Lawmaker advocates 'all-of-the-above' approach to fix cyber worker shortage

The public and private sectors need to place a greater emphasis on cybersecurity education to effectively train the next generation of high-skilled professionals, the top Republican on the House Homeland Security Committee’s cybersecurity panel said on Monday during an event hosted by Axios.

Rep. Andrew Garbarino, R-N.Y., who chairs the Cybersecurity and Infrastructure Protection Subcommittee, called for “an all-of-the-above approach” to address the nation’s cyber workforce shortfall, noting that some estimates show that there are over 700,000 unfilled cybersecurity jobs across the country, with 40,000 of these vacancies in the public sector alone.

To respond to these widespread challenges, Garbarino said the U.S. needs “to start education on cybersecurity” to help defend against future risks. 

“You start using cyber terms in K-12,” he suggested, adding that “a lot of people don’t realize these jobs are available, they don’t realize that these jobs don’t require a four-year degree.”

Garbarino said that, in addition to less rigorous educational requirements to enter the profession, these jobs provide a lucrative career path for many Americans — necessitating greater engagement between potential employers and schools.

“It's companies getting out there — to the schools, to the guidance counselors, to the principals — saying ‘hey, you know what, we can get these kids trained,’” Garbarino said, adding that some companies have already created cyber programs and cyber internships to entice, recruit and train students and young professionals to enter the profession. 

Garbarino also raised the idea of establishing a Cyber Academy — an idea that has been championed in recent years by Sen. Kirsten Gillibrand, D-N.Y., — to teach cyber-focused courses, drawing a parallel between the proposed institution and West Point or the U.S. Naval Academy. He called it “a big step,” but added that it “could be a long-term fix for us” when it comes to addressing the current glut of open cyber positions. 

Given the scope of the workforce shortage, however, Garbarino said that the public and private sectors need to “have a short-term fix” to address cyber risks, such as using artificial intelligence technologies. He noted that some private sector executives “have told me that they do use AI now for defense” when it comes to mitigating current cyber risks. 

He also noted that the full House Homeland Security Committee advanced legislation last month “to offer training to other members of the [Department of Homeland Security] to try to get them into cyber.” The bill would direct the Cybersecurity and Infrastructure Security Agency to train interested DHS employees who are not in cyber-related positions as part of an on-the-job program.

Garbarino noted that CISA has a strong working relationship with the private sector — particularly when it comes to sharing threat information with officials overseeing critical infrastructure services — but added that the agency itself is not immune to cyber workforce challenges. He said that ensuring CISA “has everything it needs to hire the employees, to get that information out and to do other things as well” was a top priority for him this Congress.

“I'm going to continue to push to make sure that CISA is properly funded,” Garbarino said, adding that the agency’s director, Jen Easterly, “is really trying to up her game and make sure that they can get more employees through the pipeline” but that “they need to do a little better” when it comes to expanding out their cyber workforce. 

Lawmakers are continuing to highlight concerns around the nation’s shortage of high-skilled cyber professionals, particularly as threat actors and hostile nation states increasingly target schools, hospitals, government services and other institutions. Garbarino noted that his panel’s next hearing — which is not yet scheduled — “is going to be focused on growing the cyber workforce pipeline.”