Cybersecurity skills shortage has led to a talent war between agencies, says Commerce CIO
Written by Nihal Krishan
Federal agencies, including the Commerce Department, have resorted to poaching staff from other departments due to a shortage of cybersecurity skills in government, the agency’s chief information officer said. Andre Mendes.
“We basically hire people from one federal agency to another. We’re stealing people from each other, that’s what it’s all about,” Mendes told FedScoop.
“It’s a very, very difficult situation with cybersecurity hiring. It’s extremely difficult to find the right people with the right skills right now,” said Mendes who spoke at the FedTalks technology conference on Wednesday, hosted by FedScoop.
Hiring difficulties arise amid a tight labor market and a severe shortage of qualified cyber engineers and analysts. CyberSeek, a recruiting website for cybersecurity jobs in the United States, which is funded by the Department of Commerce, estimates that there are currently 714,548 open cybersecurity jobs nationwide, which include positions in the public and private sectors.
In the public sector, there are nearly 39,000 cyber vacancies and 69,322 cybersecurity experts currently employed, according to estimates published by the website.
There has been a huge increase in cybersecurity job openings over the past year, following a series of massive attacks over the past two years against Federal Government, Colonial Pipeline and meat producer JBS who raised awareness among the general public. the need for increased cybersecurity in government and the private sector.
Along with difficulties hiring cybersecurity experts, Mendes also said the federal government is struggling to hold its technology vendors and contractors accountable for cybersecurity flaws and issues.
“All federal agencies must hold their suppliers accountable in terms of susceptibilities. So when you sell a product to the federal government, you need to give some assurance that the product works as claimed and doesn’t unduly expose you to cybersecurity attacks due to inherent flaws in its scope,” Mendes said.
The Presidential National Security Telecommunications Advisory Committee (NSTAC) on Tuesday introduced proposals that would require all agencies in the executive civilian branch to monitor operational technology systems in real time.
Mendes said the presidential proposals would help improve cybersecurity, but would receive a strong backlash from the tech industry and IT vendors.
“The administration has just started the process and there will be huge lobbying against it from vendors trying to minimize its effects. Vendors will do their best to minimize their exposure to change because they don’t want have accountability, they haven’t had accountability in the past, so why should they have it now, but the reality is that in today’s environment, we can’t afford not to have accounts to give back,” Mendes said.
Shortly after becoming the CIO of the Commerce Department in 2020, Mendes said he would like to see greater accountability in the federal government for agency IT budgets due to executive “black hole” spending. regulations or modernization.
Mendes said he has worked in recent years to use his nearly $4 billion a year budget more efficiently with less spending on IT tools and resources.
“We can demonstrate a clear reduction in costs in large measure due to greater collaboration within the agency over the past two years,” Mendes said.
“We’re leveraging those dollars elsewhere, where they’re more mission oriented to trade and official affairs offices and less to IT infrastructure,” he added.
Commerce spends about 30% of its budget on IT thanks to heavy users such as the National Oceanic and Atmospheric Administration, the National Institute for Standards and Technology, the US Patent and Trademark Office, and the Census Bureau.
Speaking to FedScoop, Mendes cited the International Trade Administration, where he previously served as CIO, as an example of an agency where consolidating corporate IT services has been successful in reducing costs.
According to the CIO, the use of cloud-first environments and layers of abstraction has resulted in significant cost savings which has resulted in ITA spending only 10% of its IT budget. Mendes added that efficiencies have allowed employees to work on more mission-focused areas, such as pricing.