A report issued by the Government Accountability Office (GAO) in late 2021 named the cybersecurity skills gap as a leading cause of risk for federal agencies. The fact that the gap exists is no surprise, in fact it is an issue that extends beyond government. Overall, in the U.S. there is a cybersecurity workforce gap of more than 2.72 million positions. This makes the problem in government even trickier as agencies have to compete for what limited talent there is with private companies that can typically offer higher salaries and additional employment perks. Given this reality, the government is taking bold action to close the gap to ensure the highest levels of cybersecurity.
First step is understanding the problem
While we know there is a gap we don’t have enough data on it. Some in government are suggesting a creation of a Bureau of Cybersecurity Statistics could provide more granular data on the cybersecurity workforce and then coordinate across federal agencies. This group would supplement work being done by the Bureau of Labor statistics which found that information security analyst jobs (a subset of cybersecurity jobs) will grow by 33% from 2020 to 2030, making it critical to close the skills gap sooner rather than later.
Overarching changes can make a big difference
With more and more of our lives being driven online, the people who keep those online environments safe should be positioned as community helpers like police officers, doctors, nurses, and teachers. This is not a category many people see IT professionals falling into but viewing a cybersecurity career in this light might drive more people to it.
The 2021 Infrastructure Investment and Jobs Act allocates nearly $100 billion toward improving digital infrastructure and some of that money could be used to change how organizations support their cyber workforce including upskilling existing employees, creating a hybrid work environment to compete with private industry, and redesign workflows and services to mimic commercial, digital-first services.
Tactical steps being taken today
In the summer of 2021 the Department of Homeland Security (DHS) embarked on an aggressive cybersecurity hiring spree that looked to hire 200 people in 60 days. While admirable, to date this initiative has filled only 12 percent of more than 2,000 cybersecurity job vacancies.
The U.S. Digital Corps has been established as a new, two-year fellowship program to bring in early career techies into government. Some are calling for an expansion of this effort with a federal digital service academy that could operate like a military academy, but for training civil servants. A program like this could offer a four- to five-year combined undergraduate and master’s degree.
The Office of Personnel Management (OPM) released a webpage “hub” and a memo that outlines the tools and resources available to agencies for recruiting, hiring and retaining cyber talent. In many ways this memo provides for new flexibility in terms of strict government hiring requirements to get people in much needed cyber roles. One example is providing direct hire authority, a procedure that eliminates certain procedures to expedite hiring. It also allows for agencies to offer leave flexibilities, pay bumps for new employees, and student loan repayment programs to attract talent.
Beyond hiring, hiring right
In hiring cyber talent, government has to look beyond just getting people in the open positions, but ensuring that those positions are filled in a way that reflects the diversity of the citizens they will serve. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA) set a goal of closing the gender gap in the cybersecurity field by 2030. Currently women make up only 24% of the field of cybersecurity. She wants to get to 50% of women in cybersecurity by the year 2030 to tap into all of the cyber talent that may be overlooked.
Beyond gender diversity, agencies should look across all ethnicities to bring in more holistic perspectives into the complex cyber issues. For example, having a diverse workforce develop biometric technologies has proven to make algorithms more accurate in correctly identifying people of all races.
On GovWhitePapers you can find a wide variety of resources that provide insights into how the government can meet the cybersecurity skills gap:
- How Federal Agencies Can Reskill Workforce to Ensure Digital Transformation – This paper includes highlights from a discussion among federal government agencies about how to align re-skilling the federal workforce with the advancing digital landscape. Panelists shared insights on the various re-skilling challenges and solutions encountered in public service.
- Strategic Recruitment Plan Template – This resource provides ideas for agencies that need to rapidly grow their workforce in a way that attracts the right skills needed to meet modern missions.
- Lessons Learned in Workforce Innovation – This report summarizes unique initiatives carried out by the National Governors Association (NGA) Workforce Innovation Network grantees to identify and close gaps in jobseeker service delivery. It includes ten case studies of state objectives, activities, and outcomes achieved as well as state policy options for coordinating jobseeker service delivery for better employment outcomes.
- Global Cybersecurity Outlook 2022 – This report identifies the trends and analyzes the near-term future cybersecurity challenges. It provides an in-depth analysis of the challenges that security leaders are dealing with, the approaches they are taking to stay ahead of cybercriminals and the measures they are implementing to enhance cyber resilience not only within their organizations but also within the wider ecosystem.
- Skills Gaps: A Review of Underlying Concepts and Evidence – This report is a response to congressional requests for the Congressional Research Service (CRS) to identify, synthesize, and explain the core components of the skills gap discourse and, to the extent possible, explore and clarify evidence on the existence of skills gaps.