US calls to action systemic changes necessary to close federal cyber talent shortage

Reacting to a recent report released by the Federal Cyber Workforce Management and Coordinating Working Group on the chronic workforce challenges faced by federal agencies, the Federal Working Group, a 24-federal agency coalition, issued on Wednesday a call to action on the systemic changes necessary to close the government’s cyber talent shortage identified in the report. 

The report titled ‘State of the Federal Cyber Workforce Report’ highlights these federal agencies’ chronic workforce challenges. They try to minimize the cyber workforce gap and secure critical technology talent despite a historically tight labor market. With over 700,000 cyber jobs to fill nationwide and nearly 40,000 in the public sector as of April this year, the report lays out 35 priority actions to overcome these barriers through a coordinated, interagency approach. 

The Federal Working Group, led by the U.S. Department of Veterans Affairs, Cybersecurity and Infrastructure Security Agency (CISA), and Department of Defense (DoD) has already launched multiple action teams to begin tackling identified challenges. Set up in 2019, the Working Group serves as an interagency coordinating body to address shared challenges, enhance workforce management capabilities, and reduce silos in the digital era. 

To date, the Working Group has developed and released a catalog of NICE Workforce Framework for Cybersecurity (NICE Framework)-centric products, services, and tools such as the Cyber Career Pathways Tool and Roadmap to increase understanding and integration of the NICE Framework into existing workforce management practices in support of federal cyber workforce policies.

Growing cyber talent shortage and aging federal workforce put significant pressure on federal agencies to join the race for talent by reenergizing and promoting themselves as a premier place of employment with an imperative mission to counter cyber threats while meeting the demand of U.S. citizens for a more responsive, digital government.  

Focused on the personnel required for federal cyber modernization, the report sets forth a strategic action plan, outlining high-priority, federal-wide cyber workforce actions to reduce the talent pipeline gap, increase the quality and diversity of the nation’s cyber workforce, and prioritize the personal and professional needs of cyber professionals through a coordinated interagency approach. 

The rapid global shift to remote work and cloud-based infrastructures in response to the COVID-19 pandemic further underscored the criticality of cyber talent in protecting a drastically expanded digital footprint from a 238 percent increase in cyber-attacks worldwide. In addition, the federal government’s digital transformation and the task of securing the nation’s digital and critical infrastructures such as data centers, networks, healthcare system, food supply, financial services, and energy sectors have led many of the nation’s top leaders, including U.S. President Joe Biden, to call for rapid action.  

Over the last two years, the working group has launched a catalog of products, services, and tools, to equip individuals with the resources they need to identify, build, and navigate a federal cyber career. The Working Group is implementing the recommended actions within its latest report to improve mobility and skill portability, transform workforce reporting and data analytics, and position the federal government as a competitive employer for incoming and future cyber professionals.   

“Recruiting and retaining the most skilled individuals with high-demand cyber expertise is a top priority for both OIT and industry leaders alike,” Kurt DelBene, chief information officer at the Department of Veteran Affairs, said in a statement. “There is a growing need for a highly skilled technology workforce and talent pipeline to support widespread digital transformation throughout federal government.” 

“While we have improved our ability to identify and develop the cyber workforce over the past three years, we still have work to do with regards to other high-tech skillsets,” John Sherman, chief information officer at the DoD, said. “This must be a whole-of-nation effort.” 

“The cyber threat landscape is getting more complex, dynamic, and dangerous every day. At the same time, we have a global shortage of cyber talent that affects every organization, including the federal government,” Felicia A. Purifoy, chief human capital officer at CISA, said. “Growing and strengthening our cybersecurity workforce is going to require new and innovative ways of thinking and expanding the talent pool by bringing people with diverse backgrounds into the workforce. CISA will continue to engage with our partners in government, the private sector and academia to attract and retain the workforce we need to defend the nation against evolving cyber threats.”

The federal cyber workforce report proposed a unified and coordinated approach to address the numerous workforce challenges agencies face. It puts forward meaningful action to reduce the talent pipeline gap, increase the quality and diversity of the cyber workforce, and prioritize the personal and professional needs of cyber practitioners. 

The Working Group has developed a multi-year strategy and implementation plan in response to the identified core challenges to lead actions that will yield the highest return and ‘move the needle’ the most. With an almost nonexistent front-end talent pipeline and a growing workforce age gap, the report takes a people-first approach to address the challenges preventing recruiting, developing, and retaining cyber talent within the federal government. 

To that end, the Working Group scanned the federal environment to identify how and why current federal policy, process, and personnel constructs serve as stumbling blocks to agencies in achieving their recruitment, development, and retention goals. It also suggests introducing cyber-specific workforce policies, classification standards, and qualification requirements. However, current workforce policies, classification standards, and qualification requirements are insufficient in supporting the highly specialized nature of cyber work or the rate at which the cyber talent ecosystem evolves.

The U.S. administration did address the issue of building the nation’s cyber workforce and strengthening cyber education in a fact sheet, released Tuesday, which focuses on enhancing America’s cybersecurity and improving its cyber defenses. In addition, the White House hosted a National Cyber Workforce and Education Summit, bringing together leaders from the government and from across the cyber community. At the Summit, the administration announced a 120-Day Cybersecurity Apprenticeship Sprint to help provide skills-based pathways into cyber jobs. 

With momentum from the Summit, the administration continues to work with partners on building the cyber workforce, improving skills-based pathways to good-paying cyber jobs, educating Americans with necessary digital skills, and improving diversity, equity, inclusion, and accessibility (DEIA) in the cyber field.

Last month, the EU Agency for Cybersecurity (ENISA) released details of a European Cybersecurity Skills Framework (ECSF) to create a common understanding of the relevant roles, competencies, skills, and knowledge. It also looks to facilitate cybersecurity skills recognition and support the design of cybersecurity-related training programs. It summarizes all cybersecurity-related roles into 12 profiles, individually analyzing the details of the responsibilities, skills, synergies, and interdependencies it corresponds to.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.