Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Report: U.S. needs immediate and sustained improvements in its cybersecurity workforce

man on a phone sitting in front of  two computer screens. Other men on computers in the background
Credit: ©RawPixel/Shutterstock

WASHINGTON—In a report released by the White House today, the U.S. Departments of Commerce and Homeland Security urge immediate and sustained improvements in the country’s cybersecurity workforce. The report, which was called for by the 2017 Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, includes findings and recommendations that address both public- and private-sector needs.

“Ensuring the security of our interconnected global networks is one of the defining challenges of our era,” said Secretary of Commerce Wilbur Ross. “A skilled cybersecurity workforce is necessary for our nation so that we can fully reap the benefits of the 21st-century digital economy.”

A 2017 Center for Cyber Safety and Education report projects a global cybersecurity workforce shortage of 1.8 million by 2022. There were an estimated 286,000 active openings for cybersecurity jobs in the United States as of November 2017, according to CyberSeek, an interactive tool that is funded through the National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology.

Executive Order 13800 directed the secretaries of commerce and homeland security to “assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education.”

Report Findings

The assessment found significant opportunities to expand the pool of cybersecurity candidates by retraining those employed in non-cybersecurity fields and by increasing the participation of women, minorities and veterans, as well as students in primary through secondary school. It also found an apparent shortage of knowledgeable and skilled cybersecurity teachers at the primary and secondary levels.

According to the report, “employers increasingly are concerned about the relevance of cybersecurity-related education programs meeting the needs of their organizations.”

To combat these challenges, the report recommends the administration set an ambitious vision and action plan to “Prepare, grow, and sustain a national cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity.” It states that the administration should also focus on “long-term authorization and sufficient appropriations for high-quality, effective cybersecurity education, and workforce development programs.”

The report also recommends that the private and public sectors strengthen “hands-on, experiential, and work-based learning approaches,” including apprenticeships, research experiences, cooperative education programs and internships. Both sectors should “align education and training with employers’ cybersecurity workforce needs, improve coordination, and prepare individuals for lifelong careers.”

The assessment found that many of the report’s recommended actions are already being pursued by multiple federal agencies under existing authorities and resources. These activities include making greater use of the NICE Cybersecurity Workforce Framework, a resource that uses a common and consistent lexicon to categorize and describe cybersecurity work irrespective of where or for whom the work is performed, and implementing the Federal Cybersecurity Workforce Strategy and Federal Cybersecurity Workforce Assessment Act of 2015.

The private sector is also advancing cybersecurity workforce programs and initiatives in ways consistent with the report’s findings and recommendations.

Multiple federal agencies and private sector organizations contributed to the assessment through a Request for Information and an August 2017 workshop.

The full report, Supporting the Growth and Sustainment of the Nation's Cybersecurity Workforce: Building the Foundation for a More Secure American Future, as well as key findings, recommendations and background information about the process, are available on the NIST website.

NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST is a non-regulatory agency of the U.S. Department of Commerce. To learn more about NIST, visit

Released May 30, 2018, Updated June 11, 2021