Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Why Employers Should Embrace Competency-Based Learning in Cybersecurity

Macro photo of tooth wheel mechanism with COMPETENCE concept related words imprinted on metal surface
Credit: Shutterstock/EtiAmmos

There is a growing movement toward increasing the use of competency and skills-based education and hiring practices in both the public and private sectors. For example, the Executive Order on Modernizing and Reforming the Assessment and Hiring of Federal Job Candidates calls upon the Federal Government to “ensure that the individuals most capable of performing the roles and responsibilities required of a specific position are those hired for that position”—resulting in “merit-based reforms that will replace degree-based hiring with skills- and competency-based hiring.” Similarly, the Principles for Growing and Sustaining the Nation’s Cybersecurity Workforce emphasizes the importance of expanding the pool of candidates by discontinuing the use of degrees as a mandatory requirement for jobs and revising job postings to be more transparent around the skills needed to perform and thrive in the role. While employers and education and training providers are getting increasingly on board with a shift toward prioritizing cybersecurity competencies and skills, getting the two ecosystems to work together to close the education-to-hiring gap continues to be a challenging and slow-moving mission.

Competency-based education allows students to verify their skills and earn credentials by demonstrating what they know instead of spending a required amount of seat time in class to accumulate credit hours. With every competency assessed, students understand the value of their effort against targeted job roles and when armed with this intelligence they can build their careers in real time while also continuing to attain high-value credentials. Often, when students enroll in a degree or certificate program, they have already acquired a significant work history related to their field of study. Competency-based education gives credit where credit is due, allowing students to use prior knowledge and professional experience to accelerate in their program and qualify for employment opportunities. This model is particularly ideal for adult learners, who often enroll in programs with different levels of knowledge and experience, as well as a wide variety of preferred approaches to balancing school and work.

Employers must actively invest in their workforce to maintain competitive teams. That increasingly means deeper and more strategic partnerships with higher education—or with new education and training providers that are willing to be part of the solution. Competency-based education and hiring is a more objective, equitable and efficient way to connect today’s jobseekers with available career pathways through a shared skills language. While more traditional degrees are still a powerful engine of social mobility, they’re not the solution to every talent supply chain challenge. We must embrace new routes to opportunity including short-duration, on-the-job, and apprenticeship programs that can be expanded rapidly and stack into greater and greater degrees of value.

Employers will also need to shift the paradigm of how they hire. The significant staffing shortage relative to the volume of talent available necessitates casting a wider net. Speed to hire and availability of candidates are two primary drivers. Employers are shifting their focus to transferable capabilities to close both gaps. In some cases, moving away completely from requiring academic degrees and building in-house training opportunities to meet the specific technology needs allows for a wider pool of talent in a timelier manner.

Many recruiters and hiring managers now avoid a “checklist” approach for qualifications in favor of evaluating applicable, transferable interests and capabilities. Certifications or degrees are foundational and highly valued, but the competencies can also be equally as important as employers evaluate how candidates have applied life lessons and demonstrated soft skills in their everyday life. If they can demonstrate a capability to learn, many employers are more agreeable to invest in training.

One consideration to increase interest and to bridge the gap between employers and job seekers is to ensure that job requirements include more inviting language and marketing of the cybersecurity opportunities. With the pivot to competencies and skills-based hiring, ensuring prospective candidates avoid self-selecting out of the application process is a first step. Therefore, it is important to encourage job seekers to understand how relevant and applicable their current skills and experiences are, even if they don’t have specific “cybersecurity” credentials or experience.

In evaluating candidates, it’s important for employers to look at how they utilize assessments in the interview process. These assessments should occur early in the process and reflect what someone might do on the job. One example, when hiring a Technical Support Engineer, is to have the assessment simulate a ticketing queue to observe how someone operates with efficiency, or a security research assessment tool might look at how someone worked through a problem, not just if they “got it right.” It would also be important to assess teamwork and collaboration, looking at how hiring teams and candidates can work on small challenges together to gauge both technical and soft skills at the same time.

Broadening our understanding of what competencies and general skills qualify a person to step into a cybersecurity job can help all employers by allowing them to take a broader view of the talent pool. Additional investments will be needed to develop talent in-house, including coaching and mentoring from within the business. Increasing collaboration and partnerships between employers and education and training providers will allow us to transform learning and modernize talent management to meet today’s cybersecurity workforce needs.

About the author

Marni Baker-Stein

Marni Baker Stein is chief academic officer and provost at Western Governors University, where she leads WGU’s four colleges and supporting Student Success and Program Development functions. Baker Stein’s leadership prioritizes education and workforce equity, cutting-edge skills-focused and competency-based program design, personalization of the learning experience and sustainable innovation at scale. She drives the university’s student-centered mission with a 360-degree. data-driven “community of care” approach that strategically supports students through their entire academic journey

Bridgett Paradise

Bridgett Paradise, Tenable’s Chief People and Culture Officer, brings more than 30 years of experience to her role. She leads the company’s Human Resources strategy and policies, global recruitment efforts and organizational development programs, all of which drive the company’s next phase of growth and international expansion. Bridgett is an accomplished and results-oriented Human Resources executive with a strong track record of building high-performing teams. Prior to joining Tenable, she served as Chief People Officer for Citadel Securities, a global financial institution in Chicago. She also served as Houghton Mifflin Harcourt’s Senior Vice President and Chief People Officer, where her responsibilities spanned global talent management and recruitment, as well as organizational design and employee benefits. Bridgett also spent more than 20 years at Microsoft Corporation, where she last served as General Manager of Human Resources for the Worldwide Services division. Bridgett has a Master’s degree in Human Resources Management from Marymount University and a Bachelor’s degree in Business Communications from Catawba College.

Rodney Petersen

Rodney Petersen is the director of the National Initiative for Cybersecurity Education (NICE) at NIST. He worked previously as the managing director of the EDUCAUSE Washington Office and director of IT Policy and Planning at the University of Maryland. When he is not evangelizing for increasing the cybersecurity talent pipeline, he volunteers as basketball commissioner for Savage Boys & Girls Club and spends time with his wife as #emptynestsurvivors.


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.