Big picture skills like digital literacy and critical thinking are more important to building a public-sector cybersecurity workforce than small gains in federal hiring procedure, experts say.
More than one in three public-sector cyber jobs is unfilled, according to a white paper on federal workforce released by Cyberspace Solarium Commission in September 2020.
Chris Inglis, a commissioner on the Cyberspace Solarium Commission and former deputy director of the National Security Agency, says that long-term solutions to the cybersecurity workforce problem requires thinking expansively beyond the demands of cyber jobs.
"So what we're speaking about is, how do we invest sufficient education for purposes of realizing our expectations and aspirations in cyberspace, not merely the important but narrower discipline of cybersecurity," Inglis said at a Dec. 1 event hosted by the Intelligence and National Security Alliance.
Ensuring critical thinking skills and digital literacy among everyone who interacts with cyberspace is critical, Inglis said. Moreover, people involved in other disciplines, such as lawyers and educators, will need additional training for the way their work specifically makes use of digital infrastructure, he said.
Tonya Ugoretz, the deputy assistant director of cyber policy within the Intelligence and Engagement Branch of the FBI, echoed this point. She referenced the FBI's partnership with the U.S. Space and Rocket Center to develop U.S. Cyber Camp as an example of a way to introduce students to cyber.
"It starts with helping people at the youngest ages even be aware of those opportunities," she said. "That means going to where they are."
Expanding the pool of potential qualified applicants would be helpful, said Teresa Shea, a former NSA official who now works at Raytheon. A college degree might not always have to be a prerequisite to cyber work if hiring officials focus on individuals and the skills that they have, she said.
Some panelists emphasized the need for cohesive strategy across the federal government, and the need to facilitate more frictionless transfers of employees between the private and public sector.
"At the end of the day, we still have a federal government that has a complex, uneven and stovepipe system that's difficult to navigate, sets up underlaps, creates haves and have-nots and creates unhealthy competitions," Inglis said. "So the question at the end of the day is: what do we do to take advantage of those enormous strengths that are unfortunately stove piped and move forward not simply for the benefit of the federal government, but for the nation writ large."
The Solarium's recommendation for a U.S. Cyber Director to ensure coherence and integration of strategy throughout the government is one tactic Inglis suggested for solving this problem.
Inglis and Ugoretz also pointed to the potential of simplifying the security clearance system as a way to increase retention, as well as facilitating smoother transfers of employees between the private and public sector.
"We know the government doesn't have a monopoly on, for example, cyber threat intelligence," Ugoretz said. "I think it's going to be really important that we not just expect our workforce is going to stay in one place for the duration of their careers."