What are federal agencies doing to fill out the cyber workforce?

For every 100 cybersecurity jobs nationwide, there are only 72 workers able to fill them. Approximately 315,000 more workers would be needed to close current supply gaps, despite the fact that the cybersecurity workforce is 1.1 million people strong nationwide already. 

That’s according to new data released Monday on Cyberseek, a data hub managed by the National Institute for Cybersecurity Education, or NICE — housed in the National Institute of Standards and Technology — alongside trade association CompTIA and labor market analytics company Lightcast.

The update, based on data for the 12-month period from September 2022 through August of this year, comes at the start of the seventh annual Cybersecurity Career Week, coordinated by NICE as part of Cybersecurity Awareness Month and meant to showcase career opportunities and pathways into the field.

The latest numbers do show some improvements in the talent gap overall, although demand for more workers is still strong. In the previous update, released in June, the supply-demand ratio was 69%, meaning there were 69 workers for every 100 cybersecurity job openings, according to a CompTIA spokesperson. 

Over the yearlong period covered by the new data, employers posted 572,392 job openings, also slightly less than the last period where just over 663,400 were posted. The federal government in particular, which employs over 11,000 cyber workers, posted just over 6,000 jobs in that time, according to Cyberseek. 

“The cybersecurity workforce is growing as… the demand is growing,” Rodney Peterson, NICE director, said during an event for Cybersecurity Career Week on Monday. 

He and other government speakers emphasized the importance of alternative pathways into the field. “There’s not just one way to become a cybersecurity practitioner,” said Peterson. 

The Biden-Harris administration issued a Cyber Workforce and Education Strategy over the summer that also emphasized the importance of multiple pathways into the field. 

Camille Stewart Gloster, deputy national cyber director for technology and ecosystem security, emphasized the need to diversify the workforce, both to fill empty seats and to best address the urgent problems faced by practitioners in the field.

“Understanding how technology is used in context is best done through… having diverse voices [and] faces in the room,” she said.

Stewart Gloster said the strategy emphasizes the need to move from static job descriptions to skills-based hiring in order to adapt more quickly to a rapidly changing tech landscape. This cross-administration push towards skills-based hiring across the federal government has led to an effort to rework the skills and competencies required for federal positions. If implemented, it could help cybersecurity professionals from pathways other than four-year degrees more easily fill federal jobs.

The Labor Department has been focused on registered apprenticeships in the cybersecurity sector, which can be “more equitable pathways into these jobs” because they allow people to get trained while they earn money, said Brent Parton, assistant secretary of the Employment and Training Administration at the Labor Department.

“We know there's profound equity challenges right now in terms of who's completing STEM-related college degrees,” said Parton, who noted that registered apprenticeships for cyber have taken off. “It's the right model at the right time for helping build out and expand that workforce and do so in an intentional and equitable way.”

Luke Rhine, deputy assistant secretary in the Education Department's Office of Career, Technical and Adult Education, emphasized the department's focus on career pathways into cybersecurity via work-based learning, dual enrollment and the use of industry credentials. 

Rhine spoke about the agency’s work to expand access to training programs for high-demand fields by connecting K-12 education with workforce programs and postsecondary education, saying the administration wants to “transform high schools into incubators of talent” through partnerships with state and local leaders, guidance, grants and more.

“It's vital that we provide today's students with increased access to high quality education and training programs in cybersecurity,” he said. 

Other highlights of this year’s Cybersecurity Career Week include a new Cybersecurity Ambassador Program at NICE meant to promote career awareness via a network of volunteers, as well as a social media campaign and the U.S. Cyber Games draft day event, among other things.