Last October, the U.S. government began hiring 6,500 new cybersecurity IT professionals. It has hired 3,000 so far, and plans to hire another 3,500 by January 2017, the White House said Tuesday.
The government is now trying to improve its recruiting and retention of cybersecurity professionals. This includes finding ways to improve government pay, which can be well below the private sector.
This strategy was detailed Tuesday in a White House memo. In it, officials called for expanded job recruiting campaigns "in order to raise awareness of employment opportunities and compete for top cybersecurity talent," Shaun Donovan, the director of the White House Office of Management and Budget, Beth Cobert, the acting director of the Office of Personnel Management and federal CIO Tony Scott wrote in the memo.
This hiring is intended to improve the nation's response to "increasingly sophisticated and persistent cyber threats that pose strategic, economic, and security challenges to our nation," the White House officials said.
The U.S. faces ongoing attacks from a wide range of people and organizations, including nation-states -- China in particular.
The government cybersecurity move seeks everyone from recent college graduates to experienced professionals.
Government wages can be low relative to the sector. For instance, a job ad for an "IT specialist INFOSEC" sets a salary floor of $55,670. The wages can rise to just over $100,000, and a master's degree is needed.
In the private sector, a cybersecurity specialist with three-plus years of experience has a national average salary of $99,000, with a range between $83,000 and $117,000. For someone with five-plus years of experience, the national average is $118,000, said David Foote, chief analyst at Foote Partners, an IT salary research and consulting firm.
Demand for cybersecurity professionals has been high generally, said Foote. "There just isn't enough talent to go around," he said, and in a scarce market "the private sector usually wins because they can pay more."
The U.S. plans to do more to reach women, in particular, who comprise less than 25% of the government's cybersecurity workforce.
The White House, in its memo, said it will explore ways, either under existing laws or new ones, "to offer prospective employees more competitive compensation" as well as provide "meaningful work" and a "clear career path."
The government's plan envisions creating a rewarding environment, one that empowers workers but acknowledges "that some of the cybersecurity employees the federal government hopes to attract may only wish to stay for a short period of service," wrote Donovan. "This is a different way of thinking about the federal workforce and requires new programs, initiatives, and ways of approaching recruitment and retention efforts."
Foote said the government can't simply throw bodies at the problem and expect to succeed. Where the government has its strongest recruiting presence is in the universities, where feds are "better connected," he said.
But the private sector is focused on hiring people with some experience, and hiring people out of school has its limits, said Foote. "How much experience can you have if you are that young?" he said.
While the government hiring will affect an already tight market for cybersecurity professionals, in hiring "the private sector usually wins because they can pay more," said Foote.
President Barack Obama's administration has been seeking to boost federal cybersecurity spending. Its 2017 IT budget calls for a 35% increase in cybersecurity spending to $19 billion.
Victor Janulaitis, CEO of Janco Associates, a research firm that analyzes IT labor trends, said the "government is not always the solution.
"Rather the solution needs to be in the private sector where what can be done will be done and real jobs will be created," said Janulaitis. "The solution of 'thousands' of new government employees only adds to our deficit and governmental bloat," he said.