Speech of Acting OPM Director Beth Cobert
Symantec Government Symposium
Walter E. Washington Convention Center in Washington, DC
August 30, 2016
As prepared for delivery
Good afternoon. Thank you Rob (Potter) for that generous introduction and for inviting me to participate in this important conversation.
Before I get down to today’s topics, I want to add my congratulations to your cyber award winners.
The innovative way they each work to advance strong cybersecurity practices is vital. I know I’m a little biased, but I especially want to congratulate Jeannine Gilead of DHS for her national leadership in cybersecurity exercises and Jason Lim of DOT for transforming the way the Transportation Security Administration handles its cybersecurity priorities.
Too often we don’t take the time to thank our colleagues for the work they do and for the innovation they bring to a job carried out with little fanfare.
So I also want to thank all of you here today who are part of the Federal family for all your work on the systems and strategies that make it possible for your agencies to fulfill their missions, while keeping the information and data they collect and use safe and secure.
You heard this morning from FBI Director Comey about the cybersecurity privacy and security challenges that all of us in the public and private sector are facing and about some of the strategies being employed to deal with them.
As Acting Director of OPM, I’m basically the President’s people person. I suspect a few years ago a government symposium on IT and cybersecurity wouldn’t have featured the leader of the agency whose mission it is to help agencies find the best talent to add to our world-class workforce and ensure that we are doing all we can to develop the great talent that is already in the Federal service.
But as I’ll describe in a minute, both during my career in the private sector and in government, cybersecurity has been one of my priorities.
As we know, cybersecurity talent is at a premium right now. According to industry estimates, there’s a shortfall of nearly 1 million cyber professionals nationwide. In Federal government we know we own part of that gap and we’re working hard to address it.
In the past six months of this fiscal year we’ve hired 3,000 cybersecurity and IT professionals. By January of 2017, we expect to hire another 3,500.
That’s where OPM comes in. It’s up to us to help agencies master the tools and processes at their disposal to meet their talent needs and to fulfill the President’s goal of strengthening our world-class Federal workforce.
So today I want to talk to you about what I see as key to meeting the cybersecurity workforce challenge in the Federal Government and across the country. And I also want to enlist your help.
First, I will share with you our cybersecurity talent strategy that details what we are doing to help attract, recruit, develop, and retain the talent we need.
Second, I’ll review the people elements of the President’s Cybersecurity National Action Plan – or CNAP - that help support the cybersecurity people strategy and the need to grow the pool of cyber talent.
Third, I’m going to talk about what we can do to develop and retain the talent we have.
Finally, I’m going to enlist your help. We need you to get involved in recruiting and hiring the talent you need in your shops. Do not to let human resources do it alone.
And, I’m going to call on you to work with your leadership to make sure good cybersecurity practices are not left just to the CIOs.
Personal Story
But first, let me tell you a little bit about myself and how the people portion of the cybersecurity equation is something I’ve been passionate about throughout my career.
As Rob said, before I joined the Federal Government in 2013, I spent 29 years as a director and partner at McKinsey and Company. Much of my work at McKinsey involved helping clients fill their talent needs and devising strategies for McKinsey to recruit the talent we needed to best serve our clients. Often, we had to come up with some creative ways to attract the talent we and our clients needed.
When I joined the Office of Management and Budget in 2013, I quickly became immersed in cyber issues, particularly in my role as chair of the President’s Management Council – or the PMC. Even then, the challenges of cyber – including the talent piece - were rising to the top of senior leaders’ priority list.
When I moved to OPM, we began dealing with cyber on several fronts – responding to the breaches, strengthening and modernizing our systems, and beginning to draft a government-wide strategy to help agencies bring on the new cadre of talent needed to address the evolving world of cyber.
One of the lessons I’ve learned from my time at OMB and now OPM, is that we all need to be technology and cyber savvy.
While agencies need to fill their talent gaps and bring on more cyber professionals, it’s critical that cybersecurity knowledge and best practices be inculcated throughout every organization.
As I said, gone are the days when the responsibility for good cyber practices can be left solely to the CIO. We don’t all need to know how to write code and get under the hood of a particular system.
But computer literacy and appropriate cyber hygiene is a must. And it must be ingrained at all levels – including the C suite. That will require more than just staffing up the Office of the CIO.
We need people who understand the law, who understand privacy, who understand how people think. We need a series of partners, each of whom brings their own set of capabilities. We need to work with all of them to be successful.
So that brings me to the President’s Cybersecurity National Action Plan and the cybersecurity people strategy it calls for. Together, they provide a strong blueprint for how government agencies can address this critical, comprehensive talent need.
The cybersecurity workforce strategy has four pillars:
- Data analytics: People who know me know that I’m a data geek. This part of the strategy is designed to help managers and HR professionals use data to figure out their talent gaps and develop their current employees.
- Talent Pipeline: Through the Computer Science for All Initiative, we will increase outreach to educational institutions– from pre-K through college-- to help them enhance cyber curriculums.
- Recruit and Hire: We’re working with agencies across government to help them attract and quickly bring on board the cybersecurity talent they need.
- Talent Development and Retention: We’re working on innovative ways to better recognize the cybersecurity talent we have and help them refine their skills.
Now I want to describe in more detail our efforts to implement this strategy.
Talent Pipeline
First let me address the talent pipeline.
As part of CNAP, the President proposed investing $62 million in FY 2017 to expand cybersecurity education across the nation. This is critical if we are to grow the pool of cyber talent -- both with new employees and existing Federal workers who are looking for a new direction or challenge in their careers.
Many colleges and universities have their own boutique cyber programs. One of the goals of CNAP and our strategy is to reach out to these institutions and help them develop cyber curriculum guidelines tailored to meet the current – and future - needs of government and industry.
It’s important that we reach out to large and small institutions to get the mix of talent we need. OPM’s recruitment and hiring team is working with schools across the country, including colleges and universities with large diverse populations.
OPM has estimated that minorities comprise 32 percent of the Federal cyber workforce compared to industry where they make up fewer than 12 percent. In addition, women make up nearly 25 percent of current Federal cyber employees compared to 20 percent in industry.
While we are doing much better that our counterparts in the private sector, we still see areas where we can make more progress in specific underrepresented communities.
The White House Office of Science and Technology Policy has been a leader in developing strategies to help broaden the participation in STEM occupations. Many of its efforts center on improving access to STEM education, including for women and military members and their families. OSTP has also tackled the issue of implicit bias that affects the success of people in STEM, including women and people of color.
I was in Atlanta earlier this month and met with leaders from area colleges and universities, including Georgia Tech and Kennesaw State, which have strong cybersecurity programs and Morehouse and Spelman, which are enhancing their cyber programs. We talked about what opportunities are available to their students and graduates and how we need to develop a deeper partnership.
Building and retaining a Federal workforce that draws from all segments of society is a high priority for this President and for me. And let me be clear. Diversity is not a priority because it’s something “nice” to have. It’s a business imperative.
We need to draw from the expertise, the backgrounds, and the experiences of individuals from every community in this country.
Research tells us that if we have more diverse talent and we capitalize on their input, we get better results.
As one of the first woman partners at McKinsey, the importance of diversity has always been personal to me.
One way we can encourage students from diverse backgrounds to consider making the Federal Government the first stop in their career is to help them deal with the mountain of debt many face when they graduate.
For example, the CyberCorps Scholarship for Service program provides scholarships for cybersecurity students who join Federal service after graduation. That program has so far graduated 2,000 scholars, and 97 percent of them have been placed in government positions. The President proposed expanding this effort in his fiscal year 2017 budget.
We’re also encouraging students and recent graduates to try out Federal service through our Pathways programs.
These programs provide internships for students still in school, positions for recent graduates, and fellowships for recent advanced degree recipients. Our Presidential Management Fellows Program already has a separate track for the Science, Technology, Engineering and Math – or STEM fields. And we are looking to create a PMF cyber track as well.
Recruiting and Hiring
Now that I’ve addressed what we’re doing to work with educational institutions, I want to talk about what we’re doing to help agencies attract cyber professionals to public service at other points in their career.
One component of the strategy is to help agencies use the tools they currently have available to bring on the talent they need. OPM’s work with agencies across government has resulted in twice the number of cybersecurity professionals being hired this year as compared with last.
Often times, agencies simply are not aware of what tools are in their toolkit.
For example, the National Security Agency used existing pay flexibilities to establish special rates for certain STEM positions, including IT and cyber.
Last month, DHS held a cyber and tech job fair. Agency officials conducted more than 700 interviews for about 300 critical cyber positions. Candidates were assessed and interviewed for specific jobs by managers and supervisors, who made on-the-spot job offers. And once selected, some applicants began their security clearance applications.
Even before the fair, OPM had worked with DHS to help the agency frame its job opportunity announcements to get the talent with the right skills at the event.
When we think about recruiting experts in any field today -- whether cybersecurity experts or medical professionals or accountants or IT technicians, one common pattern is that the employees we will be hiring are not likely to envision the Federal Government as a lifelong career. Gone are the days when someone went to work for one company or agency and stayed there for decades, particularly among the next generation of workers.
Government is recognizing this new employment pattern. And we’re working on hiring policies and talent development strategies that will make it easier for cybersecurity professionals to go back and forth from sector to sector, and to do so multiple times.
Our strategy envisions private sector cybersecurity professionals, as well as those in academia, will come to view time in Federal service as an essential stop on their career arc. Federal service will give them a chance to put their talents to work serving their country by tackling complex problems and they will have the opportunity to impact national policy.
Develop, Retain Talent
I’ve outlined how the Cybersecurity National Action Plan and our cybersecurity workforce plan will help us attract the talent we need to fill our critical skills gap.
Now I want to talk about what we’re working on to develop and retain the talent we have – including those of you in this room.
Each year the Federal Employee Viewpoint Survey tells us that Federal employees are eager for education and training opportunities.
We’ve gotten that message. Over the past two years we have signed agreements with colleges and universities across the country to provide discounted tuition to Federal employees and their families. Partnerships with such institutions as the University of Maryland University College and Champlain College- which have strong IT and cybersecurity curricula – have been put in place.
Since the program began, more than 5,200 Federal employees and their families have benefitted from tuition discounts that have collectively saved them more than $12 million.
Rotational assignments also provide employees with an opportunity to expand their experiences and knowledge and provide agencies with specialized talent to help with a specific mission critical project.
DoD, working with OPM, is developing an excepted Cyber Civilian Hire Service for these specialized areas. This will mirror the excepted service for the intelligence field.
In addition to the flexible hiring strategies we’re using to attract cyber professionals, we’re working on a government-wide credentialing framework, which uses gamification to promote and recognize the skills and achievements of this pivotal workforce.
We’re modeling it after some highly successful examples in the military.
When someone says they are a Navy Seal or Army Ranger, we immediately know that means they have special advanced skills; that they are at the top of their game. We are working on developing badges that will provide our cyber professionals with that kind of recognition. So when someone says they are a cyber-defender, cyber warrior, or cyber investigator, their level of expertise will be instantly understood and recognized.
Our OPM team is also developing a website with sections for job seekers, managers, Federal employees, academia and students. We hope to have the site live in the next few months.
Call to Action
As I said, before I leave today I have a couple of asks to make of you.
First, get involved in building your teams. This sounds obvious, but your personal involvement is crucial. We cannot expect HR professionals to fully understand your unique needs. Supervisors and managers on the front lines know best what talent they need and which applicants will best fit into their team.
So you need to make the human resources professionals at your agencies your partners. Get involved on the front end of the recruiting and hiring process.
We feel so strongly about this at OPM that we’ve made that collaboration a key element of our Hiring Excellence Campaign. We are taking this campaign to Federal managers and HR professionals all across the country. We’re holding sessions to outline and discuss strategies to help them collaborate – all with the goal of making sure we connect with the top talent we need to serve the American people.
If you haven’t heard about the campaign or want more information about how you can connect with it and see some of the resources we’ve prepared, go to opm.gov/hiringexcellence.
We’ve also included a specially trained Cyber HR Cadre in our Cybersecurity Talent Strategy. These HR specialists will help agencies fulfill their cyber talent needs.
The nimble, flexible, and innovative ways we are seeking out and hiring cyber talent can be a model for how we handle the other Federal skills gaps – from health care to accounting to support services.
My second ask is that you take the lead in making sure that cybersecurity best practices are instilled throughout your enterprises. We cannot afford to leave this to yearly security training or alerts when there’s a crisis.
Even something as simple as training employees on how to spot a phishing attack or the need to frequently change their passwords is a good start. You can find great information about how to understand and guard against cyber threats at opm.gov/cybersecurity or at DHS’s Stop. Think. Connect website at dhs.gov/stopthinkconnect.
Conclusion
I hope you come away from my remarks today optimistic about the work we’re doing to help you bring on the talent you need to fulfill your critical mission – whether through hiring new employees, developing new talent or providing the training and education for current employees who want to step up to new challenges.
And I also hope you take to heart my call to action. Everyone in this room can serve as ambassadors in the cause of partnering across government and with industry so we can all make progress on cybersecurity.
The 18-year-old young woman from Boise, Idaho who came to the President’s 2016 Science Fair and demonstrated the computer game she designed based on her love of literature could someday work for you. But someone has to make her aware of the opportunities that exist and the importance of public service.
The cybersecurity awareness exercises Jeannine brings to her DHS colleagues could inspire one of them to follow in her footsteps and pursue a career in cybersecurity. But someone has to be there to help guide that employee in this new path.
The professor teaching cybersecurity to a new generation of students may decide to take a sabbatical and join the Federal service. But he has to be aware of where he can best fit in.
I give you these examples because one important lesson that my work at OPM and the collaboration we’ve had with our Federal partners across government is that we are all in this mission together. We need to seek out talent, seek out new ideas, and seek out innovative thinking from all across this great country. And you are just the people to help us to that.
Thank you!