U.S. Cyber Command struggles to retain top cybersecurity talent

By:  Kenneth Corbin

Top official in Defense Department’s cybersecurity unit says organization is doing an ‘effective job’ at recruiting, but keeping up with the evolving threat landscape remains a challenge.

At U.S. Cyber Command, the top brass has made recruiting top talent a leading priority, but those efforts have been slowed by challenges in attracting and retaining the next generation of cyber warriors.

Maj. Gen. Paul Nakasone, commander of Cyber Command’s Cyber National Mission Force, spoke to those struggles in a recent online event hosted by Federal News Radio.


Nakasone explained that at Cyber Command, “the mission attracts most” in the recruiting work at the inter-service unit that conducts a bevy of military defensive and offensive cyber activities.

“We offer a sense of service to the nation, rigorous training, innovative approaches to hard problems of national security, and an opportunity to build a phenomenal network across that spans defense, interagency, allies and industry,” Nakasone said.

“Yet, even with this, we need to continue to offer some additional pay and benefits,” he added. “We must identify and recognize our best talent.”

U.S. Cyber Command competes with private sector for top talent

Since its inception in 2009, Cyber Command, established as a consolidated military response to an escalating wave of Internet-based intrusions and attacks, has vied for top talent with the private sector, where firms often can offer dramatically higher wages to job seekers in a highly competitive field.

But like officials at other federal cybersecurity entities, Nakasone noted that the work that Cyber Command does is enough to inspire civic-minded security experts to consider a stint with the government. And even if the government remains something of a revolving door — with personnel routinely rotating back to the private sector — Nakasone doesn’t see that scenario as a total loss, but argues instead that it could be seen as a furtherance of his organization’s overall mission.

“[W]e also must consider our work in training and building talent may often benefit the greater good, regardless of where your career takes you in cybersecurity,” Nakasone said.

On balance, Nakasone judges that Cyber Command has done an “effective job” of fielding a skilled workforce considering the inherent challenges of the task, though he stresses that that work “to continually monitor, assess and prepare” is ongoing, given the evolving nature of the threats.

“Talent management is the most important thing we do,” he said. “The near-term challenge we must address is keeping the already high level of trained, talented personnel on our teams.”

Within Cyber Command’s Cyber National Mission Force, which is comprised of 39 teams scattered around the country, about 80 percent of the personnel are military, with the balance made up of civilians, according to Nakasone. He says that the average team member is 28 years old, and roughly half of the personnel have combat experience. Every employee has a high-school degree, Nakasone said, but just 37 percent have degrees from a four-year college, and only 13 percent have graduate degrees.

One of the perennial challenges in the cyber arena is the attribution of attacks, a task that is complicated by a tangled and sometimes interrelated cast of malicious actors, ranging from hostile foreign governments to non-state entities such as terrorist organizations, criminals and activist hackers. But within that complex environment, the activities of nations like China, Iran and Russia pose the greatest challenge.

“The most significant threats to the United States in cyberspace come from select nation-states, but we continue to watch closely for signs of non-state actors aimed against both government and private sector targets,” Nakasone said, adding that Cyber Command actively monitoring “for signs of non-state actors making significant improvements in their cyber capabilities.”

Nakasone also emphasized the importance of building cybersecurity partnerships among the military and civilian government communities that would also include healthy relationships with vendors and others in the private sector, as well as friendly foreign nations.

“[W]e need to better integrate our forces into the planning and execution of operations across the Department of Defense, [and] to build even stronger partnerships across the U.S. government, with allies and industry,” he said.