At the National Association of State Chief Information Officers’ 2022 conference, a biennial report by NASCIO and Deloitte underscored hiring challenges faced by state governments as they strive to recruit qualified cybersecurity personnel.
The report advises officials to “modernize job titles and classifications using the National Initiative for Cybersecurity Education (NICE) framework.” This is a roundabout way of suggesting that agencies speak plainly and clearly when trying to attract cybersecurity workers.
Speaking on a NASCIO 2022 panel, an IT official recalled how his state once advertised a tech position and titled it “ITM3,” meaning a level-three IT manager. The state did not receive many strong resumes in response, so the agency renamed the position more plainly, and more accurately, as “Deputy CISO.” Quite a few qualified applicants reached out.
The U.S. Cybersecurity and Infrastructure Security Agency notes that “job descriptions and titles for the same job roles vary from employer to employer” in cybersecurity hiring. According to Deloitte, only 24 states list job classifications consistent with cybersecurity workforce best practices. While NICE recommends synchronizing job descriptions for clarity, IT officials also should use simple language to ease hiring and ensure effective communication.
Click on the banner below to learn about management solutions by becoming an Insider.
The Growing Demand for Cybersecurity Professionals
Earlier this year, CompTIA reported that the demand for cybersecurity professionals in the public sector remains quite strong. The number of listings for cybersecurity jobs grew 25 percent from 2021 to 2022 across the U.S. public sector, according to CompTIA. (Private sector demand grew at 21 percent during that time.)
“Lightcast data shows an even larger disparity between growth rates when comparing the growth since 2019. In the past three years, private sector cybersecurity demand has grown 36 percent, while public sector demand grew 58 percent,” CompTIA noted in a press release. “The supply-demand ratio is currently 68 workers per 100 job openings” across all sectors nationally, the release added.
On its website, McKinsey recommends that government agencies tackle their labor shortages in part by carefully considering their job requirements and clearly communicating the value of a position to applicants.
“Governments have a significant built-in advantage when it comes to purpose and meaning. Leaning into that value proposition with a succinct, well-crafted job description while offering greater flexibility and professional development opportunities could help reach and attract the next generation of public sector employees, including those with highly competitive skill sets,” McKinsey notes.
EXPLORE: How to ensure government staff stay up-to-date on evolving security threats.
Understanding the Importance of a Holistic Approach
It’s also important to examine how a state government manages its job requirements holistically. Many experts, such as those at Deloitte, recommend a whole-of-state approach to cybersecurity. In doing so, they call for centralized cybersecurity governance to strengthen network defenses.
In the NASCIO-Deloitte study, one-third of state CISOs indicated that individual agencies remain responsible for cyber incidents against their networks. Centralization would reduce duplicative efforts, Deloitte suggests.
The increase in number of listings for cybersecurity jobs from 2021 to 2022 across the U.S. public sector
Source: CompTIA “Despite slowing economy, demand for cybersecurity workers remains strong,” Jan. 24, 2023
State IT agencies also could advocate for local government funding. They can strengthen a whole-of-state approach by setting up joint cyber task forces and shared services programs that united state and local government officials to confront cybersecurity challenges.
Agencies could extend such a unification of effort to develop hiring requirements, centralizing cybersecurity employees in a shared security operations center or similar structure while also ensuring consistency in their use of IT terminology. Improved job descriptions and accessible language can result from consensus and review across cybersecurity stakeholders in the whole-of-state approach.
DISCOVER: How state and local agencies can identify cyberthreats through anomaly detection.
Ensuring Simplicity for Citizen Services
Using plain language helps agencies find qualified talent, and it boosts citizen services across the board.
State and local agencies that use clear language in digital content can improve the customer experience for citizens and expand accessibility and inclusion, not just for hiring websites but for all government websites. According to guidelines from the Plain Language Action and Information Network community, writers should use simple words, minimize abbreviations and use terms consistently, among other steps.
Experts recommend that officials avoid jargon and acronyms, a big issue for government agencies. Human resources offices often face similar challenges concerning the use of jargon and euphemisms. Government hiring can face plain language obstacles from both directions.
In terms of citizen services, the federal 18F digital services agency makes a very important point: “As we build government services, we want to ensure they are accessible and welcoming to everyone who needs to use them. Inclusive language helps us to be more accurate and build trust with our users.”
One big way to be inclusive, and effective, is to use plain language in all public communications, including IT job listings.
This article is part of StateTech’s CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.