The recently released National Cyber Workforce and Education Strategy by the White House is not a quick fix for the nation’s cyber skills shortage, but industry experts believe that if implemented effectively, it could make significant strides in addressing the long-term scarcity of cybersecurity professionals and preparing future workers for careers in the field.
The 60-page strategy document builds upon the National Cybersecurity Strategy announced in May by the Biden-Harris administration. It outlines a collaborative approach to workforce development and cyber education, emphasizing cooperation between public and private sector entities. The strategy also aims to promote basic digital literacy, foundational cyber skills, and easy access to materials for ongoing knowledge enhancement.
Despite its ambitious goals, some cybersecurity experts view the strategy as more aspirational than practical. Karen Walsh, a cybersecurity compliance expert at Allegro Solutions, highlights the need for a substantial investment in K-12 education, which already faces challenges in attracting traditional teachers, let alone those who can teach complex cybersecurity skills to young students.
One key aspect of the strategy is the call for federal agencies, industry, and academia to work together in making training materials more readily available for upskilling and reskilling workers in cybersecurity. The document advocates for skills-based hiring practices, favoring practical expertise over solely academic credentials.
To address the skills shortage, community colleges are expected to play a vital role in providing a diverse range of cybersecurity professionals, from entry-level workers to those familiar with industry-specific technologies. The strategy encourages the creation of work-based learning opportunities and entry-level positions with opportunities for career advancement. Additionally, it emphasizes the importance of diversity and inclusion in hiring practices, urging employers to partner with organizations focused on enhancing talent pipelines in underrepresented communities.
Candy Alexander, president of the Information Systems Security Association (ISSA), applauds the strategy’s focus on educating the general public, incorporating cybersecurity into K-12 curricula, and promoting a true public-private partnership in cybersecurity education. Alexander believes that the collaboration between educators, industry, and government is crucial for achieving the strategy’s objectives.
The strategy also highlights the need to strengthen cyber education from K-12 through advanced degree programs. It calls for active participation from employers, industry groups, chambers of commerce, and other stakeholders in the creation and delivery of cyber education and training programs. The goal is to expand the availability of competency-based cyber education opportunities, allowing learners to acquire knowledge at their own pace.
Leveraging community colleges is seen as a significant opportunity for the cybersecurity industry and students seeking alternative avenues for advanced education. Walsh argues that community colleges often offer affordable education options that society often overlooks. By focusing on practical skills and hands-on experience rather than expensive certifications, the industry can effectively decrease the talent gap by tapping into community college resources.
Clar Rosso, CEO of (ISC)2, commends the creation of the National Cyber Workforce and Education Strategy as a significant step forward. Recognizing the cybersecurity workforce shortfall of over 410,000 professionals in the United States, Rosso emphasizes the importance of federal collaboration, shared hiring practices, talent management tools, scholarship programs, and the removal of entry roadblocks, such as unnecessary security clearances.
Overall, while the strategy may not provide immediate solutions to the cyber skills crisis, its implementation could bring positive changes in the long run. By fostering collaboration, expanding educational opportunities, and addressing diversity and inclusion, the strategy aims to build a robust cybersecurity workforce capable of safeguarding national, economic, and societal security.