From a sheer numbers perspective, the cybersecurity workforce appears to be in a perpetual crisis.
For years, the number of qualified cybersecurity personnel has lagged far behind what’s needed to fill positions across all sectors, and the gap is only growing. And for federal agencies struggling to compete with private sector pay, the shortfall is especially acute.
But over the past six months, the White House, agencies and other organizations have said they’ll take concrete steps to address the persistent shortages. That makes 2024 a key year for realizing those commitments.
In July, the White House’s Office of the National Cyber Director released a landmark cyber workforce and education strategy. It aims to address the hundreds of thousands of vacant cyber jobs across the United States by, among other things, boosting cyber education and expanding the cyber workforce through workforce development and skills-based hiring.
And in November, the White House announced it had secured $280 million in commitments from more than 50 organizations to help advance the strategy’s goals.
Tara Wisniewski, the executive vice president for advocacy, global markets and member engagement at the cyber certification nonprofit ISC2, expects cyber workforce to continue to be a high priority in 2024.
“We’re going to see a continued focus on, how do we get more people into seats? And how do we get more people into cyber into the pipeline? How do we get more diverse people into the pipeline? And most importantly, how do we keep people in the pipeline?” she said.
For agencies in particular, the Office of Personnel Management is working with Congress to institute a new federal cyber hiring proposal. Officials have described it as providing a specialized cyber hiring authority for the entire federal government, similar to authorities already in place at the Defense Department and the Department of Homeland Security.
But Wisniewski noted 2024 will be a particularly difficult year to advance legislation through Congress given next fall’s presidential election.
“We don’t expect to see a big legislative agenda for next year,” she said. “But what I do think we’re going to see is a lot of activity on the activation of the national strategy.”
The White House strategy carves out a key role for agencies by positioning the federal government as a leader in adopting skills-based hiring practices. “The federal government should be a leader in the use of skills-based hiring best practices, which includes using skills-based assessments,” the strategy states.
“We need to change the way we look at vacancy notices, job questionnaires,” Coker said during his Senate confirmation hiring. “In cyber, it should not be a requirement for everyone to have a four-year degree. You can get that cyber education without going through a four year college. And so again, we need to deliver that message broadly and deeply.”
Last year, OPM released some guidance on skills-based hiring for federal hiring managers. During the rollout of the cyber workforce strategy over this past summer, Rob Shriver, deputy director at OPM, said the goal is to transform how agencies hire technology talent.
“We are exploring ways to realign many of the tech, cyber, AI and data roles and job series to skills-based hiring, completely eliminating the need for previous work experience or a degree if you can demonstrate that you’ve got the skills to do the job,” Shriver said
In September, OPM released a new handbook for skills-based hiring that goes into some detail on different IT and cyber-related positions. But agencies have yet to adopt wholesale changes to how they hire for cyber positions.
“If we’re ever going to close this gap, there are things that are critical — skills based hiring is one of them,” Wisniewski said. “My fear is it’s the federal government. They just move slow. . . . And so I think if there’s going to be any effort, there needs to be an effort around kind of making it easier to move more quickly.”
Cyber workforce development institute in the works
While major cyber hiring legislation may be a difficult accomplishment in the 2024 election year, the Office of the National Cyber Director is also working with Congress to establish Federal Cyber Workforce Development Institute. It would provide “standardized, role–specific skilling, reskilling, and upskilling opportunities,” according to the White House workforce strategy.
“By providing curriculum guidance and training for entry-level positions, the Institute could create valuable pathways into federal service and rapidly strengthen the cyber talent pipeline,” the strategy states. “The Institute would also facilitate career progression for current cyber practitioners by providing continuing education and professional development opportunities.”
The Cyberspace Solarium Commission developed the idea for the institute. Mark Montgomery, the executive director of CSC 2.0 at the Foundation for the Defense of Democracies, said the institute could help acclimate new hires to the world of federal cybersecurity.
“It’s where you get routinized into how the federal government does cybersecurity,” Montgomery said. “What we’re concerned about, what’s unique about it. It also gives us a good chance to assess you … Right now, cyber job placement should be skills-based, not resume-based. And so it gives a chance to assess some of those skills as well.”
And in addition to training new feds, Montgomery said the institute could also provide a level of mid-career training to incentivize more experienced agency cyber personnel to stick around.
“It also would serve a mid-career booster, where if you’ve been working for six years, you’ve got experience, but you need more certifications, that’s where you could go for that,” Montgomery said.
The institute could also train human resources professionals in cyber hiring and retention best practices. In most federal agencies, HR professionals are not solely focused on hiring cyber professionals, and Montgomery said the institute could help them understand important details, like what cyber skills are most important to specific jobs.
“To me that workforce development institute really gives a full spectrum of onboarding, support and development,” he said.