Federal cybersecurity leaders are eager for new hiring powers
CISA Director Jen Easterly and National Cybersecurity Director Chris Inglis testify before the House Committee on Homeland Security on November 3rd, 2021.
Andrea Peterson November 3, 2021

Federal cybersecurity leaders are eager for new hiring powers

Andrea Peterson

November 3, 2021

Federal cybersecurity leaders are eager for new hiring powers

Federal cybersecurity leaders stressed the importance of growing the government’s cybersecurity capacity, including recruiting new talent, during congressional testimony Wednesday. 

“We have a lot of vacancies that we are working very hard to fill,” Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly told the House Committee on Homeland Security.

Easterly indicated she is eager for the Department of Homeland Security (DHS) to roll out new hiring practices aimed at closing the talent gap in the sector later this month. 

The Cybersecurity Talent Management System, which will allow DHS to bypass typically extensive federal hiring procedures and offer pay more competitive with the private sector, goes into effect on November 15th. 

Easterly said CISA will “aggressively” implement the system to recruit more people—including those who have the right technical skills and attitude, but may lack a traditional educational pedigree—as fast as possible. 

“I think it takes way too long to bring people into the federal government,” Easterly said, adding that recruitment is significantly faster in the private sector. 

The federal government has long struggled to hire enough technical talent to defend its systems. In recent months, CISA has announced a number of efforts aimed at increasing the cybersecurity talent pool—including grants for training and education programs targeting underserved populations. 

During their testimony, Easterly and National Cyber Director Chris Inglis also both stressed the need for cooperation between the government and private sector to protect from threats such as ransomware and expressed support for mandatory breach notification proposals. 

However, Congressman Jake LaTurner (R-Kan.) said that many victims did not appear to view the agency as a resource when responding to ransomware attacks. 

One business in LaTurner’s state faced a $900,000 ransom that it eventually negotiated down to $600,000 and paid because lost operations were costing $2 million a day, he said. But responding to the problem and working with insurance, the company said it was never advised to contact CISA, according to the Congressman. 

“How do we begin to change this narrative across the country?” LaTurner asked.

In response, Inglis acknowledged that there is a lot of work to do.  

“The government needs to lead with a practice such that when you call the government, it actually responds with meaningful support,” he said.

Andrea (they/them) is senior policy correspondent at The Record and a longtime cybersecurity journalist who cut their teeth covering technology policy ThinkProgress (RIP), then The Washington Post from 2013 through 2016, before doing deep dive public records investigations at the Project on Government Oversight and American Oversight. Their work has also been published at Slate, Politico, The Daily Beast, Ars Technica, Protocol, and other outlets. Peterson also produces independent creative projects under their Plain Great Productions brand and can generally be found online as kansasalps.