The Office of the National Cyber Director has a workforce plan in development that looks to address public sector and private sector gaps in the cybersecurity profession.
National Cyber Director Chris Inglis' team is working on a plan to address the shortage of cybersecurity professionals and push broader awareness and education about cybersecurity.
It's no secret that there's a talent shortage in the cyber industry. The latest estimates put the number of vacancies at over 714,000, according to CyberSeek, a project backed by the National Institute of Standards and Technology.
Across the government, different agencies and departments have been using various tools, strategies and programs to try to broaden the talent pool and fill jobs – a situation that prompted two expert panels to recommend in two separate reports this year that Inglis coordinate across efforts and sectors.
Now, the Office of the National Cyber Director is starting its work on a national cyber workforce and education strategy, announced at a cyber workforce summit this summer.
The workforce issue is among his top priorities, Inglis said yesterday at an event hosted by Billington Cybersecurity. His office is currently looking to hire someone focused on workforce issues specifically.
In the federal government space, the forthcoming strategy will clarify roles among different government actors and identify metrics to measure the problem and how well efforts to solve it are working, said Camille Stewart Gloster, deputy national cyber director for technology and ecosystem security, during a Thursday panel at the summit.
"There are some things that need to change. There are some programs that need to grow. There are some that might need to shrink. This is a really good opportunity to elevate the good work that's going on… and replicate it where needed, add on to it. You should see some change in the coming years as a result of this strategy and infrastructures that we'll put in place to drive implementation," she said. "The goal is to create an implementation mechanism and the coherence through collaboration and a continuous dialogue at the leadership level that should actually drive towards the goals that we outline in our strategy," she continued.
Stewart Gloster told FCW on the sidelines of the event that the strategy is unique because it won't focus only on the federal cyber workforce, but instead take a broader lens not limited to the federal government's own cyber workers alone.
Having leadership from the White House "allows us to reach across the federal government, pull everyone together, and we are going to stand up a body to help drive implementation, which should form that forcing function and accountability that we need to make progress," she said.
The office will be looking for input from within and outside of the federal government, said Stewart Gloster. The Office of Personnel Management and the Office of Management Budget are collaborating on the strategy, she said.
Kiran Ahuja, OPM director, and Jason Miller, deputy director for management at OMB, testified in July that they want to work with Congress on a governmentwide cyber workforce plan with a particular focus on making the tools and strategies agencies use to hire and pay talent more consistent across government.
That effort is part of the broader cyber workforce strategy coming from ONCD, Stewart Gloster told FCW.
The Department of Defense and the Department of Homeland Security both have special hiring and pay authorities from Congress, something Ahuja and Miller said can create internal competition for talent within the government.
So far, DHS has struggled to hire talent with its new system, which launched last fall.
Mark Gorak, principal director for resources and analysis in the DOD's CIO Office, said during a Thursday panel that the DOD's Cyber Excepted Service, which has been live since at least 2019, has 15,000 people across the department, with an end goal of around 200,000 people across military and civilian sides.
Other issues ONCD will likely have to consider are diversity, something the cybersecurity field has historically struggled with.
There's also the questions of how to expand the overall pool of talent in the first place and the accessibility of the field once people do try to enter. A common complaint is the expensive certification and years of experience required for many entry-level cybersecurity jobs.
Finally, several government leaders said Thursday that retention can also be a challenge. Allowing easier movement between the public and private sectors, fostering workplace cultures that connect employees to the mission and reskilling and upskilling talent are important tools for retention, they said.