Desperately seeking cybersecurity pros
The federal government faces a 'pipeline issue' in attracting young cybersecurity professionals.
Leaders from across the federal government are trying to improve training and education in an effort to expand the cybersecurity workforce. (Photo: Steve Cole Images)
The calls for a beefed-up workforce that specializes in cybersecurity are not new. In this highly critical arena, the demand for talent is sky-high and insatiable. But with a nationwide shortage of students of science, technology, engineering and math (STEM), where will tomorrow’s workforce – which is needed already – be found?
Leaders from across the federal government are following up on their calls for digital-era employees with a renewed sense of urgency, and with a range of initiatives designed to educate, train and incentivize work in the cyber field. They also are emphasizing that it is not just computer science majors and technological whizzes they seek.
“There’s a wide range of functions and skills that are required for us, whether you’re in industry, other elements of government, military – all across the board, there are a wide range of skills and functions we need,” said Army Maj. Gen. John Davis, senior military adviser for cyber to the under secretary of defense at the Defense Department. “Every person who touches a keyboard is in some way associated with the cyber domain, because there are disciplines and standards associated with protecting against the threats.”
Davis, who spoke Oct. 26 at the Center for Strategic and International Studies in Washington, noted that DOD, like the rest of the federal government, is feeling the shortage. That gap between supply and demand has deep roots, he said, and the problem begins with defining the need itself.
“We don’t have all the capacity and the right sets of skills that we need to do all that’s required,” Davis said. “In the department we are still struggling to fully define and empower the cyber workforce. It’s a big challenge, just to define the techniques.”
“The definition that we’re working on now includes a wide range of functions and skill sets,” he continued. “Analytics, forensics, training, testing and evaluation, engineering, operational planning, leadership roles, legal, law enforcement – there’s a very wide range that all go into the mix we’re calling the cyber workforce.”
The scarcity is reflected throughout the education system, from primary schools to universities. There are fewer graduates in STEM areas, and women are particularly underrepresented – a big problem for a field that already lacks diversity.
“The outlook is grim because we are not producing, from an education perspective, the people with the right skills sets to just have the entry-level skills needed in order to make progress in cybersecurity,” said Cynthia Dion-Schwarz, deputy assistant director for computer and information science and engineering at the National Science Foundation. “It’s a pipeline issue…it’s not a desire or capability issue.”
Panelists said it is also difficult, beyond the educational and initial employment phases, to establish ways up the professional ladder.
“I didn’t wake up and say, ‘I’m going to run all the information technology for the United States government, and what’s that career path?’” said Karen Evans, the former administrator of OMB’s Office of Electronic Government and Information Technology who is now national director of the U.S. Cyber Challenge. Evans noted that a search for cybersecurity jobs on USA Jobs yields only two or three listings.
Dion-Schwarz echoed that idea, pointing out the difficulty in navigating the cyber career path.
“For many of the leadership opportunities, it’s not like you open up the Washington Post and the jobs listing is ‘We’re looking for a new CIO,’” Dion-Schwarz said. “So [networking] opportunities and teaching women through mentorship throughout their career...are of immense importance of making sure they’re aware of the opportunities that are out there.”
Networking and mentorships are just part of the budding movement for prepare and propel the cyber workforce.
Davis noted a cross-government program for international outreach, led by the State Department, that promotes engagement in search of common solutions and cyber framework. Evans highlighted “nerd camps” that promote STEM learning
Later in the day, Homeland Security Secretary Janet Napolitano also underscored efforts underway at DHS and elsewhere, including the National Initiative for Cybersecurity Education and support for supporting Centers of Academic Excellence across the country, of which there are already 145 programs, she said.
She also touched on DHS’ just-announced “Secretary’s Honors Program,” designed to recruit, retain and develop entry-level talent for DHS. Furthermore, Napolitano said the agency is beginning to implement recommendations from DHS’ Homeland Security Advisory Council Task Force on CyberSkills in order to further build up the cyber workforce.
“We know that in the U.S. we simply need to grow and have more students who have competencies in the… STEM coursework,” Napolitano said. “It is something we need to think of not just as a DHS issue, but as a United States writ large issue.”