Feds To Sharpen Cybersecurity Job Policies - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Healthcare // Analytics
12:17 PM
Connect Directly

Feds To Sharpen Cybersecurity Job Policies

The Office of Personnel Management seeks to develop a framework for the classification, hiring, performance management, and development of federal cybersecurity pros.

On the heels of a report that raised concerns about the competency of cybersecurity pros at the Department of the Interior, the Office of Personnel Management plans to develop better ways to ensure that the federal cybersecurity workforce is up to snuff.

In a recent memo to federal HR directors, OPM director John Berry said the effort will include developing policies and guidance on job classification, hiring, performance management, and workforce education and development. He implied that the work was brought on by a consensus among OPM, the federal CIO Council, and federal Chief Human Capital Officers Council that cybersecurity workforce development required a government-wide framework.

That bears out with other findings. Earlier this year, Booz Allen Hamilton surveyed 69 officials from 18 federal agencies and concluded that among other challenges to federal cybersecurity, "fragmented governance and uncoordinated leadership" hinder the ability to meet the government's cybersecurity needs.

A report issued this month by the Department of the Interior highlights the problems Barry and OPM plan to address. Among cybersecurity staff, Interior requires only self-certified training, and the inspector general found that only 13.5% of self certifications were relevant and complete.

Furthermore, the report found a pipeline coordinator officer and a supervisory land examiner among many with non-security titles whose jobs were entirely focused on cybersecurity. Among the other problems identified in the report: several Interior CISOs don't hold top-security clearances as policy requires.

In the memo, Barry asked federal HR directors to send OPM information about cybersecurity job descriptions, vacancies, accreditation, training, performance management, and any governance frameworks they have in place, as well as details of the challenges they face.

It's unclear when final policies might be released, but OPM plans to organize the models around three categories of cybersecurity pros: IT operations, law enforcement, and specialized operations that include classified work on "collection, exploitation and response."

Finding the flaws in your operating systems and applications is only the beginning. You then need to plot a path to security and ensure that no new weaknesses find their way onto your network. This Dark Reading report focuses on how to do that. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll