OPM has issued the latest in a series of policies aimed at helping agencies hire and retain cybersecurity workers, this time addressing the need to better define what qualifies as a cybersecurity position.
OPM said that having such a definition in hand will help agencies to: clarify cybersecurity roles and duties; address position management issues; recruit, hire and develop a cybersecurity workforce to meet their needs; implement training, performance and retention programs; and conduct cybersecurity workforce assessments.
An OPM memo to agencies says that “cybersecurity is an evolving area and positions may be classified in a number of different occupational series based on the nature of the work . . . Over the years, OPM has proactively collaborated with agency partners and other stakeholders to gain a better understanding of the cybersecurity workforce governmentwide. A critical part of identifying the cybersecurity workforce was defining cybersecurity for consistency throughout the federal government.”
The guidance authorizes the position title IT Cybersecurity in the job family standard for administrative work in the information technology group, GS-2200. It also authorizes the use of Cybersecurity as a parenthetical title for other occupations that perform cybersecurity work the majority of the time, and not as a collateral duty.
Positions so classified must require information technology knowledge and competencies and must include cybersecurity functions as supported by the job codes in the Guide to Data Standards and the National Cybersecurity Workforce Framework, OPM said.
The guidance also covers position classification, job evaluation, and qualifications for cybersecurity positions. Agencies are to apply new or updated standards to covered positions within 12 months and are “encouraged to utilize the new titling guidance as soon as possible in an effort to identify, recruit, select, and develop a cadre of high-performing employees performing cybersecurity work.”
The guidance advances goals of the President’s Management Agenda and a 2017 executive order on strengthening the security of federal networks and critical infrastructure which call for strengthening cybersecurity including through emphasis on recruitment, retention and development of the cybersecurity workforce, the memo adds.