The size and competency of the federal cybersecurity workforce have long been topics of debate, with much of the focus centered on the Department of Homeland Security.
Last month the Senate Committee on Homeland Security and Governmental Affairs passed legislation that would give DHS new powers to hire and compensate employees who fill critical cybersecurity roles. The bill is awaiting floor action, and Committee Chairman Sen. Tom Carper is hopeful that will happen soon, according to a committee aid.
The measure would affect new hires and about 1,500 DHS employees, most of whom are at the GS-13 through 15 general schedule grades, according to Congressional Budget Office cost estimates released earlier this month. Those 1,500 employees would be placed in a new pay plan for cybersecurity specialists, and nearly 95 percent of them would see pay increases of about 15 percent, CBO determined.
The DHS Cybersecurity Workforce Recruitment and Retention Act of 2014 would empower the department to convert eligible positions into the excepted service and to have more flexibility to set pay and bonuses for those in cybersecurity roles. In its report, CBO notes that excepted-service authorities would allow DHS to expedite hiring and bypass the procedures, rules and classifications normally required for hiring employees into the competitive service.
Implementing the bill would cost an estimated $104 million over the next five years, according to CBO.
TSA’s Hiring Authorities Pay Off
The Transportation Security Administration already has hiring and pay authorities similar to those outlined in the bill, and its information technology management employees earn about 15 percent more than other employees with comparable experience and education levels across DHS, CBO reported.
Likewise, CBO expects the bill would boost pay for qualified DHS cybersecurity employees by about 15 percent.
Federal Cybersecurity Salaries
The CBO report doesn’t disclose how much DHS cybersecurity professionals earn, but a recent report by RAND Corp. shows how much federal workers in those roles are paid annually, based on their GS levels.
Agencies can’t be competitive if employee salaries are capped at $155,500, considering that talented cybersecurity experts could go elsewhere in the private sector and make nearly twice as much, according to the RAND report. Some agencies, such as the National Security Agency, have far more flexibility in setting employee salaries than DHS.
“Both problems — low ceilings and inflexibility — can be fixed, but it would cost money, test traditional civil service norms, and raise the dreaded ‘why him and not me question’ among other professional specialties,” the report states.
Do you agree? How is your agency recruiting and retaining top cybersecurity talent?