TECHNOLOGY AND THE BUSINESS OF GOVERNMENT

Federal agencies will need to fill more than 11,500 mission-critical information technology jobs during the next three years, and they must be prepared to meet the high demand for the talent, particularly given the increasing eligibility for retirement among federal workers and insufficient IT talent pipelines, according to a new report by the Partnership for Public Service.

Since 2002, the federal IT workforce has increased 57 percent from approximately 46,000 to nearly 72,000 jobs, the report found. But as the government comes to depend even more on technology to deliver services and seeks to offset the retirements and normal attrition of federal IT workers, the demand for IT expertise has reached a new level of intensity, the report states. For example, more than 11,500 mission-critical IT jobs (16 percent of the total IT workforce) will need to be filled over the next three years, with agencies like the Defense and Homeland Security departments showing the greatest demand for IT talent.

The report also found that agencies will face even greater needs as an unprecedented number of IT workers become eligible to retire, particularly at agencies like the Housing and Urban Development and Agriculture departments and the Social Security Administration. As of 2009, more than 9,800 professionals (14 percent) in mission-critical IT jobs were eligible to retire, with nearly 16,500 (23 percent) eligible by 2012.

Agencies also will face the challenge of finding sufficient talent to fill new positions, the report found. Entry-level IT hires as a percentage of all new IT hires have decreased by nearly 10 percent over the past four years, and agencies are struggling to hire entry-level and mid-level talent in several IT areas, including cybersecurity and IT management. Aside from the fact that fewer U.S. students are majoring in science and technology disciplines, agencies are hampered by complex hiring processes, competition with the private sector and rigid compensation packages that often deter federal job seekers, the report states.

The Partnership recommended that agencies take a holistic approach to attracting and retaining IT talent, first by identifying what skills and competencies are needed over the next three to five years. Agencies also should proactively recruit entry-level IT talent, use special hiring authorities and internship programs, develop robust onboarding programs for new employees, and identify financial and nonfinancial incentives to retain them. Agencies also should analyze attrition rates and other trends and work collaboratively to share best practices to better market federal jobs, the report states.

Release of the report coincides with the launch of the Partnership's FedRecruit: IT program, which is designed to help federal agencies to work collaboratively to recruit, hire and retain entry-level IT workers in the federal government. The Partnership announced Monday that agencies participating in the program are: the Veterans Affairs, Homeland Security, Agriculture and Air Force departments, the Social Security Administration, Immigrations and Customs Enforcement and the National Oceanic and Atmospheric Administration.

Wired Workplace was in San Francisco on Thursday covering the RSA Conference. Given my interest in generational issues, I was particularly interested in a session titled "Security and the Generation Gap," conducted by Bruce Schneier, a technologist and leading author on security issues. I expected the session to focus on some of the research about how different generations, particularly Millennials, perceive information security and privacy. Instead, the session focused on the responsibilities that all generations currently hold to protect privacy and ensure individuals, not technological systems, have control.

Young people are used to living very public lives, Schneier said, but they also put a high priority on protecting their privacy. At the same time, while social networking sites appear to tout privacy, they deliberately make it difficult to be salient, he added. And as more and more children grow up around social networking, new social norms will be set. "What the system defines as normal is what a child is quickly going to think is normal, and he'll build his life around it," Schneier said.

As a result, Schneier suggested that it's the responsibility of all generations to come together to either accept the new balance of privacy that technology comes up with, or work to set the balance. For example, he said, the natural progression of setting rules starts with law, followed by technology, corporations, social norms and individuals. "What that means is that people have very little control over their own privacy -- whatever privacy setting Facebook has given you today that you can find and figure out," he said. "The way to fix that is for law to get back in the game. The other mechanisms - technology, business and social pressures - aren't going to work."

"My prediction is that just as we today look back at the beginning of the previous century and wonder how the titans of industry could ignore pollution, our children are going to look at us on decisions we made about protecting privacy and giving individuals control," Schneier said.

A new survey finds that even in the tough economy, the job outlook for information security professionals within the federal government remains strong, largely due to the Obama administration's focus on improving cybersecurity.

(ISC)2's 2010 Career Impact Survey, which interviewed nearly 3,000 information security professionals worldwide, including 668 respondents in the U.S. government, found that nearly 61 percent of federal respondents who identified themselves as having hiring abilities said they were looking to hire permanent and/or contract employees in 2010. Of those hiring, 51 percent said they plan to hire three or more information security professionals this year.

Despite these hiring projections, however, nearly 54 percent of hiring managers said their biggest hiring challenge was finding candidates with the right skills. Of those managers planning to hire in 2010, 61 percent said were looking for expertise in certification and accreditation, largely to help their agencies comply with certification and accreditation mandates required by the Federal Information Security Management Act and other government regulations. Hiring managers also identified security architecture and models, application and system security development, operations security, access control systems, telecommunications and network security, information risk management and security management practices as other in-demand skills.

Nearly 75 percent of government respondents also reported receiving salary increases in 2009, while 19.3 percent reported that their incomes stayed the same. Five percent of respondents said they experienced a cut in their salary or benefits last year.

While 40 percent of government respondents saw their information security budgets decreased somewhat or significantly in 2009, 52.1 percent expect no change in their budgets for 2010, while nearly 20 percent expect an increase in funding. Sixty-five percent of government respondents expect no personnel reductions or layoffs in 2010, while the remaining 35 percent were roughly split between additional layoffs and new hires, the survey found.

"The results from our latest Career Impact Survey show that in a very difficult economic environment, organizations are placing an even higher value on the work that information security professionals do," said W. Hord Tipton, executive director for (ISC)2. "It's a sign of the private and public sectors' ever-increasing dependence upon the stability and security of the online world, providing a plethora of career opportunities for knowledgeable, qualified, motivated security professionals."

The White House on Tuesday unveiled the unclassified version of its Comprehensive National Cybersecurity Initiative, the government's plan to secure public and private sector computer networks. Availability of the plan, which was announced by White House Cybersecurity Coordinator Howard Schmidt at the RSA Conference in San Francisco, consists of 12 major priorities, including building a top-notch cybersecurity workforce.

The initiative outlines the importance of creating a national cybersecurity education strategy, similar to an effort to upgrade math and science education in the 1950s, to meet the daunting challenge of creating a pipeline a technologically-skilled and cyber-savvy workers for the future. Existing cybersecurity training and personnel develop programs are limited in focus and lack unity of effort, the CNCI states.

"While billions of dollars are being spent on new technologies to secure the U.S. government in cyberspace, it is the people with the right knowledge, skills and abilities to implement those technologies who will determine success," the initiative states. "However there are not enough cybersecurity experts within the federal government or private sector to implement the CNCI, nor is there an adequately established federal cybersecurity career field."

The initiative also includes plans to develop and implement a governmentwide cyber counterintelligence plan, largely by expanding counterintelligence education and awareness and workforce development programs, increasing employee awareness of the cyber counterintelligence threat and increasing counterintelligence collaboration across government.

Schmidt noted at the conference that the government has been making great progress towards creating an international awareness campaign to promote cybersecurity. The White House has pulled together an interagency working group to look at this area, he said. The working group has included efforts by the Office of Personnel Management and the Defense Department to examine how to create a top-notch cybersecurity workforce, and efforts by the Homeland Security Department to create a national workforce training strategy and a national cybersecurity awareness campaign, Schmidt said.

"We're not going to wind up beating our adversaries because they're weak ... we'll beat them because we will become stronger," Schmidt said. "We'll develop stronger technology, train and equip a better cadre of security professionals that understand this issue to become our critical assets and become more resilient."

IT professionals holding an active federal security clearance maintained a compensatory advantage over their not-cleared counterparts. Some security-cleared IT professionals earn as much as 12 percent more in salary, according to a survey by ClearanceJobs.com.

The 2010 compensation survey found that overall, professionals holding an active security clearance had average earnings of $92,368. California-based security-cleared professionals top the list as the highest-earners, receoving an average of more than $98,968 a year. Northern Virginia and Washington, D.C.-based professionals with security clearances came in a close second, with average earnings of $98,542.

"The government plans to take on more than 270,000 new employees over the next few years -- about 40,000 of those in D.C.," the survey states. "That surging demand will definitely impact security-cleared professionals locally and nationally as both agencies and contractors fight for talent."

The highest premiums for security-cleared IT professions were desktop support specialists, which earned 12 percent more, and IT managers (CEOs, CIOs, CTOs, etc.), which garnered a 10 percent higher salary over their non-cleared counterparts. Ten of the 12 IT professions studied showed salary premiums attributable to holding a security clearance, including project managers (5 percent), programmers (5 percent), systems administrators (4 percent), business analysts (3 percent), and software engineers (3 percent).

Cleared IT professionals in Washington, D.C. and San Diego earn at least 20 percent more than their non-cleared counterparts, ClearanceJobs.com found. For metropolitan areas that are dominated by other industries, such as finance in New York and broader technology in Silicon Valley, salary differences were indistinguishable for cleared and non-cleared technology professionals, the survey found.

The survey also found that 62 percent of security-cleared professionals are satisfied with their jobs, with the highest satisfaction coming from employees and contractors working at intelligence communities like the CIA and FBI, and the lowest satisfaction coming from employees at the Homeland Security Department.

Navy Department Chief Information Officer Robert Carey recently wrote a blog post highlighting his top 10 priorities for the department in 2010, and it's no surprise that workforce issues are front and center.

Carey outlined plans to improve cybersecurity and IT workforce skills, largely through new and improved training and boosting the knowledge of the network as a tool to perform work. He also touted improvements in cloud computing, noting that Navy is moving toward the Enterprise User concept, where any authorized Navy employee can access the Global Information Grid from any device, and moving towards a cybersecurity capability model to ensure that resources are placed where absolutely necessary.

Carey also outlined plans to invest more in Web 2.0 and collaboration platforms in order to help Navy employees make better decisions more quickly and efficiently. The CIO also plans to improve decision making and governance to make better decisions and maximize the value of IT budgets, and to boost initiatives related to enterprise mobility, privacy, identity management and critical infrastructure.

I'm sure the lists of IT priorities at other federal agencies are similar. Does your agency place such emphasis on the importance of investing in the IT workforce? How critical is doing so to accomplishing the overall IT mission?

A new report by CDW-G suggests that there may be some valuable lessons for federal IT leaders in the aftermath of last week's snowstorms that shut down federal agencies in the Washington, D.C., area for more than four days. The report, "Seven Habits of Highly Resilient Organizations," provides activities that federal IT executives should undertake to ensure that interruption to agency operations during weather disruptions or other emergencies is minimal.

"Often, first actions are directed toward the protection of physical property," the report states. "But more important than an organization's physical property is ensuring the integrity of its data, communications capabilities and the information technology infrastructure to support both -- regardless of the circumstances surrounding a disaster."

IT leaders should start by conducting a business impact assessment, in part by creating an inventory and prioritizing critical processes for the entire agency, the report states. IT executives also should take steps to protect data by backing it up frequently, storing multiple copies of data off-site, and upgrading the backup equipment to a faster version that reduces the time it takes to complete a backup cycle. "Once data is backed up, organizations will need to carry out a practical and well-tested plan to retrieve the information," CDW-G states.

Agencies also should add uninterrupted power supplies for critical servers, network connections and selected personal computers to keep most essential applications running, and identify and appoint a cross-functional preparedness team and recovery team of various IT experts who can identify and prioritize critical IT processes, the report states. IT executives also should document, test and update the disaster preparedness plan, form relationships with vendors, and consider telecommunications alternatives, such as wireless phones and satellite phones, in developing a disaster preparedness plan.

While agencies with robust telework programs were able to sustain operations during last week's snowstorm, most were crippled for the better part of a week. Could your agency have been better prepared to redeploy employees to work from home, and would it have been better off as a result?

With a deficit of information security professionals in the federal government, federal IT leaders should look to attract, recruit and retain more military veterans to fill such jobs, a government security expert said on Tuesday.

Marc Noble, former chief information security officer at the Federal Communications Commission and now the new director of government affairs for (ISC)2, said he has been working with (ISC)2, the Government Advisory Board and the Information Systems Security Association for more than two years on an initiative that aims to bring more veterans into federal information security jobs. "They [veterans] are particularly adept, already trained and have security clearances," he said. "That would be a golden opportunity to take advantage of."

The White House in November unveiled an executive order that aims to help military veterans find civilian work in the federal government. The order created program offices in most agencies to help veterans find job opportunities, move them through the application process and acclimate to civilian life after they are hired. The order also requires the Office of Personnel Management to create a strategic plan on how to boost the hiring veterans. OPM has since launched a Web site, FedsHireVets.gov, which serves as a clearinghouse for information about veterans employment for job candidates and hiring officials.

Noble said he has not yet reached out to OPM on the possibility of partnering with them on efforts to bring more veterans into federal information security jobs.

Noble said he also hopes to work with new cybersecurity coordinator Howard Schmidt on initiatives to improve the recruitment, retention and training of the federal cybersecurity workforce. The government, for example, should better encourage information security professionals to obtain professional certifications, and improve the overall federal hiring process, he said. "We believe that workforce education is a top priority for the new administration," he said. "We feel that [Schmidt] has always had a strong impetus to develop a strong workforce that can meet the challenges of today."

The House on Thursday passed a bill that would require the White House to submit a report to Congress on the current and future needs of the federal cybersecurity workforce.

The bill calls on the White House to provide a report that would provide an analysis of the availability of cybersecurity talent, a comparison of the skills and expertise sought by the government and private sector, and an analysis of the capacity of colleges and universities to provide cybersecurity education based on the needs of the federal government and private sector. The White House also would have to report on the barriers to recruiting and hiring cybersecurity talent, and make recommendations for federal policies to ensure a well-trained cyber workforce.

The bill also calls for the report to examine the effectiveness of federal scholarship and internship programs, particularly the National Centers of Academic Excellence in Information Assurance Education, the Centers of Academic Excellence in Research and the Federal Cyber Scholarship for Service programs.

Rep. Michael Arcuri, D-N.Y., a co-sponsor of the bill, said on the House floor Wednesday that the government will need to recruit and hire between 500 and 1,000 more cybersecurity workers each year in order to address potential threats. "Through increased workforce development and continued strengthening of our public-private partnerships, we can and will ensure that the IT systems, on which so much of our way of life depends, are safe from cyberattack," he said.

The bill also would authorize $94 million in scholarship for students who pursue cybersecurity studies in exchange for a service commitment in the public sector upon graduation. The House passed an amendment by Rep. Carol Shea Porter, D-N.H., that would lengthen the amount of time students would be required to work for the federal government in exchange for the scholarships. Currently, scholarship recipients are required to serve a federal agency for a period equivalent to the length of their scholarship, or one year, whichever is longer. The amendment would require one additional year of public service for undergraduate students, two additional years for masters degree students and three additional years for doctoral candidates.

The House also passed two other amendments relating to cybersecurity scholarships. One amendment would add veteran status as an additional item for consideration when selecting individuals for the Federal Cyber Scholarship for Service. The other amendment would allow scholarship recipients to perform internships with businesses before completing their degrees.

The legislation also would provide the National Science Foundation with $120 million to construct new cybersecurity research facilities and offer new training programs in colleges and universities.

In his State of the Union address on Wednesday evening, President Obama proposed extending a student loan forgiveness program to students who commit 10 years to public service careers. Obama's proposal appears to be an extension of the 2007 College Cost Reduction Act, which took effect in July 2009 and allows students to tailor payments made on federal loans to their incomes. Federal loans they have not paid off after 10 years of public service are forgiven in their entirety. The law does not apply to private loans, however, and public servants must make at least 120 monthly payments on the loan while in a qualifying job for their remaining debt to be erased.

It's unclear how Obama's proposal for public service loan forgiveness would differ from the recent change in the law, but it seems worth a mention, particularly when it comes to attracting current and future college graduates who previously may not have considered a career in public service.

The president also called for improvements in math and science education and for strengthening the role of community colleges in education. Community colleges are increasingly playing a role in grooming workers for health IT and cybersecurity positions in the federal government, so boosting their role and reach seems critical to ensuring the federal government has a top-notch IT workforce in the future.