Written by Natalie Alms
Although there is broad agreement between industry and government that the growing cyber talent gap demands attention, how exactly the White House will wield its ability to assess federal agency work and annual budget proposals to address the issue remains to be seen.
Cybersecurity workforce stakeholders offered their insights to help inform the White House Office of the National Cyber Director’s forthcoming cybersecurity workforce, training and education strategy as part of a rare White House request for information issued on the topic last month.
The strategy is meant to address the shortage of workers (currently sitting around 769,000 job openings, according to Cyberseek) and push a deeper cyber awareness in the broader public.
Camille Stewart Gloster, the ONCD’s deputy national cyber director for technology and ecosystem security, has previously said the strategy will clarify roles among government actors and drive ONCD efforts to grow successful programs and shrink others.
FCW reviewed RFI responses from a variety of stakeholders on how to shape the strategy, finding that many focused on recruitment and hiring, diversity and inclusion and data.
Agencies need more money to bolster effective cyber programs
Some of the comments centered on the traditional appropriations challenges of scaling successful programs to make a more prominent impact.
“The first thing you want to do, is you want to start with the good things that already occur and try to leverage those more effectively,” David Powner, director of MITRE’s Center for Data Driven Policy, told FCW, suggesting the White House scale the use of direct hiring and pay flexibilities in government and the Cybercorps Program.
Cyberspace Solarium Commission offshoot CSC 2.0 also has a wishlist: more funding for Cybercorps; more funding for the Cybersecurity Education and Training Assistance Program, and more funding for National Initiative for Cybersecurity Education, among other ideas.
Redefining cyber certs could help target more talent
Hiring was a big topic in several submissions and it may prove the most difficult to solve.
Currently, many employers use education and certifications to evaluate cyber candidates, not skills or aptitudes. Several RFI respondents say that many employers ask for advanced certifications and years of experience, even for entry-level jobs.
“There’s a gap between the requisitions that are being put out by companies and the skills that the workforce has,” Tennisha Martin, founder and executive director of nonprofit Black Girls Hack, told FCW.
Even (ISC)², a nonprofit that maintains a portfolio of cybersecurity certifications, wrote in its submission that its own research shows employers look for “certifications that require several years of experience” for entry- and junior-level hires.