The White House’s new strategy for expanding the national cyber workforce carves out a key role for agencies by positioning the federal government as a leader in adopting skills-based hiring practices, while officials will also consider the creation of a Federal Cyber Workforce Development Institute.
The “National Cyber Workforce and Education Strategy” released today by the Office of the National Cyber Director lays out the Biden administration’s approach to meeting both immediate and long-term cyber workforce needs. It comes on the heels of the administration releasing its implementation plan for the overarching national cyber strategy.
And it comes as the demand for cybersecurity skills continues to outpace the supply of qualified personnel.
“We must align these jobs of tomorrow to our approaches to skilling,” Acting National Cyber Director Kemba Walden wrote in the foreword to the strategy. “However, there are structural challenges to building our cyber workforce and education system: hundreds of thousands of vacant cyber jobs; an insufficiently diverse workforce to fill those jobs; and barriers to accessing cyber education and training.”
The strategy cuts across four pillars focused on equipping all Americans with cyber “literacy” and skills; transforming cyber education; “expanding and enhancing” the cyber workforce; and strengthening the federal cyber workforce.
The strategy already has some funding behind it, Walden noted, in the form of grants and other programs included in the Bipartisan Infrastructure Law, the Inflation Reduction Act, and the Creating Helpful Incentives to Produce Semiconductors (CHIPS) and Science Act, respectively.
“The Biden-Harris administration already has some of the funding and pathways needed to turn this strategy into a reality,” Walden said during an address at the Atlantic Council in Washington today.
“We’re now coupling these bipartisan laws with this strategy to advance the administration’s vision of a robust cyber workforce equipped to build a safe, secure and resilient cyberspace.”
And while federal efforts represent just one piece of the strategy, Walden noted agencies have a key role to play in expanding the number of “good paying, middle class” cyber jobs available to a more diverse range of people.
“The federal government is seeking to remove barriers that prevent cyber talent from getting that critical first job,” she said. “This will benefit both early cyber talent, new to the workforce and seasoned job seekers new to the cyber field. I challenge America’s other sectors similarly to explore ways to reduce barriers to entry.”
The strategy emphasizes how not all cyber jobs require a college degree and argues qualified individuals from diverse backgrounds could be deterred from pursing a federal job due to postings with “obscure occupational classification series” that require four-year degrees and certifications.
“The federal government should be a leader in the use of skills-based hiring best practices, which includes using skills-based assessments,” the strategy states.
“We are exploring ways to realign many of the tech, cyber, AI and data roles and job series to skills-based hiring, completely eliminating the need for previous work experience or a degree if you can demonstrate that you’ve got the skills to do the job,” Shriver said at the Atlantic Council event.
He also pointed to OPM’s work to update the Pathways Programs that cover a range of entry points into federal service, including internships, fellowships, and recent graduate hiring.
“Those updates are going to make it easier to recruit top talent from diverse backgrounds, including people that have technical education, that have the skills certifications . . . community college graduates,” Shriver said. “All of those folks, the new pathways raised are going to help make it easier to bring them into the federal government.”
The new workforce strategy also highlights reskilling, upskilling and professional development opportunities for the federal workforce.
It directs agencies to leverage existing programs, pointing to the Federal Virtual Training Environment (FedVTE) managed by the Cybersecurity and Infrastructure Security Agency, the Open Opportunities platform run by OPM, and the CyberVets Program managed by the Centers for Medicare and Medicaid Services.
At the same time, ONCD and other lead offices under the Federal Cyber Workforce Working Group will “explore the creation” of a Federal Cyber Workforce Development Institute to “provide standardized, role–specific skilling, reskilling, and upskilling opportunities,” the strategy continues.
“By providing curriculum guidance and training for entry-level positions, the Institute could create valuable pathways into federal service and rapidly strengthen the cyber talent pipeline,” it states. “The Institute would also facilitate career progression for current cyber practitioners by providing continuing education and professional development opportunities.”
Limited details on cyber pay
The strategy lays out an objective to “improve career pathways in the federal cyber workforce,” but it includes limited details on how to address a common challenge across agencies: the low pay in government compared to the private sector.
It stresses that agencies should take advantage of hiring and pay flexibilities, like student loan repayment, critical pay authority, and recruitment, retention, and relocation pay incentives. And it points to alternative pay systems like the Defense Department’s Cyber Excepted Service and the Department of Homeland Security’s Cyber Talent Management System.
“The administration will work with Congress on proposals that complement the flexible hiring and compensation authorities in CES and CTMS by establishing similar hiring, pay, and talent management authorities in departments and agencies across the federal government,” the strategy states.
The strategy does not address the Special Salary Rate for IT workers approved by the Office of Personnel Management in January. So far, the Department of Veterans Affairs is the only department or agency to opt into the new pay model.
Former Federal Salary Council Chairman Ron Sanders, a longtime expert on federal workforce and cybersecurity issues across government, called the new workforce approach a “good strategy,” but lamented how it doesn’t take a more unified approach to cyber hiring and pay in government.
“That’s the single biggest flaw in that fourth pillar of the workforce strategy, is that it still takes a very traditional agency-by-agency approach,” Sanders said. He advocates for DHS or another central entity to coordinate cyber hiring across the civilian side of government.
The strategy does call across-the-board training to create a “cadre” of human resources professionals who are better-equipped to take better advantage of cyber talent management tools. OPM and lead offices will develop a “training program for HR specialists who will be able to apply best practices to the recruitment and hiring of federal cyber workers,” the strategy states.
And it additionally lays out a goal to use data to better inform cyber workforce management across government through better use of common categories, like those in Workforce Framework for Cybersecurity, better known as the “NICE Framework.”
Officials will “evaluate ways to strengthen the use of work roles derived from established workforce frameworks, including the NICE Framework, in cyber workforce management,” the strategy states.
“Work roles can be used to better understand the size, disposition, composition, and developmental needs of the federal cyber workforce,” it continues. “Departments and agencies should also be able to use these work roles to determine skills demands now and in the future, and focus their strategic human capital efforts appropriately.”