September 28, 2016

To Better Counter Hackers, Kilmer Calls on Department of Homeland Security to Update Cybersecurity Hiring Practices

WASHINGTON, D.C. – Today, Representative Derek Kilmer (D-WA) called on the Department of Homeland Security to update its cybersecurity hiring practices and make it easier to hire qualified applicants for open positions. Kilmer wrote a letter to the Secretary of the Department of Homeland Security Jeh Johnson noting that cyber professionals with unique skills but without a college degree should still have opportunities to be hired.

He asked Secretary Johnson to look into whether the Department could hire professionals that have third-party certifications from coding tests and other competitions. Kilmer also mentioned the acute need for cybersecurity professionals around the country.

“With Forbes reporting more than 200,000 cybersecurity job vacancies across the country, and with so many highly skilled coders without college degrees, we should consider new ways to meet our national cybersecurity workforce needs,” Kilmer wrote in the letter. “I encourage the Department to examine whether it would be possible to develop a cybersecurity hiring approach which permits the federal government to access professionals with critically needed skillsets whom otherwise might be excluded from consideration.”   

In recent years there have been a string of cyber-attacks on the personal information of Americans. These have included the recent report that Yahoo suffered a data breach that impacted 500 million accounts. Information that was stolen from the company included names, email addresses, telephone numbers, and dates of birth. 

Kilmer has been a leader in efforts to try to enhance America’s cybersecurity capabilities. Recently, the House of Representatives passed a bill Kilmer helped lead that provides resources to small businesses to better protect themselves from cyberattacks. Last April, Kilmer also called on the Department of Homeland Security to develop coordination between agencies investigating ransomware attacks that have hit families, businesses, and local governments. At the end of 2015, provisions Kilmer authored to extend and bolster identity theft protections for federal workers impacted by data breaches at the Office of Personnel Management were included in the Fiscal Year 2016 Omnibus Appropriations Act signed into law by President Obama.  

The full text of the letter follows.

The Honorable Jeh Johnson

Secretary for Homeland Security       

U.S. Department of Homeland Security         

Washington, DC 20508                                  

Dear Secretary Johnson,

I commend recent Department of Homeland Security efforts to improve and expand the Department’s cybersecurity workforce through initiatives such as the implementation of new cyber pay authorities to recruit and retain top cyber talent, use of direct hiring authorities to streamline the hiring process, and establishment of a cybersecurity cadre in the Presidential Management Fellows program.  These efforts demonstrate the Department’s commitment to addressing head-on the cybersecurity skills shortage within our federal government.

In order to further expand the pool of cybersecurity talent available to the government, a recent report from Intel Security and the Center for Strategic and International Studies (CSIS) proposed redefining the minimum credentials for cybersecurity jobs.  The report noted that while 70 percent of entry level cybersecurity positions require applicants to possess a bachelor’s degree as a minimum credential, many of the most talented cybersecurity experts acquired their skills through non-traditional sources of education and do not possess technical degrees.

Rather than focusing on the level of formal education, many experts suggest that those looking to hire cybersecurity professionals focus on identifying talent with the right skillsets.  The Intel and CSIS report suggests this approach might involve replacing degree requirements with third-party certifications, hacking competitions, and other coding and cybersecurity skills tests.  The private sector has already begun to realign its cybersecurity hiring approach along these lines and develop skill-based methodologies to identify and recruit cybersecurity talent to their companies.

With Forbes reporting more than 200,000 cybersecurity job vacancies across the country, and with so many highly skilled coders without college degrees, we should consider new ways to meet our national cybersecurity workforce needs.  I encourage the Department to examine whether it would be possible to develop a cybersecurity hiring approach which permits the federal government to access professionals with critically needed skillsets whom otherwise might be excluded from consideration. 

Thank you for your continued focus on improving our country’s cybersecurity posture and developing our cybersecurity workforce.

Sincerely,