RAND Study: Looser Civil Service Rules Would Ease Cybersecurity Shortage

New submitter redr00k (3719103) writes with a link to the summary of a RAND Corporation study addressing "a general perception that there is a shortage of cybersecurity professionals within the United States, and a particular shortage of these professionals within the federal government, working on national security as well as intelligence. Shortages of this nature complicate securing the nation's networks and may leave the United States ill-prepared to carry out conflict in cyberspace." One of the key findings: waive the Civil Service rules. (The NSA can already bypass those rules; RAND's authors say this should be extended to other agencies.)

A lot of cybersecurity contractors

[dunkindave]

Let me summarize: if you are a federal employee then you are a civil servant and paid according to the GS (General Service) scale. This is what people mean when they say someone is a GS-12 or GS-15. These scales are published by the US Office of Personnel Management and dictated by the President or by Congress. Unfortunately, these pay levels are below what a decent cybersecurity person expects to be paid, and do not compete with private industry. The result is that the cybersecurity people in federal positions are there either because of a sense of duty, or because they didn't cut it in the private sector. This is the classic image of a postal worker. In order to attract better candidates, they need to be paid better which means exempting them from the GS schedule. This is also why a lot of agencies use contractors for these positions because they can pay a contractor a lot more than an employee and thereby get better people in the job.

Yes, I know I have greatly simplified certain details, but that covers the basics of the problem.