GovCon Expert Chuck Brooks has published his latest article as a member of Executive Mosaic’s GovCon Expert program on Friday. Brooks discussed the federal government's development of its cyber workforce, upskilling and reskilling federal workers as well as addressing the ongoing challenge of cybersecurity workforce requirements. You can read Chuck Brooks' latest GovCon Expert article below:
Innovation is Strengthening the Federal Cybersecurity Workforce
By Chuck Brooks
Several years back, the federal government recognized that cybersecurity workforce training of a next generation of technicians and subject matter experts should be a priority. The government realized that the dearth of qualified cybersecurity workers combined with the expanding risk environment required more resources and investment. Thankfully, there have been significant progress in meeting the challenge of cybersecurity workforce from a variety of innovative programs.
The shortage of a trained cybersecurity workforce is a global problem. The firm Cybersecurity Ventures estimates there will be 3.5 million unfilled global cybersecurity jobs by 2021. The competition for filling those slots in the private sector among companies is fierce. It is even more of an issue for the public sector who cannot match the compensation packages paid by companies for top talent.
For most of the past decade the path to compete for quality cybersecurity workers has been based on the appeal of public service and mission. But clearly that was not enough to ensure recruitment and stability of programs so a new strategy had to be undertaken.
In July 2016, the White House issued a document “Strengthening the Federal Cybersecurity Workforce” that highlights a framework necessary to best recruit, train, and maintain a skilled federal cybersecurity workforce. These elements include:
1) Expand the Cybersecurity Workforce through Education and Training
2) Recruit the Nation’s Best Cyber Talent for Federal Service
3) Retain and Develop Highly Skilled Talent
4) Identify Cybersecurity Workforce needs.
The critical importance of continuing the strengthening of government cybersecurity was recently spelled out by Cyberspace Solarium Commission Co-Chairs Senator Angus King (I-ME) and Congressman Mike Gallagher (R-WI).
"Without talented cyber professionals working the keyboard, all the cutting-edge technology in the world cannot protect the United States in cyberspace. If we do not act now to ensure that our talented and experienced workforce continues to grow, we are leaving our country vulnerable to future cyber-attacks."
Common cornerstones of the cybersecurity workforce enactments and mission are public/private partnering and collaboration, retooling and upskilling of employees, and identifying future workforce needs.
Public/Private Partnering and Collaboration
The White House “Strengthening the Federal Cybersecurity Workforce” document was a starting point and since then there has been many positive developments in investment, focus, and creativity. One area that was prioritized, was public/private cybersecurity cooperation for building and sharing the workforce.
A public/private collaborative effort has brought together by industry, academia, congress, and federal and state governments to establish working guidelines cultivate and train the next generation of cybersecurity technicians. This included a strategy establish incentives for public service such as paid education/free tuition, higher federal worker pay authority, and part–time employee rotational sharing arrangements between industry and government.
The Cybersecurity Talent Initiative by the Partnership for Public Service is a great example of a public-private partnership aimed at recruiting and training quality cybersecurity workforce. The program is a selective opportunity for students in cybersecurity-related fields to gain vital public and private sector work experience and even receive up to $75,000, inclusive of tax, in student loan assistance. The program is new and recently, The Partnership for Public Service announced Sept. 2nd that it had placed its first class of cyber-trained experts in federal service.
Retooling and Upskilling Employees
The Trump administration has made upskilling and reskilling the federal workforce a priority in its 2021 budget proposal. In a February 2020 press conference Margaret Weichert, Deputy Director for Management at the Office of Management and Budget (OMB), announced that the administration plans to focus on training and reskilling opportunities in the data science and analytics, cybersecurity, IT and project management fields. She stated that “we have made a firm commitment to reskilling up to and possibly exceeding 400,000 federal workers, focused on first and foremost jobs where we have a hard time filling roles.”
An early a working model in government for retooling and upskilling workers was the Department of Homeland Security‘s (DHS) Cybersecurity Veterans Hiring Pilot. The pilot was designed to build the department’s cyber workforce and enhance opportunities for veterans to continue to serve our country in cybersecurity.
In an article I wrote for Homeland Security Today, I suggested extending the proven veterans hiring working model to include cybersecurity program for Native Americans. “Investment by government, industry, and academia in training Native Americans in an accelerated cybersecurity curriculum combined with real-world experience via internships and fellowships would bring high dividends to cyber readiness down the line.
At the same time, it would bolster the nation’s pipeline for skilled digital workers. The further engagement of Native American tribal partners who have a strong, proven heritage of dedication and service to country will be a blessing to the future of homeland security.”
That veteran’s hiring model could also be expanded and enhanced to include outreach to economically depressed areas (utilizing HUB Zones) to create skilled workers for the federal cybersecurity workforce. An investment in training those in economically depressed areas in an accelerated cybersecurity curriculum — combined with real-world experience through internships and fellowships — would yield high dividends. At the same time. It would bolster the nation’s pipeline for skilled digital workers.
Retooling and cyber skill training efforts are not limited to the civilian side of government. The Quantum Leap program is a government initiative designed to "up-skill and re-skill" the Army's IT and cyber force. Currently, the Army employs more than 15,000 IT professionals and The Quantum Leap program will re-code and re-skill close to 1,000 exiting IT positions by fiscal year 2023.
There are a variety of initiatives in government agencies to continue to retool workforces to address technical cybersecurity challenges and the new operating environment of our digitally connected world. The government should continue to invest in grant and fellowship programs that will support specialized employee training (in addition to their salaries) in cybersecurity research & development DHS, DoD, NASA, other federal agencies, the Intelligence Community, and The National Labs.
Identifying Future Workforce Requirements
Identifying cybersecurity workforce requirements is an ongoing challenge as the rapid assimilation of new technologies such as artificial intelligence and machine learning technology make it difficult for the public sector to keep up tech trends. The Cybersecurity Information Sharing Act of 2015 (CISA) directed DHS along with other agencies to identify cyber-related positions in the federal workforce. OMB (in consultation with DHS) was directed to produce a report identifying the critical workforce cyber needs across all federal agencies.
OMB is on the right track in identifying current gaps and it is reflected in annual agency cybersecurity scorecards. It is important to have transparency and accountability to ensure a forward looking “future ready” workforce that will be able to forecast and mitigate gaps before they arise.
Information sharing and collaboration are at the core of identifying and addressing workforce needs. The National Institute for Standards and Technology (NIST) has expanded the role and activities of the National Initiative for Cybersecurity Education (NICE). The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE has spearheaded conferences, events (on location and virtually), and has provided excellent resources that have made a great impact on the workforce ecosystem.
Government is on the right track in investing in the cybersecurity workforce and innovative programs are providing dividends. New ideas and solutions are continually needed in the important challenge to help us be more cyber-safe.
Public/private partnering and collaboration is essential to continue the momentum. Government and industry need to continue to work closely together to cultivate and train the next generation of cybersecurity technicians. Retooling and upskilling of employees can help mitigate cybersecurity workforce shortages and build new leadership expertise. Identifying cybersecurity workforce requirements will become even more of a necessity as digitally connectivity exponentially grows, and emerging cyber technologies permeate the evolving landscape.
Strengthening the federal government cybersecurity workforce will always be a process and mission.
GovCon Expert Chuck Brooks is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. He is President of Brooks Consulting International, a government relations and marketing firm focused on cybersecurity and emerging technologies. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.”
He was named by Thompson Reuters as a “Top 50 Global Influencer in Risk, Compliance,” and by IFSEC as the “#2 Global Cybersecurity Influencer.” Chuck is a two-time Presidential appointee and has held leadership roles in several Fortune 500 companies. He is Adjunct Faculty at Georgetown University where he teaches courses in cybersecurity, homeland security, emerging tech, and applied intelligence.