OPM Works to Standardize Cybersecurity Position Descriptions to Ease Hiring Process

(Photo: Shutterstock)

Federal agencies must identify and code vacant civilian positions with information technology and cybersecurity functions by April 18 to ease the hiring process of new cybersecurity professionals.

The Office of Personnel Management will check in with agencies in May to confirm that coding procedures are established and in place.

In order for Federal agencies to begin recruiting new employees for specific jobs, the position descriptions (PD) have to be written and approved by human resources personnel.

“Very few IT personnel, including myself, are trained and skilled at writing robust PDs,” Steve Cooper, former chief information officer of the Commerce Department, said in a hearing on April 4. “The current library of IT PDs within an agency or available from OPM do not adequately reflect the skills needed for today’s workforce, much less what’s coming in the next few years.”

Cooper said that there aren’t position descriptions for roles related to digital forensics, data science, artificial intelligence, the Internet of Things, drone technology, and autonomous vehicles.

In Cooper’s experience at three agencies over the past 15 years, this lack of position descriptions caused delays of up to six months in the recruiting process. When Cooper left the Commerce Department there were 10 vacant cybersecurity jobs, which are still empty.

“One idea to fix this, with collaboration from [the Office of Management and Budget], the Federal CIO Council, and the Chief Human Capital Officers Council task OPM as the lead agency to develop a PD library of preapproved current and emerging IT roles available for use by any Federal agency,” Cooper said.

Cooper said that because of the Federal process for promoting employees, many cybersecurity professionals leave the agency for the private sector or for another agency that can offer a higher level position. Cooper said that in order to retain cybersecurity talent, OPM should standardize career ladders for cybersecurity employees to allow for more promotions.

OPM released a guidance on Jan. 4 that instructed agencies to use the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, which recognizes nine categories and 31 specialty areas of cybersecurity positions, when writing position descriptions for vacant information technology jobs.

“This standardization is an important part of educating, recruiting, training, developing, and retaining a highly-qualified workforce,” Beth Cobert, acting director of OPM, said in the guidance.

The NICE coding structure, which is outlined in the Federal Cybersecurity Coding Structure, has recently been updated to include work roles and associated codes, and includes cybersecurity functions and information technology functions.

“In the next two years, agencies will be required to report their vacant positions…once OPM begins tracking cybersecurity vacancies across the government,” Cobert said. “Such tracking will provide insight into the Federal Government’s cybersecurity recruitment and skill needs, and progress in closing cybersecurity skill gaps.”

Recent