Recruitment and succession planning are the two “pressing needs” within the Department of Homeland Security’s IT and cybersecurity talent portfolio, Deputy CIO Stephen Rice said Thursday.
Federal IT staff lacks “technical depth” in the area of cloud architecture, as well as zero-trust and software-defined networking, Rice said at an AFCEA luncheon in Arlington, Virginia.
Amazon’s promise to create more than 25,000 jobs over the next decade in the Washington, D.C., area with its HQ2 project is expected to increase the competitive environment for IT and cyber talent—an area in which the government already struggles. DHS has been doing some “soul searching” about what it has to offer recruits aside from mission, Rice said.
“We know that, as we start looking at our workforce internally, we have a lot of folks that are at a very high pay grade—either GS-15 or 14,” he added. “How do we start allowing younger recruits to come in and work their way up?”
Using the recently granted direct-hire authority, starting May 3 agency heads can expedite the federal hiring process. But ultimately it comes down to money, Rice said, as federal agencies explore financial incentives like college loan deferment and cyber retention incentive payments.
Retooling current federal staff is also important as DHS undergoes a cultural change with zero-trust networking and establishes trusted, semi-trusted and untrusted environments across the ecosystem, Rice said.
“Within our model today much of the data at rest is in an unencrypted format, but that becomes a likely target in the event of a compromise,” Rice said. “So you get lateral movement across an unencrypted environment, which is a challenge for us.”
Many DHS employees work in austere environments and require an encryption methodology that ensures information integrity, availability and confidentiality, Rice said.
Software-defined networking is a ways off, he added.
“It will take a while because you need to know the endpoints of your data flows,” Rice said. “You need to understand the rights and privileges of the users that require the necessary access.”
That’s tough when DHS has so many different use cases, he added.
DHS is also looking at authority to operate reciprocity, Rice said, where if the Coast Guard already has a process for ATO, it’s leveraged elsewhere in the department.
“I don’t think there’s ever a situation where we’ll always be continuous [ATO],” he added. “There’s always going to be some assessment.”