How to save public sector IT from the Great Resignation

March 28, 2022
The challenges of retaining security cyber staff through a pandemic and as the private sector beckons creates potential risk

The public sector is one of the most resilient, dedicated, and necessary workforces in the world. But the resignation wave in the private sector, which left millions of jobs vacant and organizations across industries short on talent, has begun to affect the public sector as well. And it’s putting public sector IT at risk.

What happens when state, federal, and local government employees leave in the Great Resignation? Institutional knowledge leaves with them, and without the right safeguards, services and processes can collapse. Innovation can stall as projects lose leadership, morale can degrade, and even well-oiled institutions can fall into disorganization.

But as ransomware attacks climb and become more sophisticated — a “core national security challenge” as President Biden put it recently — a fresh set of threats is emerging. Talent gaps in IT introduce real cybersecurity risks. With more than two decades of experience in public sector IT, I can see the challenges taking shape, but they aren’t insurmountable.

Tackling the Biggest Risks the Great Resignation Has Caused in Public Sector IT

The pandemic wasn’t a security tipping point for most public sector organizations. In my daily conversations with peers and based on my own experience, IT leaders have kept security top of mind. But the multi-year strategies and implementations are now at risk.

If you’re a public sector leader feeling the pinch of the talent gap, you don’t want to see any progress toward improving security stalls because leadership and expertise are lost. Here is my take on the biggest talent challenges happening in 2022, and some wisdom on how to approach them.

●    Resignations threaten complex security projects. Security projects in the public sector can take years — RFPs alone can take several months, and funding is always uncertain. These projects need teams that can lead them from start to finish and the loss of institutional knowledge can be devastating if a core IT lead resigns. So, what do you do if your organization’s IT security plans are hindered by a loss of leadership? Take a step back. Assess what kind of talent and skills will be needed to get the project across the finish line and consider engaging an IT service provider partner to fill the gap temporarily or permanently. And do this quickly — COVID-19 relief has helped many public sector agencies accelerate digital projects, but these funds are also time-sensitive. The loss of time on security projects could mean a loss of funding, which most organizations just can’t afford.

●     Training and details fall through the cracks when resignations occur. A single click on the wrong phishing email can bring even the biggest organization into chaos, no matter how sophisticated its security apparatus is. Training and employee education are critical but often abandoned when there is a staffing or leadership vacuum. Like ongoing security projects, training efforts cannot be allowed to lapse. Partners and consultants can supply the talent and resources to continue training, allowing you to instead focus on hiring efforts to fill that position permanently. Additionally, IT talent gaps can cause non-digital practices to fall by the wayside. If you’ve experienced resignations, determine whether your physical security practices are still in order. With offices empty and government equipment out in the field, there are more opportunities than ever for information to fall into the wrong hands.

●     Some employees want perks the public sector struggles to offer. Let’s face it, public sector jobs, especially IT jobs that may be tied to mainframes and physical operations centers, aren’t as flexible as they could be. Although the pandemic made remote work possible for many employees, public sector IT employees may not enjoy the same flexibility as workers in other sectors. Days off may not be as negotiable, public-sector pay can’t compete with the private sector, and bureaucracy can get in the way of quick progress on IT projects. In response, many have dipped into relief funds to pay for bonuses and raises for deserving employees, and others, like the CIA, rebranded with a fresh look and culture to try to attract talent. It’s also important to lead by example — remind teams why they chose public service and encourage leadership to show their mission through their actions.

The Great Resignation is a threat to the critical IT improvements that keep public sector organizations safe from cyberattacks. We’ll see more IT service providers strategically engaged by the public sector to fill training needs and specialized IT roles in 2022, allowing leaders more time and energy to focus on the important work of governing, oversight, and management of mission-critical programs for the communities they have been called upon to serve. While these challenges are weighty, I am confident that the public sector will not only rise to the occasion but will become stronger and more resilient. 

About the Author: Dean Johnson is the Senior Executive Government Advisor for Public Sector, North America at Ensono. In his role, Dean is responsible for accelerating the acquisition, growth and management of Ensono’s State, Local and Education (SLED) vertical. Johnson has an extensive background within the SLED vertical and across the IT industry. He has a reputation for driving digital transformation, cultivating strong relationships, and enabling innovation. Dean has more than 35 years of experience providing information technology services for both the public and private sectors.

Prior to Ensono, Johnson was Chief Operating Officer for the Georgia Technology Authority (GTA) where he worked closely with various state agencies and service provider partners to identify, recommend, develop, implement, and support cost-effective technology solutions that adhere to statewide enterprise standards and meet future business needs. Under Dean’s leadership, the state of Georgia entered a partnership with market-leading private-sector technology companies to provide IT infrastructure and managed network services to state agencies. The partnership, known as the Georgia Enterprise Technology Services (GETS) program, strengthened security, modernized infrastructure and networks, improved reliability, and increased transparency in the state’s IT enterprise. The GETS program has saved the state of Georgia over $400 million in IT spending since commencing services in 2009.

(Image courtesy Anastasia Samal/bigstockphoto.com)
Most businesses don’t know what their exposure is to any given cyber event, including what the impact is in terms of lost revenue, response costs, and secondary loss.
Most businesses don’t know what their exposure is to any given cyber event, including what the impact is in terms of lost revenue, response costs, and secondary loss.
Most businesses don’t know what their exposure is to any given cyber event, including what the impact is in terms of lost revenue, response costs, and secondary loss.
Most businesses don’t know what their exposure is to any given cyber event, including what the impact is in terms of lost revenue, response costs, and secondary loss.
Most businesses don’t know what their exposure is to any given cyber event, including what the impact is in terms of lost revenue, response costs, and secondary loss.
Courtesy of Getty Images -- Credit: thomaguery
There are several best practices that businesses should take into consideration when institutionalizing insider threat practices during the COVID crisis.
There are several best practices that businesses should take into consideration when institutionalizing insider threat practices during the COVID crisis.
There are several best practices that businesses should take into consideration when institutionalizing insider threat practices during the COVID crisis.
There are several best practices that businesses should take into consideration when institutionalizing insider threat practices during the COVID crisis.
There are several best practices that businesses should take into consideration when institutionalizing insider threat practices during the COVID crisis.