September 22, 2021

Building the Cybersecurity Workforce


KEY TAKEAWAYS

  • A longstanding challenge to increasing the cybersecurity of the nation is finding enough workers with the right skills.
  • The federal government has launched a variety of education, training, workforce development, and hiring initiatives to help close the country’s cyber workforce gap.
  • States, often in partnership with private-sector technology and cybersecurity companies, have also launched programs to develop a skilled cybersecurity workforce.

Increasing the cybersecurity of both government and private sector systems and networks, especially critical infrastructure systems such as the electric grid, has become an important concern for the federal government. A longstanding challenge to increasing the cybersecurity of the nation is finding enough workers with the right skills.

Global Cybersecurity Workforce and Workforce Gaps

Building the Cybersecurity Workforce

In the digital age, having an adequate cybersecurity workforce is a geopolitical advantage. One survey conducted in 2020 estimated there are nearly 880,000 Americans working in cybersecurity. It also estimated that the expected demand for workers was more than 1.2 million – a workforce gap of 29%. The gap is smaller, though still substantial, in many other countries.

An inability to fill critical cybersecurity roles can lead to devastating results. In the weeks before Colonial Pipeline was hit by a ransomware attack that forced it to shut down a pipeline that delivers fuel to nearly half of the east coast, the company was trying, and failing, to fill two key cybersecurity leadership positions, including manager of cybersecurity.

Federal Cybersecurity Workforce

While the private sector faces a cybersecurity workforce gap, the shortfall is even more acute in the federal government. Rigid pay scales, lower salaries than the private sector, and a burdensome hiring process all contribute to a cybersecurity talent gap in the federal workforce. It takes an average of 98 days for the federal government to bring new hires on board, more than double the time in the private sector. The federal cybersecurity workforce also is aging: in 2020, 15.7% of the federal IT workforce was 60 or older, while just 3.2% was under 30.

The federal government has launched a variety of education, training, workforce development, and hiring initiatives to help close its cyber workforce gap. In a report published earlier this year, the Government Accountability Office recommended federal agencies better identify skills gaps and future workforce needs, improve pay and hiring, and address factors that affect the federal work environment, such as rules against presenting research at conferences.

In May 2019, President Trump issued an executive order on America’s cybersecurity workforce. The order directs the federal government to create a cybersecurity rotation program, increase its efforts to provide cybersecurity skills training, and develop a plan for an annual cybersecurity competition for federal civilian and military employees.

The CyberCorps: Scholarship for Service program provides financial aid for students with cybersecurity-related majors. Students who get the scholarships agree to work for a federal agency – or in some cases state, local, or tribal governments – for a time equal to the duration of their scholarship.

The Air Force Association’s CyberPatriot program focuses on youth cyber education. Its goal is to inspire students to consider careers in cybersecurity and other science, technology, engineering, and mathematics fields of critical importance to the nation’s future. The program includes a team cyber defense competition and camps for middle and high school students, as well as an education initiative for K-6 students.

The U.S. Digital Service, founded in 2014 in the wake of the disastrous rollout of the Obamacare website HealthCare.gov, brings technology experts into government for limited “tours of civic service.” While USDS projects have been mostly focused on modernizing and simplifying public-facing services like the website veterans use to access VA information and services, the model may have applications for bringing cybersecurity experts into government.

federalism in action

A number of states, often in partnership with private sector technology and cybersecurity companies, also have launched initiatives to develop a skilled cybersecurity workforce.

In 2017, Georgia launched the Hull McKnight Georgia Cyber Center for Innovation and Training. The center is a public-private partnership that supports cybersecurity startups, houses the Georgia cybercrime unit, and promotes and provides space for tech workforce development, training, and research.

Massachusetts created the MassCyberCenter in 2017 to support education and training opportunities for students and professionals looking to get certifications and other career advancement opportunities.

Virginia launched Cyber Vets Virginia in 2016. The program provides veterans with cybersecurity training, apprenticeships, financial support, and authorizes academic credit for prior military training.

Congressional Action

Senators have introduced bipartisan legislation to help develop a skilled cybersecurity workforce.

The bipartisan U.S. Innovation and Competition Act, passed by the Senate earlier this year, contains provisions to build the cybersecurity workforce, including funding for fellowships and scholarships, and requirements for a federal re-skilling program to provide federal employees with the technical skills to serve in cybersecurity roles.

Senators Hassan and Cornyn introduced the Federal Cybersecurity Workforce Expansion Act. The bill would establish two new cyber training programs in the federal government. The first is a registered apprenticeship program at the Cybersecurity and Infrastructure Security Agency. The second program is at the Department of Veterans Affairs to give cybersecurity training to veterans. Senator Cornyn has said the legislation would harness the experience of veterans “to help ensure we are ready to fend off cyberattacks from our adversaries.”

Issue Tag: Technology