DHS aims to boost cyber ranks by streamlining clearance approvals

The Department of Homeland Security is “actively looking to streamline” the process for determining which of its cybersecurity jobs need clearances, the agency’s chief information officer said during a House hearing Wednesday. 

In response to questioning from House Homeland Security Committee ranking member Rep. Bennie Thompson, D-Miss., about how the federal government’s “cumbersome hiring process” has “undermined its ability to recruit cyber talent,” Eric Hysen testified that DHS is pursuing a multipronged approach to mitigate the problem, including through its Cybersecurity Talent Management System and by assessing clearance protocols.  

“We shouldn’t be holding up your hiring” for workers if they’re “not going into a SCIF looking at classified material,” said Hysen, who also serves as DHS’s chief artificial intelligence officer. “So we have been looking to reduce requirements [and] expand the use of interim clearances at both the secret and top secret level.”

Addressing the U.S. government’s onerous cybersecurity application process was one of many proposed solutions discussed Wednesday during the hearing focused on filling the 500,000 vacant cyber jobs in the country, a gap that Committee Chair Mark Green, R-Tenn., has previously said represented “a growing threat to our homeland security.” 

The Office of the National Cyber Director is also focused on clearance reform and has made substantial progress on reducing average wait times for granting top secret and secret clearances, according to Seeyew Mo, the assistant national cyber director for cyber workforce, training and education. 

Beyond that, ONCD is teaming with the Office of Personnel Management and the Office of Management and Budget on refining the “pool hiring process” for federal cyber jobs, Mo said, requiring just one certificate per applicant that “multiple agencies can jump on,” thereby cutting down onboarding time. Keeping a “ready talent pool” through its Cybersecurity Talent Management System can “significantly reduce time to hire” for DHS, Hysen said, adding later that the agency is moving to “aggressively expand” the program.

“There’s no one single solution. There’s no silver bullet,” Mo said. “We’re fixing a lot of processes along the way.”

Most of the hearing centered on how the federal government is stepping up its recruitment efforts, especially in the targeting of underrepresented populations that have historically been left out of the cyber workforce.

Hysen said DHS is laying early groundwork for a more robust cyber talent pipeline, building partnerships for K-12 cyber curricula across the country and training thousands of educators already this year. Mo pointed to the Department of Education’s CTE CyberNet program, which helps teachers start cybersecurity programs at their schools, ONCD partnerships with private sector organizations on cyber education and commitments to teaching “gamified cyber.”

Hysen, Mo and Rodney Petersen, director of the National Institute of Standards and Technology’s National Initiative for Cybersecurity Education, all spoke about workforce recruiting and training programs happening at two-year colleges, historically Black colleges and universities, and other minority-serving institutions. 

Petersen highlighted a series of webinars NIST conducted this year focused on underserved and underrepresented populations, with an initial focus on colleges and universities in rural America. To ensure that the cybersecurity workforce expands beyond the Beltway, Petersen said it’s important to maintain pandemic-era remote work “that maybe previously didn’t exist.” 

“People tend to stay where they go to college or where they grow up,” he said, underscoring the need for “telework and more flexible opportunities where they may be able to stay in the rural community but work … for a company or a government organization across the country.”

While the concerted effort on college campuses to boost cyber recruiting is an important piece of the puzzle, lawmakers and witnesses noted that the federal government is embracing a shift away from degree requirements and toward skills-based hiring.  

In his first public remarks as ONCD director in January, Harry Coker said the White House was working with OMB to scrap four-year degree requirements for federal cyber contracting jobs. During Wednesday’s hearing, Hysen said DHS is “actively focused on” recruiting independent contractors of that kind into full-time positions. The agency is also looking at ways to expand “pathways for high-skilled immigration” so that DHS “can continue to attract the best and the brightest” in cybersecurity.

Wednesday’s hearing was the latest in a series of efforts from House lawmakers aimed at bolstering and diversifying the cyber workforce. Recent bills include one to fund cybersecurity clinics at community colleges and minority-serving institutions and another that would provide the Cybersecurity and Infrastructure Security Agency with $20 million annually to promote cyber jobs to women, racial and ethnic minorities, older individuals, veterans, people with disabilities, geographically and socioeconomically diverse communities, people with nontraditional educational backgrounds, and those who were formerly incarcerated. 

And more legislation from the chamber is on its way. Rep. Andrew Garbarino, R-N.Y., said Green would soon be introducing legislation “to grow our cyber workforce and sustain a steady pipeline each year.”