The U.S. Office of Personnel Management (OPM) has finalized long-awaited interpretive guidance, which designed to help agencies more easily recognize, classify and then recruit and retain qualified Cybersecurity professionals. OPM stated in a letter to HR directors that the guidance should also help agencies clarify roles and responsibilities for Cybersecurity professionals.
OPM has prescribed the basic title of ‘IT Cybersecurity experts’ to the ‘IT 2210 management series’ when tilting positions, which include cyber work. The independent agency noted that agencies can include a Cybersecurity designation as a parenthetical title for other occupations that perform this work the majority of the time, which may help organizations meet recruiting or other mission goals. OPM added that the guidance, since 2004, builds off of at least 19 different laws, executive orders, directives, national strategies, and NIST frameworks.
OPM has been working with other agencies, as well as the Chief Information Officers Council and Chief Human Capital Officers Council and other stakeholders to get a better understanding of the government-wide Cybersecurity workforce. It’s been a challenge, and it’s one of the reasons why the Department of Homeland Security had struggled to identify all Cybersecurity positions within the agency and allow them a code on the NICE’s National Cybersecurity Workforce Framework (National Initiative for Cybersecurity Education).
Other agencies have also been sluggish to identify their Cybersecurity workforces, an activity that Congress tasked them within the Federal Cybersecurity Workforce Assessment Act and embedded in the 2016 anthology. The guidance pointed out that the Cybersecurity workforce is occupationally cross-cutting, multi-faceted and encompasses a variety of contexts, roles, and occupations. It requires a team of various different backgrounds and experience to act the Cybersecurity work that needed by agencies.
Though, the guidance doesn’t establish specific certification requirements for the Cybersecurity professionals. The agency explained a series of general and technical competencies that ideal candidates to federal Cybersecurity positions should have. Customer service, creative and strategic thinking are among the key general competencies for cybersecurity professionals. In addition, OPM also recommended that knowledge of data management systems, logical systems design and surveillance, computer forensics, and counter-intelligence techniques are among the technical skills agencies look for in their candidate pool.