Talent Wanted: Four Ways State and Local Governments Can Solve the Cybersecurity Skills Shortage

During the Covid-19 outbreak, many government agencies shifted to a remote workforce. This put unprecedented pressure on government cybersecurity professionals to secure work from home environments from opportunistic hackers. Meanwhile, increased traffic to critical online government services, including education and health and human services, has created an urgent need for cybersecurity and IT professionals to mitigate the risk associated with the exponential increase in demand.

This presents new challenges for state and local governments across the country, many of which were already dealing with a cybersecurity skills shortage. Before the pandemic, agencies were struggling to compete for talent due to a combination of retirement, inability to compete with private sector salaries and limited funds to contract outsource providers. A recent SolarWinds cybersecurity survey found 91% of state and local respondents stated IT security operations are currently provided by in-house staff. However, the pandemic has stretched existing IT security to its limits, resulting in state and local government coalitions asking Congress for increased cybersecurity funding and resources.

Th challenges state and local governments face to attract quality talent are numerous, but they’re not insurmountable. Here are a few ways they can build more cybersecurity talent.

1.     Ramp up existing cybersecurity skills

Severe revenue shortfalls are already resulting in government budget freezes or cutbacks, which can be seen in hiring as well. Without the funds to attract new talent, public sector chief information officers and chief information security officers should look to upskill existing talent. Agencies can offer training options like cybersecurity bootcamps to provide IT personnel with cybersecurity skills or help existing security staff learn new ones.

If budget is an issue, there are alternatives to formal training. Hands-on, low-cost activities like cyberwarfare gaming, ethical hacking and simulations allow security professionals to ask questions, experiment, hone their skills and form valuable bonds with their peers.

Industry training is another useful tool. In the absence of in-person events and seminars, cybersecurity vendors are offering free webinars and other forms of educational content.

However, for any of these forms of self-study to be effective, managers must give their teams the opportunity and time to focus.

2.     Emphasize benefits

When the United States emerges from the coronavirus pandemic and hiring freezes begin to lift, hiring managers must again prepare to compete for cyber talent. But going head-to-head with private companies on salary may not be a winning strategy unless exceptions can be made for people with exceptional skills. A better approach is to stress employee benefits.

Government benefits, including health insurance, retirement and vacation, can be superior to the private sector. For example, government workers enjoy up to 9.9 more paid vacation days than their private sector counterparts. Work-life balance is another positive. Employees in municipal work tend to work structured hours, have opportunities to telework and receive almost all federal holidays off.

Similarly, the public service aspect of government work is also a differentiator that is another strong selling point. Government cybersecurity professionals work behind the scenes to protect vital services, including public safety, schools and healthcare systems. It’s an environment driven by quality of service, and not for profit. This can be a huge motivator for today’s purpose-driven generations.

3.     Exposure to a wide range of cybersecurity challenges

Government cybersecurity professionals work at the cutting edge of a broad range of issues, giving them an often-overlooked advantage over their private sector counterparts.

In public school districts, for example, security professionals are on the front lines working to secure networks and systems to prevent bad actors from exploiting the enhanced threat landscape created by virtual schooling. Meanwhile, as the 2020 election season draws near, teams are being challenged every day to secure critical election infrastructure from interference.

Of course, not everyone in cybersecurity is excited by the same thing. Some may be looking for a new challenge such as helping to shape and define security policies and strategy or modernizing technology infrastructure, while others prefer to support already well-defined security programs with the goal of refining their skills within that environment. There’s a place for all these interests in the government environment.

Focusing on prior experience isn’t enough to securing talent. Government officials should think more about the potential of the position and associated skills needed to identify the right candidate.  Agencies must think hard about the position’s purpose and ask: what problems are we trying to solve? What would attract someone to this job? Why would they want to work here?

4.     Get creative

While demand for cybersecurity skills is pitting state and local government against the private sector, it’s also a unique opportunity for agencies to get creative in their retention and recruitment practices.

Increasing cybersecurity skills can help maximize internal talent, reinvigorate the existing workforce and encourage retention. As employers vie for new recruits, government hiring managers should lean into their strengths and entice people with what they have to offer: great benefits, job security and a unique environment that challenges them to grow while making a difference in the communities they serve.