The news around the number of vacant jobs isn’t new, and there is a lot of great work being done to train new Cyber security professionals. However, it has highlighted another issue; our inability to measure the problem accurately. If it isn’t measured, how will we know if it improves?
It’s not that people don’t care. It’s the opposite. Most within the federal government and private sector are aware of the problem and would love to find a solution. What that solution looks like, however, is still unknown.
According to Cyberseek there are over a half-million cyber security job openings nationally (public and private sector combined)
This shortage comes when cyberattacks are increasing, as is our use and reliance on the cloud and internet-based applications for critical infrastructure. Additionally, The Bureau of Labor Statistics is projecting 33% growth by 2030 for many cyber security jobs within the federal government.
Struggle at the Federal Level
While the issue is well-known, there has been a lack of regulation and oversight related to governance. In fact, Congress mandated the National Academy of Public Administration to investigate and report on what can be done at the federal level to help fill these open positions.
The report ultimately recommended passing responsibility to the National Cyber Director, a newly created position under the Biden administration. They recommended that the ONCD take charge of creating a multi-sector effort.
Per the report,
“Finding 1: Although active collaboration between leaders of the Office of the National Cyber Director (ONCD) and CISA has led to great strides in coordinating initiatives and resources for meeting the nation’s more significant cybersecurity challenges, federal agencies are not clear about their developmental, implementation, and operational responsibilities for workforce development and how these fit together to accomplish the larger workforce development objectives of the nation.
Recommendation 1: The ONCD should develop and implement an appropriate operating model and governance structure to integrate actions by CISA, NSA, NIST, DoD, and other relevant federal agencies and organizations involved in building the cybersecurity workforce for the nation. This includes coordinating with and specifying roles and responsibilities between and among agencies.
Recommendation 2: Congress should ensure the ONCD has budget and performance assessment authority to lead and coordinate the programs that will develop the needed workforce, including controls to drive agency implementation of these programs.
Recommendation 3: The ONCD should establish and run a leadership working group or council for cybersecurity workforce development with responsibility for both government-wide and external cybersecurity workforce development programs.
- The ONCD should also charge a designated senior official as the leader of this working group.
- The ONCD should specify the authorities and responsibilities of the group and its leader and identify the major federal member organizations. The private sector, SLTT governments, and academic representatives could also be included as working group members, as appropriate, based on objectives.
Recommendation 4: The ONCD should ensure data relevant to cyber workforce challenges and needs are collected and available for use in developing strategy, creating educational programs, and assessing the impact and effectiveness of workforce development initiatives.
- One way of accomplishing this would be to establish a Bureau of Cybersecurity Statistics or a similar organization.”
Assuming the ONCD receives the resources and support it needs to build its model, it is a daunting task, to say the least.
As mentioned in the NAPA excerpt above, one of the main reasons is the lack of relevant data collection today.
According to a recent FCW article, the ONCD’s ability to address the issue will hinge, to some degree, on accurate data measurement. One of the co-chairs of the NAPA study, Dan Chenok, said,
“There’s a Bureau of Justice Statistics or a Bureau of Labor Statistics. There isn’t a Bureau of Cyber Statistics or some similar kind of data focused around a common framework.”
This statement and challenge make perfect sense. If, for example, you know there are 500,000 open positions, some following logical questions might be:
- How many of these positions are tier 1, 2, and 3 IAT positions?
- Are there cyber-adjacent roles?
- Which members of our current cyber workforce are promotable?
- How many members of the cyber workforce are compliant with current directives (DoDD 8570/DoDD 8140)?
And the issues facing the federal government aren’t isolated. The shortage of qualified cyber workforce personnel is a National problem, not just one within the government.
CyberSTAR is the trusted source for ongoing cyber training. Used by the DoD, other government agencies, and corporate customers, it is the most effective automated credentials management and cyber workforce compliance system available, with over two million registered users.
CyberSTAR helps streamline processes and maintain current credentials for your cyber workforce by:
- Ensuring proper training and certification (including DoDD 8570, DoDD 8140, NIST NICE, and other commercial standards)
- Matching personnel and roles to contractual or regulatory requirements
- Forecasting, planning, and recruiting the workforce
- Continuous compliance and on-demand reporting
- Reducing the cost and complexity of identifying skill gaps
CyberSTAR is the one source of truth for all your cyber training and certification—evaluating, expanding, and enhancing your organization’s cyber readiness.