El Diario del CISO Volumen 4 - 2018 - Page 4

Defined benefit retirement plans are still available in some state and local governments, but these incentives are going away. Influencers Dan Lohrmann Chief Strategist & Chief Security Officer at Security Mentor, Inc. - Author, Blogger, Featured Speaker. Security Mentor, Inc. The Johns Hopkins University Getting and keeping top cybersecurity staff in government isn't always easy, but there are strategies available to build your workforce. History teaches us that great leaders build great teams. Surveys confirm and reconfirm that attracting and retaining talent is key to achieving organizational objectives and building a culture that makes a positive difference. But attracting or retaining professionals with any credible cybersecurity experience into government positions has never been harder than it is right now. Constraints such as compensation packages make it hard to compete in our new ―talent war.‖ Further complicating this problem are government employees eligible for retirement. A public-sector ―brain drain‖ is still predicted when staff with more than 30 years’ experience decide to retire. Sadly things will likely get worse. One study by Frost & Sullivan forecasts a cybersecurity industry worker shortage of 1.8 million workers by 2022. Meanwhile, in mid-August 2017, four more top cybersecurity officials announced that they are leaving federal government. In response to this competition for talent, a variety of government staff retention programs are commonplace. Offering telework, more vacation and flexible hours, and emphasizing very competitive health insurance plans are a few ways to keep staff from jumping ship. And while pay scales for technology and cybersecurity professionals are being raised in some public-sector organizations, it’s hard to see how governments can compete with private-sector pay — especially if stock options and bonuses are included. So what can be done? Here are three strategies to consider: 1. Grow your own team. Just like in professional baseball, you can build a ―farm team‖ of young cyberprofessionals, students, interns and recent college graduates with technology knowledge and passion, but less experience. There are ways to attract young talent into government roles, since research has shown that public service and making a difference in society are a higher priority than pay for millennials. There is a strong case to be made for starting one’s career in government IT, since public-sector positions often offer a wider breadth of opportunities and challenges than initial private-sector roles. TIP: Make a concerted effort to recruit and engage young people starting in high school and early college. Get involved with cybercompetitions to find the right students. 2. Retrain staff from other parts of government. Offer cross-training and technology transfer programs from the business side of government. Since cybersecurity roles often pay more, agency staff from other parts of the tech organization and/or business areas are often keen to make the jump to security roles. These pros know how government runs, so they bring added value to the security team. TIP: Consider programs like Hiring Our Heroes to bring military veterans into the workforce. These veterans often bring hands-on experience from the front lines of cyberbattles around the world. 4