What Will it Take to End the Public Sector’s Cybersecurity Talent Gap?

Luis Alvarez/Getty Images

Featured eBooks
Digital Transformation
Read Now

Federal IT Modernization Still a Major Challenge

Read Now

DHS’ next chapter as an enterprise services provider

Read Now

What's happening in health tech

Read Now
By Tom Kennedy,
Vice President of Axonius Federal Systems, LLC

By Tom Kennedy

|

The difference between the number of open cybersecurity positions and the number of people able to fill those roles has skyrocketed in recent years.

Everything gets more complex over time. That’s true according to the second law of thermodynamics and of the cybersecurity skills gap. A decade ago, the cybersecurity industry suffered a shortage of 10,000 professionals. Today, that number has reached 2.72 million. How did we manage to get to this point?

For one, the approach to solving the cybersecurity talent gap focuses too much on filling experienced positions and not enough on welcoming true entry-level candidates. Nearly 400 cybersecurity programs exist in the U.S. today, but there aren’t enough entry-level positions open within the public sector to meet the demand from graduating students.

The good news is that both the public and private sectors recognize how critical it is that we find a solution to bridging the gap between talent and open positions. In July, the Biden administration held its first National Cyber Workforce and Education Summit at the White House, bringing together leaders from the private sector, public sector and even academia to identify solutions to help fill cybersecurity jobs.

While the discussions during that Summit have yet to be made public, the following offers a few suggestions for what should have been proposed.  

Adjust your entry-level expectations

The public sector can be deliberately hard to understand. From the multiple terms and acronyms used to describe programs and agencies, to an incredibly complex technological infrastructure, beginning a career in government can seem daunting. That is compounded when realizing even entry-level roles often require at least five years of experience. Many cybersecurity job descriptions highlight requirements for certifications and achievements, which can only be earned after a certain amount of time in the field. 

Instead of having such high expectations for entry-level candidates, which will only continue to leave hundreds of jobs unfilled, government agencies need to update their job descriptions to be truly entry-level and seek out college graduates or individuals who might have just completed a cybersecurity bootcamp or training program—and who have yet to gain any experience. 

It would also be beneficial to look at talent that might not come from a STEM field. Candidates with backgrounds in history or English can bring skills like analytical thinking and communication to the table—skills that are often a lot harder to teach than computer science.

Be open to the fact that on-the-job teaching will be required. 

Promote from within 

Both the private and public sector should aim to promote from within their current organizations. Whether it is someone who has already been working on the IT or security teams or someone who might be interested in transitioning from another department, agencies need to be open to hiring individuals with a diverse set of skills.

Establishing agency-specific cybersecurity apprenticeship programs would enable interested candidates from non-technical backgrounds to receive hands-on training without having to go back to school—and without needing to further delay the ability to fill critical roles quickly and from within.

Promoting from within also helps build loyalty and trust among employees. Giving employees the opportunity to grow within their careers signals that you value their hard work and will make them more willing to stick with the agency, even in tighter and more competitive job markets. 

After all, as Jen Easterly aptly shared during a discussion at RSA, “... nobody really comes into the government to make money. They come in, because they are motivated to raise their hand to support and defend the Constitution of the United States and defend their nation and America.”

But the public sector should still seek to close the public-private compensation disparity. 

Level the income playing field 

Despite suffering from an equally severe cybersecurity talent gap, private organizations often come out ahead because of their ability to offer candidates higher salaries. Recent data from labor market research firm Lightcast.io found cybersecurity professionals in the private sector make 14% more than their public sector counterparts. 

To solve the pay disparity between the public and private sectors, government agencies should allocate more of their spend toward talent acquisition. The president’s budget plan for fiscal year 2023 includes $10.9 billion for cybersecurity to “help improve the protection of federal infrastructure and service delivery against sophisticated cyber threats.” One could argue that infrastructure includes talent, and by directing more funds toward an increase in salaries, the public sector could start to see an increase in interested applicants.

But these are only three potential avenues for helping to close the cybersecurity talent gap. Those in the private sector must continue to cooperate and converse with the government and agree to share their ideas, successes and failures, in order to continue to identify long-term solutions. We’ve got a long way to go, but by coming together, we can help pass legislation that will improve existing hiring programs that work, continue to invest in our current cybersecurity workforce and ultimately improve our national security.

Tom Kennedy is the vice president of Axonius Federal Systems, LLC.

NEXT STORY: NASA is Crashing a Spacecraft into an Asteroid to Test a Plan That Could One Day Save Earth From Catastrophe

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.