Washington Moves to Address Shortage of Cybersecurity Workers
Frederick Scholl, Ph.D., Cybersecurity Program Director, Quinnipiac University
Two new initiatives out of Washington last week promise to increase the number and skill level of trained cybersecurity specialists. First, President Trump issued a new Executive Order regarding America’s Cybersecurity Workforce. In addition, the Senate unanimously passed a new bill strengthening the Federal cybersecurity workforce; this bill will now go onto the House.
The new initiatives come in an environment that includes both a shortage of trained workers and recent, devasting attacks on Federal information systems. The www.cyberseek.org survey site indicates 313,735 cybersecurity jobs listed within a recent twelve-month period. Currently 715,000+ workers are active in the cybersecurity field. Both numbers are for US only. In addition, major hacks against Federal information resources have been well documented. The June 2015 OPM (Office of Personnel Management) breach resulted in 21.5 million stolen personnel records for current and former Federal employees. The 2016 NSA Shadow Brokers breach and the 2017 CIA Vault 7 breach are two other disastrous headline-making incidents.1 The Wall Street Journal recently highlighted how these past breaches are supporting new attacks involving both intellectual property theft and espionage.2
President Trump’s EO addresses these problems through recognition of the nation’s cybersecurity workforce as a strategic asset. Developing this asset includes three initiatives to be carried out:
- Novel training approaches to meet cybersecurity worker shortages, including: rotations, work-based learning, apprenticeships and blended learning approaches.
- Specifically strengthening the Federal workforce: by rotations, additional training curricula, and expansion of learning experiences.
- Focus on private sector workforce development, starting at elementary school level and generally transforming the available learning environments for workers of all ages. The EO strongly supports adoption of the NICE Cybersecurity Workforce Framework (see below).
Senate Bill S.406, sponsored by Senators Hoeven (MI) and Peters (ND) enables rotation of cybersecurity workers within different Federal Agencies. If less skilled workers are rotated into agencies like DHS, they may be able to pick up new cybersecurity skills, and then transfer back to their original agency. This “rotation” proposal was also part of the EO.
A common element in conversations around cybersecurity skills is NICE, the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework.3 As I mentioned in the last blog post, the NICE Framework may not contain the most up to date cybersecurity job descriptions, but it is important to understand what it does contain, especially for individuals entering the field. The framework can be used in career planning by leveraging the defined “Work Roles” to determine your interest areas. The Framework then lists the knowledge, skills and attributes needed to succeed in that role.
1“Security Breach and Spilled Secrets Have Shaken the NSA to Its Core”, NY Times, November 12, 2017.
2“Chinese Espionage Poses Increasing Threat to U.S.”, Wall Street Journal, April 29, 2019.
3NIST Special Publication SP 800-181, https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-181.pdf