Cyber workforce strategy requires buy-in across sectors, experts say

The National Cyber Workforce and Education Strategy offers an opportunity to bolster cyber talent, experts said, but will be contingent on cooperation between government and industry.

The National Cyber Workforce and Education Strategy offers an opportunity to bolster cyber talent, experts said, but will be contingent on cooperation between government and industry. Shannon Fagan / Getty Images

The new strategy released this week looks to address longstanding challenges in the cyber workforce – but it will require extensive cooperation from the private sector and academia to be successful, experts told Nextgov/FCW. 

The National Cyber Workforce and Education Strategy released on Monday provides the U.S. with a digital blueprint to bolster national cybersecurity and address longstanding challenges across the cyber workforce – but experts told Nextgov/FCW that for it to be successful, the guidance will require extensive cooperation across the public and private sectors. 

The White House released the long-awaited guidance after initially publishing the National Cyber Strategy earlier this year and indicating that it was preparing a more robust plan to address issues within the cyber workforce. 

The latest strategy seeks to promote nationwide cybersecurity education, particularly in underserved communities, to help promote diversity and expand opportunities for people interested in pursuing a cyber career.

The plan aims to address the critical demand for cybersecurity talent nationwide by reducing barriers to entry into the cyber field and eliminating restrictions that prevent employees from moving between the private and public sectors. 

The U.S. currently faces a cyber workforce shortfall of more than 410,000 cybersecurity professionals, according to research from the International Information System Security Certification Consortium. Clar Rosso, CEO of the consortium, told Nextgov/FCW that the talent gap presents a "significant risk" to economic and national security.

"The diversification of the types of people we recruit into the industry is as important as how we recruit them," Rosso said. "However while widening the gate we must not lower standards, and assuming that anyone can do the work of a cybersecurity professional is misleading and a disservice to the existing — and future — cybersecurity workforce."

Acting National Cyber Director Kemba Walden said at an event hosted by the Atlantic Council shortly after the release of the guidance that "implementing the national cyber workforce and education strategy requires joint action by government, industry, academia and civil society."

"It's an ambitious task, to be sure," she added. 

The administration's national cyber strategy faces implementation challenges over a critical lack of federal funding to support some of its cyber initiatives, but Walden noted that recent legislation like the Bipartisan Infrastructure Law, the Inflation Reduction Act and the Creating Helpful Incentives to Produce Semiconductors and Science Act provide funding to support several efforts detailed throughout the cyber workforce and education strategy. 

The strategy also calls on agencies to take advantage of existing programs as part of  governmentwide efforts to reskill and train federal employees into cyber positions. 

The real challenge in implementing the cyber workforce strategy comes down to effective collaboration and cooperation across industries, the nation's education system and the general public. 

"The cyber workforce strategy offers remarkable opportunities to enhance America's cyber resilience through collaborative efforts between the public and private sectors," Omkhar Arasaratnam, general manager of the Linux Foundation's Open Source Security Forum, told Nextgov/FCW, adding that "these initiatives will require time to see results.

"The comprehensive design of this strategy — tackling early education, known skills gaps and career placement opportunities — will allow the federal government and private companies to improve their cyber defenses by employing more security engineering professionals with more diverse perspectives," he added. 

Some organizations have already made significant changes to their cyber policies and training in response to the administration's whole-of-nation effort to address cyber workforce issues. 

The cybersecurity firm Fortinet customized its information security awareness and training service for the education sector following its participation in the White House cyber workforce and education summit, then made it available at no cost to school districts nationwide. 

"We hope the White House continues to leverage the existing efforts and resources of the private sector to ensure the intended goals of the strategy are delivered," Rob Rashotte, vice president of global training and field enablement at Fortinet, told Nextgov/FCW. 

The guidance tasks the Federal Cyber Workforce Working Group with beginning to develop curriculum guidance and training for entry-level cyber positions while exploring the creation of a Federal Cyber Workforce Development Institute to provide standardized training and opportunities. 

Robust training opportunities and expansive cyber education across the country will help make the goals outlined in the strategy become a reality, Arasaratnam suggested, adding that organizations from both the public and private sectors "must cooperate" in the strategy "in order for the necessary and expansive changes to occur at all levels of society. 

"By providing ubiquitous access to high-quality cybersecurity education and jobs for all Americans, we can ensure that we stay ahead of new and evolving cyber threats by making our nation’s software foundations secure by design," he said.