A hiring initiative for cyber

Psychologists often distinguish between two kinds of approaches different people take to approaching the world — a “promotion” focus and a “prevention” focus. People with a promotion focus think about how they can make things better. People with a prevention focus will think about how to avoid bad things from happening.

I have always been a promotion kind of guy. Both when I was in government and in my work since then (including this blog) I have been concerned about how we can improve government’s performance over obsessing about scandals and other dangers. That’s a promotion focus.

But cyber defense is an example of how even a promotion guy will sometimes want to worry about prevention. Cyberattacks are getting worse. And although cyberattacks on industry can cause significant economic damage, cyberattacks on the government can have a big impact on national security. Agency IT folks have in recent years had little choice but to spend a lot more time on this.

There is an overall shortage of cyber talent out there. There are estimated to be 300,000 unfilled cyber jobs in the United States. Though nobody I asked could provide me any numbers on this, government’s problems with cyber talent may well be worse. Whenever demand in the labor market runs ahead of supply, salaries go up, making government salaries ever more uncompetitive. Government faces a cyber talent crisis.

Enter the Partnership for Public Service and their new Cyber Talent Initiative.

The Partnership for Public Service is one of my favorite organizations (indeed, I chose it as a place to receive donations in lieu of presents for my 60th birthday some years ago). It was founded in 2001 to encourage young people to work in government and to improve HR policies so as to make government service more attractive. (By an eerie coincidence the kickoff event was Sept. 11, 2001, and participants needed to evacuate the Capitol when the attacks took place.) The Partnership has now announced an initiative to attract young people into cyber jobs in government. The initiative grew out of a suggestion to the Partnership from an executive at MasterCard International who had served in government and was familiar with the Partnership’s work.

Starting next year, the Partnership will make available 50 fellowships for young people to get two-year cyber jobs in the federal government. Participating agencies will be allowed to choose fellows from among the winners, and will pay participants. One of the very attractive features of the fellowship is that at the end of the two years, fellows can have a very significant $75,000 of college loan indebtedness repaid by corporate sponsors of the program, which makes the program much more attractive to young people — hence the characterization of the program as a public-private partnership. When the program was announced, MasterCard and two other companies, Microsoft and Workday (an HR management vendor), pledged to contribute to the loan repayment.

However, when you read the fine print of how the Cyber Talent Initiative will work, a bunch of worries pop up. The big one is that it turns out that to receive the generous loan repayment after two years, fellows will actually need to leave the government and go work in industry. Normally, incentives such as these reward longer service, so you’d think fellows might be eligible for loan repayment if they stayed around the government. But here it is actually the opposite. (Fellows will not be guaranteed a job in industry, but will need to apply to companies offering repayment.)

The Partnership gives two explanations for this strange feature of the program. One is that companies would worry about conflicts of interest if they paid the loan debt of current federal employees. The other, very practical issue is that this is being funded by companies to pay the loan debts of people working for them, and it would be much harder to get a $75,000 donation from them with no quid pro quo.

The Partnership notes that agencies have the authority to set up (but fund themselves) their own loan repayment programs for employees, for whatever categories of employees they choose. This program, set up by Congress in 2001, hasn’t exactly spread like wildfire. As of 2016, the most recent year for which statistics are available, 34 agencies participated in the program, a number basically unchanged since 2010. (The six agencies making the most extensive use of the program were the Departments of Defense, Health and Human Services, Justice, State, Veterans Affairs and the Securities and Exchange Commission.)

The Partnership hopes that agencies will authorize loan repayment for cyber fellows they want to retain after their two-year fellowship ends. The program is not quite as generous as the $75,000 cyber fellowship, and companies may pay loans back more quickly than the $10,000 maximum a year allowed for the federal program.

But for a participant who wants to stay in government after two years, it is a decent option. (The hiring authority the government would be using to hire fellows is normally limited to two years, but can be extended for another two years, and afterwards agencies could convert the employee to permanent status.)

“The Cyber Talent Initiative gives government a foot in the door among kids who otherwise probably would never even have considered government service.”

The two-year length of the program is interesting. It follows the U.S. Digital Service model, which basically says that the government will never be able to turn high-flying techies people into career feds, but that it may be feasible to attract them for short stints aimed at people attracted to public service and who, like most young people, like to switch jobs a lot.

The worry about the USDS model for this program is that, unlike those who go to work for USDS, these fellows will be entry-level hires; this is likely to be their first job out of college. So they will need some time before they can make a genuine contribution to their agency’s cyber efforts.

I asked a Harvard colleague who is one of the country’s leading cyber experts how long it would take a newbie who had studied computer science but had no specific cyber courses to get to the point where they could make a meaningful contribution. “Two years,” was his answer, which was discouraging since that’s the length of the fellowship. A worst-case scenario would be that the fellows would be trained at government expense and then leave the agency as soon as they were ready to make a contribution. It would take less time if the new hires had taken cyber courses. Many applying have had cyber coursework; the Partnership might want to emphasize that more as a qualification.

A final worry is that as of now, the effort has only three corporate sponsors — unless a lot more come on within two years of the program starting, meeting the commitment for a company to pay back the student’s loan may be infeasible. If there aren’t enough sponsors, the program may have discontented fellows on its hands.

The Cyber Talent Initiative gives government a foot in the door among kids who otherwise probably would never even have considered government service. It may be that the intrinsic nature of some cybersecurity work for government, particularly that with a national security connection, is more attractive — even “cool” — than a typical cyber job in the private sector. So far 85 people have completed applications, and another 450 have downloaded one. Applications close Oct. 18, so there’s still a lot of time. To apply, go to Cybertalentinitiative.org.

I give the Partnership an A for effort here. Whether they will receive an A for achievement remains to be seen. I have raised some of these worries with folks at the Partnership. Hopefully they will see the program as announced as Release 1.0 and think seriously about how to improve it based on experience so that it can provide the most help possible with this important problem.

Published with permission from Fcw.com. This originally appeared in fcw.com: https://fcw.com/blogs/lectern/2019/06/comment-kelman-coding-it-forward-