Cyber Talent Management

Inflation – the hidden cyber security threat

Image: By Manuel Dohmen – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=185802

In cyberspace, the focus is on threats from malicious activity — a tangible threat. A less obvious threat to cyber is inflation which undermines any cyber organization by eroding budget and employee compensation. Inflation can create unseen resignation rates if not addressed, and jeopardize ongoing cyber efforts and the U.S. Defense Department’s migration to cloud-based services. The competition for cloud security talent is razor-sharp in the private sector already.

There are different ways to build and maintain a cyber workforce: recruit, retrain and retain. The competition between the DoD and the private sector for talent will directly affect recruitment and retainment. Inflation and the shortage of skilled cyber professionals create increasing competition between the federal and private sectors for much-needed talent. Retraining professionals to become a part of the cyber workforce is costly, and if the incentives are not in place to stay in the force, it is short-lived as retrained cyber talent moves on. Inflation creates a negative outlook for recruiting, retraining, and retaining cyber talent.

The inflation expectations in 2022 are the highest in decades, which will directly impact the cost to attract and retain a cyber workforce. Even if the peak inflation is temporary due to COVID-19 as well as disruptions in the supply chain and the financial markets, the pressure on increased compensation is a reality today.

What does it mean in practical terms?

According to the Wall Street Journal, salaries will increase in 2022 for white-collar professionals in the range of 10%, and the federal workforce can expect an increase of less than a third of the gains in the private sector. These signs of growing salary gaps are likely far more severe and exacerbated in the cyber workforce.

For example, by browsing the current jobs ads, a manager for incident response in Rhode Island offers $150,000-$175,000 with the ability to work from home with zero commuting. A fair guess would be there’s a federal GS pay scale at 20-30% less, with work taking place from 8:30 a.m. to 4:30 p.m. in a federal facility; not to mention cloud security, where large players such as Amazon Web Services are actively recruiting from the federal sector.

An increasing salary gap directly impacts recruitment, where the flow of qualified applicants dries up due to the compensation advantage of the private sector. Based on earlier data, the difference in salary will trigger decisions to seek early retirement from the DoD, to pursue a second civilian career or to leave federal service for the private sector as a civilian employee.

The flipside of an all-volunteer force is that in the same way service members volunteer to serve, individuals have the option at the end of their obligation to seek other opportunities instead of reenlistment. The civilian workforce can leave at will when the incentives line up.

Therefore, if we face several years of high inflation, it should not be a surprise that there is a risk for an increased imbalance in incentives between the public and the private sectors that favor the private sector.

The U.S. economy has not seen high inflation since the 1970s and the early 1980s. In general, we all are inexperienced with dealing with steadily increasing costs and a delay of adjusted budgets. Inflation creates a punctured equilibrium for decision-makers and commanders that could force hard choices, such as downsizing, reorganization, and diluting the mission’s core goal due to an inability to deliver.

Money is easy to blame because it trespasses other more complex questions, such as the soft choices that support cyber talent’s job satisfaction, sense of respect, and recognition. It is unlikely that public service can compete with the private sector regarding compensation in the following years.

So to retain, it is essential to identify factors other than the compensation that make cyber talent leave and then mitigate these negative factors that lower the threshold for resignation.

Today’s popular phrase is “emotional intelligence.” It might be a buzzword, but if the DoD can’t compete with compensation, there needs to be a reason for cyber talent to apply and stay. In reality, inflation forces any organization that is not ready to outbid every competitor for talent to take a hard look at its employee relationships and what motivates its workforce to stay and be a part of the mission.

These choices might be difficult because they could force cultural changes in an organization. Whether dissatisfaction with bureaucracy, an unnecessary rigid structure, genuinely low interest for adaptive change, one-sided career paths that fit the employer but not the employee, or whatever reason that might encourage cyber talent to move on, it needs to be addressed.

In a large organization like the DoD and the supporting defense infrastructure, numerous leaders are already addressing the fact that talent competition is not only about compensation and building a broad, positive trajectory. Inflation intensifies the need to overhaul what attracts and retains cyber talent.

Jan Kallberg, Ph.D.

Our Dependence on the top 2 % Cyber Warriors

As an industrial nation transitioning to an information society with digital conflict, we tend to see the technology as the weapon. In the process, we ignore the fact that few humans can have a large-scale operational impact.

But we underestimate the importance of applicable intelligence, the intelligence on how to apply things in the right order. Cyber and card games have one thing in common: the order you play your cards matters. In cyber, the tools are mostly publically available, anyone can download them from the Internet and use them, but the weaponization of the tools occur when they are used by someone who understands how to use the tools in the right order.

In 2017, Gen. Paul Nakasone said “our best [coders] are 50 or 100 times better than their peers,” and asked “Is there a sniper or is there a pilot or is there a submarine driver or anyone else in the military 50 times their peer? I would tell you, some coders we have are 50 times their peers.” The success of cyber operations is highly dependent, not on tools, but upon the super-empowered individual that Nakasone calls “the 50-x coder.”

There have always been those exceptional individuals that have an irreplaceable ability to see the challenge early on, create a technical solution and know-how to play it for maximum impact. They are out there – the Einsteins, Oppenheimers, and Fermis of cyber. The arrival of artificial intelligence increases the reliance of these highly capable individuals because someone must set the rules and point out the trajectory for artificial intelligence at the initiation.

But this also raises a series of questions. Even if identified as a weapon, how do you make a human mind “classified?” How do we protect these high-ability individuals that are weapons in the digital world?

These minds are different because they see an opportunity to exploit in a digital fog of war when others don’t see it. They address problems unburdened by traditional thinking, in innovative ways, maximizing the dual-purpose of digital tools, and can generate decisive cyber effects.

It is this applicable intelligence that creates the process, that understands the application of tools, and that turns simple digital software to digitally lethal weapons. In the analog world, it is as if you had individuals with the supernatural ability to create a hypersonic missile from materials readily available at Kroger or Albertson. As a nation, these individuals are strategic national security assets.

Systemically, we struggle to see humans as the weapon, maybe because we like to see weapons as something tangible, painted black, tan, or green, that can be stored and brought to action when needed.

For America, technological wonders are a sign of prosperity, ability, self-determination, and advancement, a story that started in the early days of the colonies, followed by the Erie Canal, the manufacturing era, the moon landing and all the way to the autonomous systems, drones, and robots. In a default mindset, there is always a tool, an automated process, a software, or a set of technical steps, that can solve a problem or act. The same mindset sees humans merely as an input to technology, so humans are interchangeable and can be replaced.

Super-empowered individuals are not interchangeable and cannot be replaced, unless we want to be stuck in a digital war. Artificial intelligence and machine learning support the intellectual endeavor to cyber defend America, but humans set the strategy and direction.

It is time to see what weaponized minds are, they are not dudes and dudettes; they are strike capabilities.

Jan Kallberg, Ph.D., LL.M., is a research scientist at the Army Cyber Institute at West Point and an assistant professor in the department of social sciences at the United States Military Academy. The views expressed are those of the author and do not reflect the official policy or position of the Army Cyber Institute at West Point, the United States Military Academy, or the Department of Defense.

The Death of the Cyber Generalist

I recommend reading Patrick Bell and my article from June 2018:

“The Department of Defense (DoD) must abandon its “up-or-out” promotion model for cyber forces. It should let competent officers hold their positions longer. Applying the outdated Defense Officer Personnel Management Act’s (DOPMA) staffing model to the cyber force is foolish, and makes it difficult to keep experienced, technically-proficient cyber officers in the military. DOPMA’s prescribed career paths entail officers’ attendance at a variety of schools, with several rotations through geographical areas and work domains. In the process, domain-specific knowledge that would allow officers to lead and understand the impact of their various choices in a technically complex and ever-changing environment evaporates. In a world of increasing complexity, shortened windows of opportunity to act, and constantly-changing technical environments, the generalist leaders that the DOPMA system yields may doom the military’s cyber force to failure.”

The link to the article:

https://warroom.armywarcollege.edu/articles/death-of-cyber-generalist/

Retention is Key for Cyber Talent Management

If the armed forces seek to create a more significant force, recruitment and training of cyber support will only meet demand if retention is high. (Bill Roche/Army Cyber Command)
The United States is an engineering country where technical solutions are born, and solutions are thought up, in an innovation-friendly environment of academia and industry. There are gaps, but the United States is highly adaptive and able to face technological challenges due to its research capacity and industrial base.

The more substantial challenges are retention, maintaining an able workforce and transferring the willingness to serve to the next generation. The cost for the Department of Defense to recruit and train, or transition a mid-career officer, are high. Equally challenging is the time to replace an officer that decides to leave the armed forces. This is a simple math problem: If the armed forces seek to create a more significant force, recruitment and training will only meet demand if retention is high; otherwise, the inflow is only compensating the outflow from the service.

With the strengthening of the American economy, combined with a radically increased demand for information security competence in the civilian workforce, retention of cyber skills and cyberwarriors will be an ongoing concern. If you train, you need to be able to retain the personnel — otherwise it is a lost investment for the organization.

The millennials are likely the next decade’s cultural-change agents, not by intent but through catalyzing change and, from a cyber perspective, it might be necessary.
According to the RAND study “Millennial Perceptions of Security,” millennials and young people are less invested in national security issues, but care about their economic security. Millennials will be the predominant workforce in the next decade, slowly replaced by the post-millennials in the late-2020s. The retention of “Generation Instagram” is likely different than earlier generations.

Should we expect that “Generation Instagram” to leave their social media-upheld island in the digital world, return to the 20th century and embrace the bureaucracy and its industrial age apparatus?

A culture shift is needed. Conventional forces consistently prepare for war, while cyber forces are continuously engaged in cyberwar. Therefore, rotating cyber officers through assignments reduces readiness and increases risks. Allowing one individual to hold a position for five or more years will significantly improve operational readiness. Exempting the cyber force from mandatory positional and geographic moves will help build and maintain a more effective future force.

Also in need of change is the dated Defense Officer Personnel Management Act, which includes an embedded assumption that one partner makes a career and the other tags along with the rotations, trying to see what they can do at the post where they land. To retain these two smart individuals as a military family we have to design rotations and positions in a way that the spouses have career opportunities that match their abilities. Millennials and the younger generation want to influence their future.

Alexander Hamilton, writing in 1775, said “There is a certain enthusiasm in liberty, that makes human nature rise above itself, in acts of bravery and heroism.” A rigid bureaucracy has limited workplace appeal for millennials; to release the enthusiasm, an organization that has a higher degree of freedom is more adaptive and mission-centered as the unit commanders are empowered.

Freedom is also a prerequisite for innovation, the freedom to fail an informed and rational attempt. Millennials are likely the next decade’s cultural-change agents, not by intent but through catalyzing change, and from a cyber perspective, it might be necessary.

The rapid changing technical landscape, the increased velocity in engagements, the thick fog of uncertainty, all create a need for future cyberwarriors to stay current within an innovative, embracing, and enabling culture. At a large scale, it can be a strategic advantage compared to our potential adversaries that lack initiative, and have fear-driven cultures and repressive outlooks.

Jan Kallberg, PhD

Jan Kallberg is a research scientist at the Army Cyber Institute at West Point and an assistant professor in the department of social sciences at the United States Military Academy. The views expressed are those of the author and do not reflect the official policy or position of the Army Cyber Institute at West Point, the United States Military Academy or the Department of Defense.