White House releases strategy to expand the U.S. cyber workforce
The plan includes measures for improving cybersecurity knowledge at all levels of education and improving how the federal government attracts, hires and pays cybersecurity workers.
The Biden administration unveiled its National Cyber Workforce and Education Strategy Monday that envisions introducing cybersecurity concepts in early childhood education while making advanced occupational training in cyber more accessible and affordable.
Released by the Office of the National Cyber Director, the education strategy’s primary goal is to bridge the gap between vital jobs in the cybersecurity field and the U.S. education system’s current curricula. As part of the Biden administration’s plan to fortify the nation’s overall cybersecurity posture, the plan aims to ensure the workforce is equipped with the necessary technological skills to maintain strong cyberdefenses.
Deputy National Cyber Director Camille Stewart Gloster discussed the strategy’s objectives in filling job vacancies through the lens of both national security and economic imperatives.
“We are seeing that technology as it underpins increasingly everything that we do or access to services, we all must have a set of foundational cyber skills to thrive, and to build, and to engage and get jobs in the cyber workforce and to get jobs across the workforce,” she told reporters in a press call Monday.
Similar to other executive-level national strategies, the cyber education strategy is organized into four pillars to execute its goals: equip every American with foundational cyber
skills; transform cyber education; expand and enhance America’s cyber workforce; and strengthen the federal cyber workforce.
Stewart Gloster explained that the strategy’s structure aims to not only establish a foundational level of digital literacy — including skills in data analytics, cyber threat evaluation and secure use of digitized information — but also wants to emphasize the non-technical components of cybersecurity. The strategy includes sections on overall education and awareness writ large, as well as the cybersecurity workforce outside of the government context, such as equity and inclusion issues, privacy rights and data security.
With a strong education in digital and computational literacy, the administration aims to ensure the U.S. workforce is also digitally resilient and capable of adapting to ever-changing technological systems.
This approach will apply across industries and the U.S. education system.
“Our ecosystem approach consists of networks of partners across sectors and disciplines, who come together to articulate the needs of employers; to create academic institutions and academic and education programs that are responsive to the needs of employers; to create skills based training opportunities for job seekers; [and] to create the community structures and support that allow this to be a continuous conversation that penetrates from K through 12 all the way up,” Stewart Gloster said.
The strategy comes as demand for cybersecurity talent is stronger than ever. From May 2022 through April 2023 the United States had over 663,000 cyber job openings, according to Cyberseek — which is backed by the National Institute of Standards and Technology — and over 8,000 openings in the same period for the federal government alone.
Despite that demand, a common complaint among job seekers is that the industry is difficult to break into and largely homogeneous. Approximately 74% of the government’s cyber workforce is male and 64% is white, according to 2022 Office of Personnel Management statistics.
Promoting diversity within the new cyber workforce is therefore a cornerstone of the strategy. James Moore, assistant director for the National Science Foundation’s STEM Education Directorate, announced a series of accompanying scholarships and stipends in the Monday call with reporters that will target geographically diverse areas and educational institutions to create a pipeline to cyber roles in the federal government.
Moore confirmed that the NSF renewed funding for seven academic institutions, with over $24 million in public funding to invest in educational programs, including those at the University Alabama, Birmingham; California State University, Sacramento; University of Tennessee at Chattanooga; Tuskegee University; SUNY at Buffalo; Mississippi State University; and Idaho State University.
“The success of this program is evident, and nearly all students who previously participated in the seven award programs have secure placements in federal cybersecurity positions,” he said. “This highlights NSF commitment to reach in the missing millions. These are individuals who have not been adequately inspired, cultivated and supported for the stem enterprise, particularly in the cybersecurity space.”
Previous federal initiatives, such as those within the Department of Homeland Security, have also prioritized recruiting and training a diverse cohort for the next generation of cybersecurity professionals.
The strategy also proposes eliminating or lowering some of the barriers that prevent the easy movement from private sector to government positions, including making sure that federal job postings "do not overstate vetting requirements" for security clearances. Additionally, the White House is looking to work with Congress to extend cybersecurity pay enhancements currently on offer at the Departments of Defense and Homeland Security to agencies across the government.
The government has also historically struggled to source good data on the cybersecurity workforce, something experts say makes it hard to measure how well efforts to fix the labor shortage are — or aren’t — working.
Recruitment, development and retention efforts have also struggled with requirements for college degrees, expensive certifications and/or years of experience even for entry level jobs — a trend experts say blocks qualified beginners from entering the field and also leaves needed roles empty.
Editor's note: This story has been updated to correct Camille Stewart Gloster's job title.