Even as the Defense Department plans a massive expansion of its cybersecurity forces, a third of the cyber pros within the federal government will be eligible for retirement within the next three years.
The typical federal cyber pro is over 40 years old, at GS-13 level and has more than 10 years of IT experience, according to a new report from the Chief Information Officers Council and the National Initiative for Cybersecurity Education.
The report is based on surveys of 23,000 employees from 52 federal departments and agencies. Only 5 percent are age 30 or younger and only 1 percent are senior executives.
Though the CIOs downplayed the likelihood that all those eligible would retire at the first opportunity, they warned that decreasing budgets, pay freezes and proposed reductions in employee pensions hurt their retention efforts, Federal Times reports.
The report warns that a wave of retirements could leave a younger work force lacking in essential skills. Defense Department training in cybersecurity in particular has come under fire for providing inadequate hands-on experience. The DoD has worked with trade group CompTIA, though, to create a tough new certification, the CompTIA Advanced Security Practitioner (CASP).
Those polled for this new report said they wanted more training in:
- Information assurance compliance, or validating that new IT systems meet security requirements.
- Vulnerability assessment and management, which includes evaluating security threats and recommending how best to respond.
- Knowledge management, or properly identifying and accessing employees’ institutional knowledge.
The federal government has been working to pin down the skills and training required of its cyber forces. The article says the CIO Council has identified 200,000 federal IT civilian employees across 39 job classifications with cybersecurity duties.