The need for a skilled information technology and cybersecurity workforce is an issue raised at almost every gathering of federal agencies and industry leaders. The overarching conversation may be about the latest zero trust mandates, or the most recent guidance from the Office of Management and Budget, but a key, underlying element remains: the need for skilled cybersecurity staff.
“A secure cyber ecosystem is as much about people as it is about technology,” noted the Cybersecurity and Infrastructure Security Agency in its 2023-2025 Strategic Plan, which focuses on reducing risk and building resilience to cyber and physical threats facing the nation’s infrastructure. The plan also strives to “cultivate and grow CISA’s high-performing workforce,” as one of CISA’s primary objectives.
Cyber resilience starts with people
Recruiting, retaining and developing cyber talent is a challenge for most federal agencies as they seek to build cyber resilience. Currently, more than 714,000 cybersecurity jobs are open nationwide, with nearly 39,000 unfilled cybersecurity positions in the public sector, according to CyberSeek. Additionally, the Department of Labor projects a 14% increase in the need for information security analysts in the federal government through 2030, as cybersecurity is an imperative for bolstering national resilience.
Of course, many workers feel called to serve their country or support the mission of a specific department. But the government struggles to recruit the volume of workers that it needs. Just over 7% of all permanent, full-time federal employees are under the age of 30, compared to more than 19.7% of all private sector employees. The federal workforce includes 16 times more workers over the age of 50 than under the age of 30.
Federal agencies cannot lure the next generation workers with perks that private sector firms can offer: Higher salaries, unlimited paid time off, free lunches, stock options, company-sponsored trips and more. But agencies can be creative in their recruiting and retention techniques in other ways — ensuring that talented cybersecurity personnel are prioritized accordingly as part of the government’s greater cyber resilience strategy.
Consider President Joe Biden’s recent student loan forgiveness program, which targets individuals making less than $125,000 or households making less than $250,000. It will help 43 million people, according to the White House. This program is life-changing for many borrowers.
Taking this idea further could be revolutionary for the federal government. Imagine this scenario: The federal government offers one year of loan forgiveness for each year of cybersecurity service. Such a program would be an amazing recruiting tool, enabling agencies to better compete with the perks at Silicon Valley startups and tech giants. In exchange for four years of work, students could be free of their student loan debt.
An existing program provides $10,000 a year in student loan forgiveness, up to a lifetime maximum of $60,000 for cyber employees in the federal government. This is a great start, but it might not be a sufficient incentive for someone with larger loans. The average annual tuition at a private four-year college is $38,185, and most borrowers incur charges for room and board on top of that.
Imagine if just 0.5% of the 43 million people now eligible for federal student loan forgiveness applied for federal cybersecurity jobs in exchange for four years of college loan forgiveness. That would give the government 215,000 people to choose for their cybersecurity vacancies. Even if only a fraction of selected workers stayed past their four-year term, the government would still benefit tremendously from their contributions.
A loan forgiveness program like the one outlined above would enable federal agencies to behave more like the private sector, and perhaps even give them a recruiting advantage against private sector tech organizations.
While the federal government’s retirement benefits are a silver lining at the end of a career, loan forgiveness could be the pot of gold that entices a new wave of workers to serve their country now, and some of them will sign on for the long haul.
Build recruitment into your cyber strategy
The fact of the matter is that cyberattacks are growing more frequent, expensive and devastating. The federal government has a responsibility to improve resilience to cyberattacks to protect critical infrastructure and data. This starts with having enough skilled workers to develop and implement the best possible strategies. Loan forgiveness is just one idea to make this a reality. Consider what would incentivize new talent to join your agency — our national cyber resilience depends on it.