cybersecurity training was something that would generate interest.

The reskilling effort is "really focused on enhancing the employee, and in many cases, the employees will probably get the education and bring it back to their organization and further the cyber efforts," he said. "It's really a win-win, regardless of whether they transition out of the work that they're in right now."

This article was first posted to FCW, a sibling site to GCN.

By Chase Gunter

March 25, 2019