Cover: DoD Cyber Excepted Service Labor Market Analysis and Options for Use of Compensation Flexibilities

DoD Cyber Excepted Service Labor Market Analysis and Options for Use of Compensation Flexibilities

Published Jul 19, 2021

by David Knapp, Sina Beaghley, Troy D. Smith, Molly F. McIntosh, Karen Schwindt, Norah Griffin, Daniel Schwam, Hanna Hoover


Download eBook for Free

FormatFile SizeNotes
PDF file 1.3 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 Format Price
Add to Cart Paperback154 pages $28.00

Research Question

  1. What is the evidence for payment inequalities between defense civilians in seven cyber work roles and their private-sector counterparts?

In 2016, Congress created the Cyber Excepted Service (CES) and granted the U.S. Department of Defense (DoD) flexibilities when setting compensation to support the recruitment and retention of personnel who are critical to the DoD cyber warfare mission. To justify a market-based permanent pay adjustment, there must be evidence that existing compensation is insufficient to attract and retain a required number of qualified employees. A persistent labor shortage signifies that compensation is insufficient and can be identified by high employee turnover or difficulty in filling posted vacancies.

In this report, the authors analyze the labor demand and supply for seven DoD cyber work roles that were collectively identified as high priority by the service components and the Office of the DoD Chief Information Officer (CIO). The authors provide a framework for adjusting pay according to economic theory, identify private-sector occupational counterparts for the seven work roles, discuss findings from DoD employment and compensation questionnaires completed by CES organizations, compare characteristics and life-cycle pay between DoD cyber civilians and their private-sector counterparts, and make recommendations for the DoD CIO when setting compensation policy.

Key Findings

  • The DoD CIO developed an employment and compensation questionnaire to identify cyber labor shortages. However, the responses provided to this questionnaire were generally incomplete and inconsistent, making it difficult to identify overall shortages.
  • Evidence suggests high turnover and substantial vacancies for Cyber Operators in U.S. Marine Corps Forces Cyberspace Command and for Authorizing Official/Designating Representative in the U.S. Navy's U.S. Fleet Cyber Command. There also is evidence that there were substantial public-private differences in pay in some areas (e.g., cyber civilians in the Seattle local pay area). In these cases, the use of compensation flexibilities might be warranted.
  • DoD civilian cyber workers are older and less likely to have a college degree; therefore, they potentially have more years of experience than private-sector cyber workers. DoD civilian cyber workers also are more likely to be U.S. citizens and to be veterans. Gender representation and average weekly work hours are similar.
  • There is a DoD civilian pay premium at hiring for all the roles we examined; however, over time, a private-sector pay premium almost always emerges.


  • The DoD should continue to categorize cyber personnel by cyber work roles. This is necessary for facilitating analysis of the positions and whether current compensation is sufficient to fill them.
  • The DoD CIO should regularly collect data on DoD and private-sector employment and compensation of cyber positions through an annual CES employer survey. Regularly collecting this information will facilitate the DoD CIO in identifying persistent labor shortages and tracking the use of recruiting and retention incentives.
  • The DoD CIO should commit to a Targeted Local Market Supplement (TLMS) adjustment schedule over five years, using verifiable hiring and retention benchmarks collected through administrative data, and communicate this to the organizations covered by this personnel system and their workforces.
  • The DoD CIO should consider structural pay adjustments using a TLMS for cyber work roles with existing labor shortages and major salary differences.

This research was sponsored by the Deputy Chief Information Officer for Cybersecurity and conducted within the Forces and Resources Policy Center and the Cyber and Intelligence Policy Center of the RAND National Security Research Division (NSRD).

This report is part of the RAND research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.