Can the Cyber Workforce Action Plan Solve the Skills Shortage?

December 18, 2024

The “Cyber Workforce Action Plan” proposes a comprehensive strategy to address the critical shortage of cybersecurity professionals, which poses significant risks to national security and economic competitiveness. The Plan, to be developed by the White House Office of the National Cyber Director (ONCD) in collaboration with key agencies like the Department of Education (DoE), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), and National Security Agency (NSA), aims to create accessible pathways for individuals to acquire and demonstrate cybersecurity competencies through innovative educational approaches.

Addressing the Cybersecurity Skills Gap

The challenge highlighted by the Plan is the acute shortage of cybersecurity professionals in the U.S. and among its allies, resulting in significant vulnerabilities to national security and economic stability. The aging federal cybersecurity workforce and a large number of unfilled cybersecurity positions in the private sector are critical issues. This talent shortage extends internationally, especially in countries with less robust training programs, exacerbating the global cybersecurity skills gap. Traditional education and training programs often fail to keep pace with rapidly evolving technology and threat landscapes, and they tend to overlook potential career changers and nontraditional students who could bring valuable diverse perspectives.

Moreover, the shortage of trained professionals isn’t merely a domestic issue; it’s echoed across the globe. Many countries face significant struggles due to inadequate infrastructure for cybersecurity education, resulting in a widened gap that leaves critical systems vulnerable. This widespread shortage creates an environment where any cyber-breach can have far-reaching consequences across international borders. The challenge doesn’t solely lie in numbers but in the adaptability and readiness of the workforce to counter sophisticated and evolving cyber threats that come with technological advancements.

Innovative Educational Approaches

The Plan sees this challenge as an opportunity to revolutionize cybersecurity education and workforce development. By leveraging innovative approaches such as apprenticeships, micro-credentials, stackable certifications, peer-to-peer learning platforms, digital badges, and competition-based assessments, the Plan aims to create more responsive training programs that provide immediately applicable skills while allowing for continuous upskilling. These modern methods cater to a wider audience, making cybersecurity training more accessible and engaging, thus attracting a broader range of participants.

The initiative will enhance and expand upon existing programs, such as the CyberCorps: Scholarship for Service program while fostering new engagements with the private sector to mitigate infrastructure vulnerabilities. It will also prioritize diversity and inclusion by actively recruiting underrepresented groups, including women, people of color, veterans, and neurodivergent individuals, into the cybersecurity workforce. Additionally, the Plan will promote international cooperation to facilitate global cybersecurity workforce development. By focusing on these multifaceted strategies, a robust and diverse cybersecurity talent pool can be developed to better address both current and future demands.

Emphasizing Cybersecurity Awareness

The Plan emphasizes the importance of cybersecurity awareness and basic skills among all workers, not just those in cyber roles. As digital technologies permeate every aspect of modern work, a baseline level of cyber hygiene and security consciousness is becoming essential across all sectors. By addressing these challenges through the Cyber Workforce Action Plan, the U.S. can strengthen its national cybersecurity posture and create new pathways to well-paying, high-demand jobs for Americans from all backgrounds.

This initiative is critical, considering how integrated digital technologies are into daily work processes. Ensuring everyone has a basic understanding of cybersecurity principles will influence how organizations operate and protect their information. It’s about building a culture where every employee is a cybersecurity advocate, which can significantly reduce the risk of breaches due to human error. Furthermore, it instills a sense of shared responsibility across all tiers of the workforce, fostering a more secure and resilient operational environment.

Leveraging a Whole-of-Government Approach

The ONCD is positioned to leverage its whole-of-government approach to unite various cybersecurity workforce development initiatives, transforming high-level strategies into concrete, actionable steps. This coordinated approach will maximize the impact of existing resources, reduce duplication of efforts, and create a more robust and adaptable cybersecurity workforce development ecosystem. The National Institute of Standards and Technology (NIST) NICE Cybersecurity Workforce Framework provides the essential structure upon which this plan is built, aiming to create standardized assessments and implementation guidelines that can be adopted across both public and private sectors.

By unifying these fragmented initiatives, the Plan ensures that the government’s efforts aren’t working at cross purposes but rather in a synergistic manner. This collaboration will streamline processes, maximize efficiency, and ensure that resources are allocated where they are most needed. A strong, centralized effort is more likely to succeed with the breadth and depth of support from multiple government entities, providing a sturdy backbone for nationwide cybersecurity resilience.

Modular, Skills-Based Learning

The Plan proposes micro-credentials, stackable certifications, and digital badges as core components. These modular, skills-based learning approaches, exemplified by programs like SANS Institute’s GIAC certifications and CompTIA’s offerings, allow for rapid validation of specific competencies. Gamification and competition-based learning approaches, like the National Cyber League, SANS NetWars, and CyberPatriot, will also be formalized to drive engagement at a national scale. These methods not only validate skills in real-time but also enhance the learning experience by making it interactive and competitive.

This approach helps fit the diverse learning needs of the aspiring workforce, making the process flexible and less daunting. Participants can progressively build their skills and credentials, providing them with the means to advance their careers without requiring extended periods away from their current employment. The modular structure ensures that learners can update their skills continuously, aligning with the fast-paced nature of cybersecurity threats and technological advancements.

Drawing Lessons from Past Programs

Drawing lessons from past federal programs, such as the DoE CTE CyberNet program, NSF’s Scholarship for Service Program (SFS), and NSA’s GenCyber camps, the Plan emphasizes early engagement and practical, hands-on learning experiences. The Action Plan seeks to implement a unified standard for cybersecurity competencies, creating clear pathways for career progression and adapting to the evolving needs of both the public and private sectors.

Key past programs have demonstrated the efficacy of early and hands-on learning. By engaging students at a younger age and providing them with practical experiences, these programs have nurtured interest and foundational skills in cybersecurity. The Plan aims to build on these successes, integrating early and practical exposure to cybersecurity concepts to inspire and prepare the next generation of professionals. This early engagement is crucial to fostering a strong, long-term interest in the field, thus creating a sustainable pipeline of cybersecurity talent.

Standardized Assessments and Credentials

Key recommendations include the development of standardized assessments aligned with the NICE framework and the establishment of a system of stackable and portable micro-credentials. These credentials will be aligned with the NICE framework, stackable, and portable across different sectors and organizations, ensuring they have value regardless of where an individual seeks employment. Standardized assessments will ensure a consistent measurement of skills and abilities, contributing to a high standard of competency across the industry.

This standardized approach will facilitate easier movement between different sectors and job roles, providing individuals with more flexibility and improving their career prospects. Clear and universally recognized credentials mean employers can trust the qualifications of job candidates, knowing they meet industry standards. For individuals, it offers assurance that their efforts in gaining these credentials will be widely acknowledged and valued, thereby enhancing their employability and career growth opportunities.

Integrating with Existing Federal Initiatives

The Plan will integrate more closely with existing federal initiatives, such as DHS’s Cybersecurity Talent Management System, DoD’s Cyber Excepted Service, and NSF’s CyberCorps SFS program. It will explore opportunities to leverage widely adopted commercial certifications, such as those from Google and CompTIA, ensuring these certifications meet federal needs and creating a cohesive approach across both government and industry.

Integration with existing initiatives will not only enhance the efficacy of these programs but also ensure that there is no duplication of effort, maximizing resource utilization. By aligning the Plan with such established initiatives, it leverages their existing infrastructure and expertise. This symbiosis stands to benefit both the public and private sectors, creating a more unified approach to cybersecurity workforce development. It will also encourage a shared understanding and set of standards between the government and industry.

Strong Collaborations with the Private Sector

Strong collaborations with the private sector are emphasized, including the establishment of a Federal Cybersecurity Curriculum Advisory Board composed of experts from relevant agencies and leading private-sector companies. A new National Cyber Internship Program will provide hands-on learning opportunities, managed by the Department of Labor in partnership with DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and leading technology companies. Private sector collaboration is vital as many cybersecurity innovations emerge from commercial enterprises.

This collaborative effort will ensure that training programs are aligned with the actual demands and realities of the cybersecurity job market. Involving industry experts in curriculum development guarantees that the skills being taught are relevant and up-to-date. Furthermore, internship programs will give students essential practical experience and exposure to real-world cyber threats and defenses, significantly enhancing their employability. Strong partnerships between the public and private sectors can create a more harmonious transition for individuals entering the cybersecurity workforce.

International Cooperation and Global Standards

The Plan also addresses the global nature of cybersecurity challenges by incorporating international cooperation elements. This includes adapting the Plan for international use, facilitating joint training programs and professional exchanges, and promoting global standardization of cybersecurity education through collaboration with international standards organizations. Cybersecurity is a global concern, and efforts to secure one nation can be undermined if other nations remain vulnerable.

By fostering international collaborations, the Plan can help elevate global cybersecurity standards, encouraging a more comprehensive and cohesive approach to dealing with common threats. These international partnerships will facilitate the sharing of best practices, insights, and innovations across borders, strengthening global defenses against cyber threats. The Plan’s global outlook is crucial in creating a united front against cybersecurity challenges that know no borders, ultimately leading to a safer digital world for all.

Creating a Comprehensive Talent Pipeline

An expanded CyberCorps fellowship program is recommended as an immediate, high-impact initiative. The comprehensive talent pipeline will target students, recent graduates, and early-career professionals, offering competitive salaries, benefits, and loan forgiveness options. The program will include multiagency exposure and optional rotations, advanced mentorship, leadership development, and a focus on emerging technologies. These incentives are designed to attract top talent and retain them within the cybersecurity field.

Focusing on holistic professional development, the fellowship program will prepare participants for leadership roles within cybersecurity. The multiagency exposure and rotational opportunities will provide a broad understanding of different cybersecurity challenges and strategies, making fellows versatile and highly skilled. Emphasizing emerging technologies ensures that newly trained professionals are at the cutting edge of cybersecurity, ready to tackle the latest threats with innovative solutions.

Promoting Diversity and Inclusion

The fellowship program will emphasize diversity and inclusion, actively recruiting individuals from underrepresented groups and partnering with organizations like Girls Who Code. It will also develop standardized apprenticeship components for on-the-job training and strengthen partnerships with Historically Black Colleges and Universities, Hispanic-Serving Institutions, and Tribal Colleges and Universities. By focusing on diversity, the Plan aims to bring in a range of perspectives and ideas, enhancing problem-solving and innovation in the cybersecurity field.

This push for inclusivity will address not just the skills shortage, but also the lack of representation in cybersecurity. It will help create an environment where all individuals feel welcomed and empowered to contribute. Diverse teams are proven to be more innovative and effective, particularly in fields like cybersecurity, where different ways of thinking can uncover unique and effective solutions to complex threats. The Plan’s commitment to inclusivity will ensure a more equitable and robust workforce.

Implementation and Funding

The “Cyber Workforce Action Plan” details a thorough strategy aimed at tackling the severe shortage of cybersecurity professionals, an issue that endangers both national security and economic strength. This plan is to be assembled by the White House Office of the National Cyber Director (ONCD), in cooperation with essential agencies, including the Department of Education (DoE), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), and National Security Agency (NSA).

By promoting innovative educational methods, the Action Plan strives to establish accessible paths for individuals to develop and showcase their cybersecurity skills. The collaborative effort will focus on streamlining education and training programs to meet the modern demands of cybersecurity roles. This approach includes aligning curricula with industry needs, enhancing practical training opportunities, and ensuring that certifications reflect real-world expertise.

The ultimate goal of the Cyber Workforce Action Plan is not just to fill vacant cybersecurity positions but to build a more resilient and competitive workforce. With a multi-faceted strategy that includes public-private partnerships, continuous skill development, and targeted outreach to underrepresented communities, the plan seeks to create a diverse and highly qualified pool of cybersecurity experts capable of safeguarding the nation’s security and economic interests well into the future.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later