Connecting state and local government leaders
They’re moving ahead with a set of new programs and working closely with colleges and universities to get more people into a field where jobs can be tough to fill.
North Dakota’s chief information security officer, Michael Gregg, is bracing for retirements to put a major dent in the ranks of his staff over the next three to five years and, at the same time, he’s struggling to hire mid-career cybersecurity employees who can often command higher salaries in the private sector compared to what state government has to offer.
With this in mind, he’s ramping up a set of programs to attract and retain workers who are early in their careers. This effort includes partnering with colleges and universities, as well as apprentice and internship initiatives. In the meantime, his team has gone fully remote, a perk for many people, and it has cut college degree requirements to help draw in more job applicants.
For employees who do come aboard, Gregg says he has prioritized training and continuing education to help keep workers engaged.
“We've got to bring new people and new blood into the state, we’ve got to introduce them to state government,” he said during a National Association of State Chief Information Officers meeting happening in Louisville, Kentucky this week.
One project Gregg has going is centered around creating what are known as student security operations centers. It's a talent pipeline initiative and involves aligning what students are learning in college with the skill sets needed to work in state cybersecurity positions and providing pathways to those jobs.
A benefit to this kind of program, he notes, is that it can reduce the initial training required for new employees if they’ve already learned what they need to know during college. This means they can be up to full speed on the job faster—something that can be critical in an era when people switch jobs more frequently than in the past.
Bismarck State College will be the first academic institution in North Dakota to have a Student “SOC” come online, Gregg said.
Then there’s the apprenticeship plan.
“They work 30 hours for us a week, but we would help pay their education,” Gregg said, describing how it works. "And, in turn, they’re going to agree to stay three years and work for us.” For now, his department has one apprentice position, but Gregg said he’s going to ask state lawmakers in the next session to sign off on around 10.
The internship initiative is also showing promise, according to Gregg, with one recent opening attracting about 150 applicants. He said a key there has been emphasizing the extent of the learning opportunities that young people will have working with his team.
“They are concerned about learning more skills,” he said. “We can give them that opportunity.”
North Dakota is even looking to the K-12 level as it tries to cultivate its cybersecurity workforce. With the “cyber madness” program, high schools come together and students compete at hacking against each other. The state is moving to expand the program to the junior high level as well. And Gregg imagines a scenario where kids from multiple states in the region might compete in similar tournaments.
“We've got to push this down more and more,” he said.
When it comes to recruiting, offering remote work options is also a big plus, in Gregg’s view. “We do 100% fully remote,” he said. “We got the HR team to agree to this and it's worked quite well.” In a friendly warning to other state officials who might have more rigid requirements for reporting to the office, he added: “If you have people in your state that are interested, we will poach them.”
Gregg said he’s also seen success attracting mission-oriented people, including military veterans, to the jobs he has available.
On the training front, he emphasized the importance of cycling workers through both technical and non-technical topics in order to develop a team of well-rounded employees who are skilled in areas like the writing required for their jobs and managing meetings.
For some employees, he said, the state can be more appealing than industry because it offers a chance to work in a range of cybersecurity areas, rather than getting pigeonholed into a narrow role.
"The more you learn,” Gregg said, “The more I can keep you around and I can keep you engaged.”