The President has set the reduction of cybersecurity workforce skills gaps as one of his top 14 priority cross-agency performance goals for FY2013 (http://goals.performance.gov/node/38552). In support of this priority the U.S. Office of Personnel Management (OPM) is collaborating with the White House Office of Science and Technology Policy, the Chief Human Capital Officers Council (CHCOC) and the Chief Information Officers Council (CIOC) in implementing a special workforce project that tasks Federal agencies’ cybersecurity, information technology (IT) and human resources (HR) communities to build a statistical data set of existing and future cybersecurity positions in the OPM Enterprise Human Resources Integration (EHRI) data warehouse by the end of FY2014.
The new databank will enable agencies to identify and address their needs for cybersecurity skill sets to meet their missions. In accomplishing this project, agencies will also be updating their cybersecurity positions with codes that revise the definitions of and taxonomy used for cybersecurity work. This particular work function has extensively changed over the last decade, and these revisions provide consistency and a common language in describing the skill sets needed to perform the work successfully.
To achieve this fast-paced project goal, HR officials along with IT and cybersecurity managers in each agency must jointly devise and execute an action plan that includes:
- Socializing and communicating, within 30 days from the date of this memorandum, the reasons for this special project and its objective for the end of FY2014.
- Assuring the success of the project by setting quarterly milestones to monitor the agency’s progress toward achieving its end-product so that populating the new databank shows continuous and rapid growth during the fast-paced timeframe.
- Applying two new tools to re-define and update current and future cybersecurity work in agency organizations and positions, as follows:
o The March 2013 issuance of the National Cybersecurity Workforce Framework (http://csrc.nist.gov/nice/framework/) that establishes a common language and taxonomy for cybersecurity work. These new definitions of Federal cybersecurity work will lead to clearer understanding of the skill sets needed for this work and will improve recruitment and development of the workforce. The Framework is a product of the National Initiative for Cybersecurity Education (NICE) that has direct engagement of over 20 Federal agencies including OPM.
o The new Cybersecurity Data Element Standard in the OPM Guide to Data Standards (http://www.opm.gov/policy-data-oversight/data-analysis-documentation/data-policy-guidance/reporting-guidance/part-a-human-resources.pdf ) provides a set of data element codes as a position classification tool. These data element codes mirror the updated cybersecurity work definitions of the NICE Framework and are to be applied to all positions that may be performing cybersecurity work.
o Alignment of the cybersecurity work in the position with its organization’s cybersecurity mission.
o All existing positions possibly performing cybersecurity work are reviewed and coded. (These positions span multiple occupational series and their position descriptions need annotation with proper data element code.)
o All positions in the Information Technology Management 2210 Occupation Series are reviewed and appropriately coded using the new data element standard.
- Annotating the reviewed position descriptions with a Cybersecurity Data Element Standard code and submitting these changes into the EHRI data warehouse system by the HR offices.
As new and future positions performing cybersecurity work are classified after FY2014, the agency’s special action plan will be assimilated into the agency’s hiring and position classification processes.
Completion of this special project is targeted for the end of FY2014. To minimize reporting requirements, OPM’s EHRI cybersecurity databank will be used to measure agency performance. The IT and cybersecurity leadership and OPM will periodically monitor and discuss with the agencies, as well as with the CHCOC and CIO, the build-up of the databank in EHRI to ensure achievement of these milestones:
- By the end of FY2013 that (1) the CHCO agencies are reviewing and coding their positions performing cybersecurity work, and (2) coded positions include those in the Information Technology Management 2210 Occupation Series as well as other occupational series. Discussions with agencies will affirm that action plans are being implemented to complete this project by the end of FY2014.
- By March 31, 2014, the new cybersecurity workforce databank will demonstrate that the Federal agencies (1) have coded at least 60 percent of the Federal positions in the 2210 Occupation Series and (2) are also applying these codes to positions in other occupation series where cybersecurity work is assigned. Discussions with agency officials will affirm that agencies are on track to complete this project on or before the end of FY2014.
- By the end of FY2014 , the EHRI cybersecurity workforce databank will show that the Federal agencies (1) have coded at least 90 percent of the Federal positions in the 2210 Occupation Series and (2) are also applying these codes to positions in other occupation series where cybersecurity work is assigned. Discussions with agency officials will confirm that this project is completed.
We will continue to work with the cybersecurity and CIO leadership to assure access to subject-matter expertise (SME) in applying these new work definitions. The OPM guidance team, as well as our cybersecurity partners at NICE and the CIO Council, are available to help agencies in their redefinition of cybersecurity work and the application of the Cybersecurity Data Element Standard to positions performing cybersecurity work. Address any assistance in cybersecurity matters to NICE and/or the CIO Council. For HR assistance in this project, contact Jeanne Friedrich (firstname.lastname@example.org, 202-606-1523) or Renée Singleton (email@example.com, 202-606-1868).
cc: Chief Human Capital Officers, and Human Resource Directors