The Biden administration is setting goals to promote and improve diversity, equity, inclusion and accessibility across the entire federal workforce.
Those goals, however, are harder to achieve in certain fields. The federal cybersecurity workforce, for example, is less diverse than the rest of the federal government, and a unique series of challenges make it harder for agencies to make progress in improving the diversity of their cyber offices.
Dexter Brooks, the associate director of the Office of Federal Operations at the Equal Employment Opportunity Commission, said Tuesday that women and people of color participate in IT leadership positions at a lower rate than in other leadership positions in the total government.
Women also occupy a smaller percentage of federal IT jobs than they do in the total federal workforce. Women make up about 45% of the federal workforce, but represent less than 30% of the IT workforce.
“When we do that comparative analysis between IT-cyber and the rest of the federal government, it’s one of the least diverse segments of our population,” Brooks said during a federal cyber workforce webinar hosted by the National Institute of Standards and Technology.
The Biden administration is directing agencies to tackle this problem more generally. Agencies are expected to finalize their strategic plans for promoting diversity, equity, inclusion and accessibility in their workforce by March 23, under the executive order President Joe Biden signed last year.
Beyond making the federal workforce more representative of the population it serves, Brooks said cybersecurity benefits from employees having a broad range of experience and perspectives.
“Cyber is dynamic, and it’s ever-changing. You need employees out there that are cutting-edge, that can see it from different perspectives … You’re going to have better employee engagement when employees feel like they have a full range of opportunities with their organization, and you’re going to build in constant improvement into your organization’s culture and operations.”
But for several reasons, agencies can’t simply hire their way to a more diverse cyber workforce.
Part of the problem, Brooks said, is that there are proportionately fewer entry-level positions in federal IT, compared to the rest of the federal workforce.
That gives federal employees less of an opportunity to work their way up the career ladder, compared to their peers in other occupational series.
While the Defense Department has a culture of internal training that allows employees to progress along a career path, as long as they have a foundation of minimum qualifications, Brooks said civilian agencies are struggling to offer employees a structured career trajectory—a similar problem to what the federal government encountered decades ago with the advent of information technology positions.
“When IT became a part of the federal government many years ago, there wasn’t a clear path to IT … You had this occupation that rose up in the federal government that wasn’t as clearly defined as others,” Brooks said.
Some agencies, however, are taking a step in the right direction. The Department of Homeland Security launched a long-awaited cyber talent management system last year after Congress authorized the agency to create its own talent management system in 2014.
Employees hired under DHS’ new cybersecurity service will see different career paths, benefits and salaries compared to their colleagues on the traditional General Schedule, as a way to overccome recruitment and retention challenges.
The National Geospatial-Intelligence Agency last year also launched a neurodiversity pilot program, which looked to recruit prospective employees on the autism spectrum.
Rita Sampson, the director of OPM’s Office of Diversity, Equity, Inclusion and Accessibility, said the federal government, in many cases, already has flexibilities in place to non-competitively hire people for certain term appointments.
Sampson said agencies should also maximize opportunities to retrain and upskill current federal employees to take on cyber positions.
“Within our workforce, we have already hired some highly talented individuals, and perhaps it’s time for them to retool and reskill, so we want to be able to invest internally to make sure we are reaching our goals, and that the talent that is out there may perhaps decide that cybersecurity is an area that they want to study. So we want to be able to give them the ability to do just that,” Sampson said.
The Office of Management and Budget gave federal employees an opportunity to reconsider cyber opportunities in government, when launched its Federal Cyber Reskilling Academy in November 2018.
OMB accepted federal employees with a non-cyber background in the first cohort, then expanded the program to feds with some cyber experience in the second cohort. OPM also stood up a job rotation program for cyber upskilling program graduates.
EEOC and OPM collect broad data on the federal IT workforce, but they have limited insight into how many of those employees work predominantly in cybersecurity. OPM has an occupational series for IT management but doesn’t have a more specific classification for cyber hires.
“The data can’t tell you what you need to know, if the data’s not available, and one of the things that’s more difficult with the cyber community is the data is not as clean as in other areas, because there are not clear positions that say, ‘This is a cyber position within the IT family,’” Brooks said.
Brooks said “data is always the starting point” for conducting barrier analysis, but not having more precise data makes it hard to drill down into who agencies are hiring and promoting within cyber jobs, and who is leaving the federal cyber workforce.
It even makes it hard to get an accurate headcount of how many federal employees work in cyber jobs.
“I can tell you how many IT specialists, I can tell you how many criminal investigators there are in the federal government. I can tell you how many astronauts are in the federal government, but I can’t give you a clear picture of, within the IT family, how many folks are cyber,” Brooks said.
Even with the general knowledge that the cyber workforce is less diverse than the rest of the federal government, Brooks said agency executives first need to understand the root causes of their DEIA challenges before trying to hire a more diverse workforce.
“That’s what people always think — we see fewer women in cyber positions, let’s just go out and hire more women, without figuring out, or solving the problem as to why we have fewer women in cyber. What is the origin of that, and are there policies, practices or procedures in place that facilitate that lack of inclusion? And that’s the harder part, in terms of changes,” Brooks said.