OPINION — It’s no secret that the federal government faces dire cyber talent woes, which are most acutely felt by those agencies with cyber at their core. To wit, attrition rates at the NSA and CISA exceed the average across the government for cyber personnel. Cyber Command is grappling with the results of systemic attrition.
Even from outside a SCIF, however, former employees of these agencies are still advancing the cybersecurity mission and shaping the field. A mathematician who once broke foreign cryptographic systems now researches quantum-safe cryptography in academia; a former intelligence analyst is disrupting malign nation-state cyber activity at a tech company; and alumni working in product management or customer-facing roles are building best-practice cybersecurity philosophies into products and the operationalization processes supporting them.
Simply boosting recruitment will not mitigate the deleterious impact of losing these veteran cyberwarriors. New recruits cannot instantly replace the years of specialized training, battle-tested operational experience, and deep expertise of advanced adversary tactics. Furthermore, hiring managers across the government are tapping the same candidate pool, exacerbating talent cannibalization risks.
Instead, these agencies should recognize the substantial potential that lies in engaging their “well-disposed alumni,” to borrow a term from the CIA’s similar quandary in the 1960s. The allure of private sector compensation may keep alumni from returning as government employees, but a concerted alumni engagement strategy can leverage their rich experience to enhance national security in cyberspace, where private and public sector boundaries are increasingly blurred.
The opportunity presented by this alumni network is not trivial; by our estimate, the population of non-retired alumni from NSA, CISA, and Cyber Command could number more than 10,000, and it will grow for two key reasons. First, these agencies are hiring more. Annual hiring goals at NSA rose more than 30% between 2019 and 2023. CISA’s hiring targets have doubled since 2020. Cyber Command is set to add 14 additional Cyber Mission Force teams. Second, these new employees are less likely to stay for their entire career, leaving in higher numbers after shorter tenures.
Looking for a way to get ahead of the week in cyber and tech? Sign up for the Cyber Initiatives Group Sunday newsletter to quickly get up to speed on the biggest cyber and tech headlines and be ready for the week ahead. Sign up today.
Alumni engagement is a prudent and responsible investment for resource-constrained government agencies that spend years recruiting, hiring, processing, and training new employees. NSA’s development programs for new cybersecurity engineers, intelligence analysts, and computer scientists last as long as 3 years. It costs the Army as much as half-a-million dollars to train a single hacker.
In addition, the government’s cyber alumni are dispersed across a complex cybersecurity ecosystem that’s estimated to grow by 10x to over $2 trillion in the coming years, more than the government can understand and shape on its own.
Finally, the valuable experiences of alumni and their ability to credibility speak the languages of the public and private sectors position them as brand ambassadors to amplify cyber agencies’ voice and power talent pipelines. The agencies can’t be at every college job fair, industry conference, or media engagement. Alumni who are properly empowered and trained can share their experiences with would-be applicants, refer candidates, and provide human touchpoints to nameless bureaucracies, similar to how alumni of the country’s top universities enthusiastically and effectively serve their alma maters.
A cyberwarrior alumni engagement strategy could be four-pronged:
Embrace former employees as potential assets, not counterintelligence threats. In addition to the necessary security outreach, such as reminders of lifelong obligations like pre-publication review, the government can also provide alumni with curricula to lead cybersecurity awareness programs and with training on recruitment. A collaborative effort between agencies and their alumni can tell the agency’s story or deepen public-private partnerships while protecting classified information and impropriety.
Create a strong value proposition to encourage engagement from alumni. Offer alumni meaningful opportunities to stay engaged with the mission, such as sending invitations to Fort Meade for unclassified briefings about the latest cyber threats, fostering networking opportunities, or planning reunions of development program graduates. There are unclassified spaces purpose-built for external engagement, such as the National Cryptologic Museum or the Cybersecurity Collaboration Center, and agency leaders should think about ways to maximize their utility.
Designate a Senior Executive Service-level official to oversee alumni relations and help build an on-ramp for engagement. A senior official lends credibility to outreach campaigns, can marshall resources to remove bureaucratic roadblocks, and can institutionalize the agency’s external voice to alumni engagement efforts.
Centralize alumni engagement under an interagency approach in the longer term, potentially under the National Cyber Director. Agencies with smaller alumni pools can learn from their larger counterparts’ experience. A whole-of-government approach ensures that best practices for leveraging former cyber experts are shared across agencies facing similar challenges.
The federal government need not create an alumni engagement apparatus in isolation. Universities have robust organizations that can be best-in-class examples. In the corporate world, 98 percent of the Fortune 500 has some form of an alumni program. As the war for cyber talent intensifies, America’s cyber agencies need to use every tool in their arsenal.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to [email protected] for publication consideration.
Read more expert-driven national security insights, perspectives and analysis in The Cipher Brief because National Security is Everyone’s Business
