Addressing government’s cybersecurity workforce shortage

April 25, 2019

How the Department of Health and Human Services is bringing in new cyber talent

Janet Vogel is the acting chief information security officer at the Department of Health and Human Services. HHS is one of 12 federal agencies participating in the Cybersecurity Talent Initiative, a first-of-its-kind public private partnership to recruit the nation’s best minds to defend against global cyberattacks. Mastercard, Microsoft, Workday and the Partnership launched the program this month as a call to action for leading companies, federal agencies and higher education institutions to come together and help grow the talent pipeline of cybersecurity technologists to protect the nation and support our digital economy.

We recently spoke with Vogel about the need for cyber talent at HHS and why her agency has decided to participate in the Cybersecurity Talent Initiative.

Partnership: How do cybersecurity professionals contribute to the mission of the Department of Health and Human Services?

Vogel: Cybersecurity professionals at HHS play a big role in protecting the sensitive data of Americans. We have a very big job, and we take it very seriously. HHS has a very diverse set of data, and we need a very diverse and highly technical cybersecurity team to protect that.

From March 2018 to February 2019, HHS has blocked 253 billion attempts at the network perimeter. Over that time, we have addressed over 9,000 threats that required our action. Attack attempts don’t always turn into an incident, but any incident could turn into a breach or a big event.

Partnership: What is the state of the cybersecurity workforce across government and at HHS?

Vogel: The cybersecurity workforce in our department is somewhat reflective of the entire industry. We do have shortages. We do need more people with cybersecurity skills. And there are cybersecurity vacancies across both the government and private sectors.

Cybersecurity is becoming more and more sophisticated because the attacks are increasing in volume and complexity. It seems like every day we learn about a new type of attack method or methodology, and we have to be able to keep up with that and respond very quickly.

At HHS, we also believe that every employee is part of the cybersecurity team and every employee needs to know about cybersecurity. We have a very active education program. We put out training material, have work group sessions, and conduct education campaigns with a new theme each month to try to get everybody aware of their role and what they need to watch for. Every employee is a part of our cybersecurity workforce in one way or another.

Partnership: Why should today’s cybersecurity students consider working for government?

Vogel: Working in the government is a very rewarding experience. This is an area where you can know that you’re making a difference every day. If you’re a student or someone looking to change careers, cybersecurity is a ripe area for anyone who likes a challenge. You have to be good at solving puzzles and doing analysis. If you have an analytical mind, cybersecurity is a great place for you. And you’re needed here.

Partnership: Why did you want HHS to participate in the Cybersecurity Talent Initiative?

Vogel: We want to bring in new, fresh eyes and people with current, contemporary skills. This initiative will allow us to leverage a group that has grown up with technology, and feels it’s just part of their nature. So that will give us a new advantage in the way we look at cyber threats and try to get ahead of them.

This program is going to help us improve our cybersecurity posture, and produce employees with well-rounded cyber skills and practical hands-on experience. 

Partnership: Why do you think it is beneficial to have the public and private sectors working together in the Cybersecurity Talent Initiative?

Vogel: This partnership allows us to learn from one another. Cybersecurity is important to all of us and, working together, we will have a better defense against cyberattacks. This partnership helps strengthen our ability to protect privacy and health data that are held by both the private and public sectors. We want to ensure that both sectors are moving forward together.