Although cybersecurity attacks grow more frequent and sophisticated by the day, state agencies lack the human resources needed to combat the threats.
According to the 2015 report State IT Workforce: Facing Reality with Innovation, published by the National Association of State Chief Information Officers (NASCIO), 86 percent of states say they struggle to recruit IT professionals, while 67 percent claim cybersecurity roles are the hardest to fill and retain.
The public-private pay gap represents one of the main causes for IT hiring difficulties.
“We can’t compete salary-wise with a lot of the private industries,” said Joshua Karstens, director of the Project Management Office and Business Process Management for Maine, during an on-camera interview with StateTech at the NASCIO 2016 Annual Conference in September.
U.S. Bureau of Labor Statistics data from May 2014 indicate that the mean annual salary for cybersecurity analysts was about $76,000 in state government and about $95,000 in the private sector at that time.
The discrepancy continues today and is exacerbated by other issues, according to the 2016 Deloitte-NASCIO Cybersecurity Study.
“Attractive benefit plans, historically one of the ‘carrots’ of a state government career, are no longer a given, and retirement packages are being restructured to more closely resemble those found in the private sector,” the report states.
The Deloitte-NASCIO study indicates that competition with federal agencies also makes it difficult for states to maintain the cybersecurity workforce.
That said, as long as they think outside the box, state IT leaders seem to have ample bait for attracting qualified professionals. And one incentive stands out among the rest: gaining a sense of mission.
The 2016 State CIO Survey: The Adaptable State CIO, a collaboration between NASCIO, Grant Thornton and CompTIA, found that 64 percent of state CIOs emphasize the “call to public service” in their recruitment efforts. Nearly half of CISOs who participated in the Deloitte-NASCIO study said they take the same tactic.
David Silver, principal of executive search and recruitment firm The Sterling Group, says the approach can definitely pay off.
“More and more people, especially millennials and empty-nesters, want their profession to have purpose and meaning,” he says. “Money is almost never people’s first or second driver. Doing meaningful work and making a difference are.”
And despite salary drawbacks, states still have a few advantages: About half of the respondents to the Deloitte-NASCIO survey say they lean on public-sector job security to attract new talent; another 41 percent of states highlight the satisfaction that comes from demanding government work.
Brenda Berlin, deputy CIO and chief financial officer for Colorado, falls into the second camp: “We’re working on creating an environment where our staff feel engaged; they need to know that the work is challenging,” she said in the StateTech interview.
The Virginia Information Technologies Agency takes another approach to maintaining a robust talent pipeline, CISO Michael Watson told StateTech. Rather than hiring only experienced cybersecurity professionals — those most sought by private industries — VITA opens up the candidate pool to greener analysts.
“We’re happy to be training grounds for folks, and say, ‘Hey, you want to come in at entry level, and we’ll figure out how to train you up,’ ” Watson says.
Other state leaders recruit directly from IT certificate programs to bring in diverse talent, rather than simply limiting their scope to degree-granting institutions.