Federal agencies are struggling to properly inventory their positions in IT, cybersecurity and other cyber-related fields as required by the 2015 Cybersecurity Workforce Assessment Act which ordered those inventories as a step toward identifying and taking actions to fill skills gaps in those high-demand occupations, GAO has said.
It said that 22 of the 24 agencies it examined assigned a “non-IT” work role code to about 16,000, or nearly a fifth, of their IT positions within the 2210 occupational series, and “most agencies had likely miscategorized the work roles of many positions.” It said that of the six agencies it reviewed more closely had assigned work role codes not consistent with the duties described in the position descriptions for 63 of 120 positions within the 2210 occupational series.
The report said that IT and HR officials “generally reported that they had not completely or accurately categorized work roles for IT positions within the 2210 occupational series, in part, because they may have assigned the associated codes in error or had not completed validating the accuracy of the assigned codes. By assigning work roles that are inconsistent with the IT, cybersecurity, and cyber-related positions, the agencies are diminishing the reliability of the information they need to improve workforce planning,” it said.
The report added that under the law, by April of this year agencies are to identify work roles of “critical need” and that preliminary findings are that the top three are information systems security manager, IT project manager, and systems security analyst. “Nevertheless, until agencies accurately categorize their positions, their ability to effectively identify critical staffing needs will be impaired,” GAO said.