In March of this year, the Office of Personnel Management (OPM) issued guidance for the new Federal Rotational Cyber Workforce Program. The announcement marks an important and innovative step in the work of addressing federal cybersecurity workforce challenges and provides a model that could be replicated and expanded across public and private sectors.
The Program permits agencies to identify and advertise cybersecurity positions that can be filled by current federal employees serving in a designated cybersecurity, IT, or cyber-related role. When selected, these detailees will serve at the hiring agency for a period of six months to one year. The rotational Program, which is authorized to run through June 2027, aims to fulfill two key objectives: supporting skill development in the federal cybersecurity and IT workforce, and promoting integration and coordination of cybersecurity practices, functions, and personnel management between and within federal agencies. By creating opportunities for federal employees to work and learn with different projects, systems, and colleagues, it’s hoped that the Program will allow detailees to share their knowledge and build new skill sets that they can take back to their home agency when the detail ends.
The new Program aligns with the White House National Cybersecurity Strategy, also released in March, as well as with Objective 3.5 of NICE’s 2021–2025 Strategic Plan to “encourage and enable ongoing development and training of employees, including rotational and exchange programs, to foster and keep current talent with diverse skills and experiences.” The new guidance fulfills the requirements of the Federal Rotational Cyber Workforce Program Act of 2021 and builds on the existing OPM Guidance for Federal Cybersecurity Rotational Assignments issued in November 2020.
The Program includes several helpful flexibilities that allow agencies to implement rotations that work for them. Agency approvals for employee participation can be issued by agency heads first, and then by individual supervisors; alternatively, individual supervisors can be allowed to endorse employees first, and then seek approval from the agency head. Agencies are also allowed to form exchange partnerships, which could enhance knowledge transfer while reducing the impact of positions temporarily left vacant by detailees. The first rotation announcements are expected to appear on Open Opportunities in November, with additional postings possible throughout the year.
Rotational programs provide structured skill-building and leadership development, and have tremendous potential both in government and in the private sector. As authorized, the Program is restricted to employees already serving in cyber-related roles. In the future, allowing non-cyber employees to build skills through rotational details could help agencies to grow their own cybersecurity talent from within. State, local, tribal and territorial governments, as well as employers in the private sector, could also put similar rotational programs in place to address their own cybersecurity workforce shortages.
Although more work needs to be done to address shortfalls in the federal cybersecurity workforce, which the Government Accountability Office cited as a reason for including cybersecurity among high-risk issues in government operations for the twenty-seventh year in a row, the new Program represents an important opportunity to support cybersecurity learning and development in the federal workforce. The staff of the NICE Program Office applaud OPM for its efforts, and are excited to watch the Program’s progress. OPM’s cybersecurity codes are aligned with Work Roles of the NICE Workforce Framework for Cybersecurity, and the NICE Program Office is available to support agency liaisons working to identify and update positions available for rotational assignments. To connect with the NICE Framework team, please email us at NICEframework [at] nist.gov (NICEframework[at]nist[dot]gov).