The federal government needs cybersecurity talent embedded at agencies to help stand up the administration’s vision for a zero-trust architecture, and Federal CISO Chris DeRusha said he’s considering a tour-of-duty model akin to what the U.S. Digital Service employs to attract that talent for short stints.
DeRusha said during Palo Alto Networks’ Ignite ’21 event that he and his team at the Office of Management and Budget are “actively spending time trying to find new models” to attract cybersecurity talent to join the government and he pointed to USDS’s “tour-of-duty” model as an example of how the federal government can attract tech specialists to work with the federal government for short terms, typically less than two years.
The idea is that such a team would deploy “on-the-ground support … similar to what you see with U.S. Digital Service model, what they do for delivery,” DeRusha said. “Not fully the same model, but can you come up with something that looks like that for the cyber security side is something that we’re actively exploring.”
DeRusha credited USDS as a “really good model” because it not only attracts top technical talent to the federal government but also because it takes a user-centered approach when working with agencies.
“They get lots of highly skilled technical talent to come do tours of duty and tours of service. I think that’s the thing that we want to tap into is what model should we create on this side to get that same spirit of interest in serving?” he said. “And then how do we effectively deploy it in a way that is needed and useful, that we don’t make assumptions? And we don’t want to say you need ‘x’ and then find out that we were wrong. It really needs to be organic, with the agencies explaining to us what they need, and then also building a solution for that.”
As DeRusha — now dual-hatted as deputy national cyber director — leads the administration’s work to modernize cybersecurity under the recent cybersecurity executive order, he said building a strong cyber workforce is an integral part of a “three-legged stool,” along with strategy and funding, needed to implement cyber reforms.
“And if you don’t have any one of those three working symbiotically, it’s going to be really hard to make progress,” he said.
DeRusha is far from the only one in government exploring ways to narrow the cybersecurity skills gap in government. Earlier this week, the Department of Homeland Security launched a new system of its own to enable more effective recruitment, development and retention of cybersecurity talent.