The White House’s Strategy to Address Cyber Workforce and Education
The talent shortage in both public and private sector cyber roles is well known, but it remains a difficult problem to address. Some statistics put the shortage at over 750,000 people in the United States alone. This impacts entities of all sizes—from the Department of Defense filling critical cybersecurity roles to local nonprofits—and presents both cybersecurity and national security risks.
The White House released the National Cyber Workforce and Education Strategy (NCWES) on July 31, which is the latest piece of the National Cybersecurity Strategy Implementation Plan. The R Street Institute was honored to provide thoughts and ideas during the drafting phase. While there is still work to do in the short and long-term, the NCWES identifies initiatives to help address our cyber workforce challenges.
The NCWES is split into four pillars: 1) Equip Every American with Foundational Cyber Skills; 2) Transform Cyber Education; 3) Expand and Enhance the National Cyber Workforce; and 4) Strengthen the Federal Cyber Workforce. There is a lot to expand on, but a few items and themes are worth highlighting and providing initial reactions on.
- Cybersecurity is generally thought of as being technology- and product-heavy, but people are an essential element even as future innovation might lead to roles evolving. This includes individuals of different backgrounds and with different experiences such as military spouses, veterans, people of color and tribal nations. The skillsets needed also vary because individuals sought for open roles do not need to be “coders” or computer scientists only, even if they are in demand. Also, supporting greater participation by veterans in the cyber workforce is a laudable aspect of the strategy, as many veterans not only have valuable cyber training and experience already, but it also helps address veteran hiring challenges overall.
- Cyber skill development should be lifelong and include foundational cyber skills even if the individual does not enter the cyber workforce, which should incorporate both formal and informal opportunities. This theme recognizes the important role of industry in teaching and training individuals, and of K-12 schools and higher education institutions in offering it in the curriculum over time. On the education front, providing resources and training schools and educators will be paramount because many schools are still trying to figure out how to defend themselves, let alone incorporate cyber in their curriculum.
- The federal government has a key role in improving the hiring and retention of cyber talent for federal positions, especially as recruitment and application processes are notoriously difficult to navigate. It is positive to see reduced barriers to transition between the private and public sector included in the NCWES, which could even include temporary duties by employees of both with the other.
- Multiple objectives reference the need for federal grants and funding to help meet the strategy’s goals, along with adding requirements in government contracts and grants. While these may be needed in some cases, exploring low or no-cost opportunities and collaborations with industry are advantageous and should be prioritized. Some of these have been announced already.
Multiple themes of the NCWES align with efforts of R Street’s cyber team, which has a history of engaging on the cyber workforce through its #MakingSpace and CyberBase initiatives. Launched in 2021, #MakingSpace aims to increase speaker and expert diversity at participating events. The coalition is committed to elevating diverse ideas and individuals, and enhancing scholarship within the cybersecurity space. CyberBase is a curated, interactive list of Black cybersecurity experts that is open to recruiters, policymakers, influencers, reporters and key decision-makers. The CyberBase blog series was our latest effort, which highlighted topics like filling the cyber skills gap, cybersecurity volunteering and resources for making a career change to cybersecurity. The team also regularly speaks on the cyber workforce and support the work of other organizations like The Consortium of Cybersecurity Clinics.
Looking ahead, the Office of the National Cyber Director is responsible for the implementation of this strategy, including refining roles, responsibilities, metrics and timelines. It is clear that multiple federal agencies, industry, civil society, educators and all Americans have a part to play.