Gregory Wilshusen, director of Information Security Issues at GAO, discusses the upcoming deadline for federal cybersecurity workforce compliance, and how agencies are having issues with it.
A major deadline is coming in April for the government’s efforts to bolster their cyber workforce. The Federal Cybersecurity Workforce Assessment Act of 2015 required agencies to categorize their IT workforce into 53 different roles, with a deadline of April 2019. However, according to the Government Accountability Office, agencies have run into problems with this task. Gregory Wilshusen, director of Information Security Issues at GAO, says that some agencies haven’t met the requirements, or completed them improperly. “What we found is that agencies generally did assign those codes to their positions although we find that six agencies did not identify all of their vacant positions. It was one of the requirements under the act that agencies identify these positions, the ones that are filled as well as the ones currently vacant. We also found that agencies likely mischaracterized many of their positions. For example, we examined the codes assigned to the positions in the 2210 occupational series, which are those series related to IT management positions… We found that over 15,779 positions were assigned a code that was expressly for non-IT positions. And so that’s about 19 percent of all of those positions in that particular class,” Wilshusen said.