CISA director says agency is working on cyber workforce gaps

The director of the Cybersecurity and Infrastructure Security Agency told the ​​House Committee on Appropriations Tuesday that recruitment and hiring efforts remain a top priority, detailing new initiatives her office has leveraged to address challenges in filling cybersecurity vacancies.

CISA Director Jen Easterly said in a hearing on the agency's fiscal 2024 budget request that it was on track to hire 600 people this year and reduce vacancies to less than 8% by the end of 2024. 

CISA hired 560 people in 2022, she added, more than double the total amount of hires than the previous two years, in part thanks to expanded hiring authorities and the implementation of the Department of Homeland Security’s Cyber Talent Management System. 

“We project [fiscal year] 2023 will be our best hiring year yet,” Easterly said. “Our funding request is essential to sustaining this progress.”

The White House budget request for fiscal year 2024, released earlier this month, featured a nearly 5% annual budget increase for CISA, bringing the agency's total budget to $3.1 billion. The funding request includes nearly $100 million to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2021. Easterly said the agency has been working with the private sector throughout the rulemaking process to create a unified approach to reporting cyber incidents. 

To address long-standing gaps in the federal cyber workforce, Easterly said CISA has also launched a series of training and reskilling programs, including a three-month course for federal employees who want to transition into a cybersecurity profession. 

“We are maximizing everything we can do to be more agile, to be more effective and to drive down those vacancies in our workforce,” she said. “I am very confident that we’ll have the capacity and capability to defend the nation as America’s cyber defense agency.” 

CISA has used flexibilities featured in CTMS to offer competitive hiring packages for cybersecurity professionals that are more on par with the private sector, including the ability to determine various employee classifications and offer increased compensation and other benefits. 

The Office of the National Cyber Director has announced plans to release a cyber workforce strategy that's expected to propose actionable steps to close the talent gap and expand diversity across the cyber workforce. Recent research has shown that the global cyber workforce gap stands at about 3.5 million unfilled positions, including nearly 500,000 across the U.S.

Lawmakers also asked Easterly about Chinese social media app TikTok and concerns that user data on the platform could potentially be leveraged by the Chinese government for foreign influence campaigns and to spread misinformation. 

The CISA director described apps like Tik Tok as a "huge risk" for national security interests and said that she would support a nationwide ban on the app, but added that she wasn't sure it could be successfully implemented.

Congress banned Tik Tok from all government-issued devices late last year in a provision included in the $1.7 trillion government funding bill.