Ratcliffe explores using private sector best practices to recruit, retain cybersecurity workforce

U.S. Rep. John Ratcliffe (R-TX) convened a hearing on Sept. 7 to examine strategies for the Department of Homeland Security (DHS) to recruit and retain qualified cybersecurity personnel.

Ratcliffe, the chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, heard from witnesses about strategies used in the private sector to recruit and retain qualified cybersecurity staff that could be adopted by the federal government.

“It’s no secret that both the public and private sectors are facing an unprecedented shortage of cybersecurity workers across all skill sets — from front-line defenders to chief information security officers (CISOs) — a problem that will only continue to grow,” Ratcliffe said in his opening remarks.

Systemic challenges like slow hiring processes and limited funding have hampered the federal government’s ability to staff cybersecurity professionals, Ratcliffe noted, but private sector hiring and retention best practices could prove valuable to DHS efforts going forward.

Michael Papay, the vice president and CISO at Northrop Grumman, said that continually challenging cybersecurity professionals, offering opportunities for growth and continuing education, and encouraging upward mobility have proven to be effective retention strategies.

“We move them around inside the company from customer to customer, tough problem to tough problem,” Papay said. “We utilize rotational programs that expose and train our cyber workforce in defending our network, enabling our customers’ missions, and supporting full spectrum cyber operations.”

Allowing cybersecurity professionals to charter their own course for professional growth, giving them time and resources to pursue and maintain professional certifications and offering educational assistance were additional strategies identified by Papay.

“As we continue addressing DHS’s cyber workforce issues — discussions like this will be critical to ensuring we address these challenges in the most effective way possible,” Ratcliffe said. “What we’re learning from conversations — coupled with the excepted service hiring authority DHS has coming down the pipes — make me very optimistic about our cyber workforce going forward.”