US unveils national cyber workforce strategy

The White House unveiled its new National Cyber Workforce and Education Strategy on Monday. The goal is to encourage skilled cybersecurity professionals in healthcare and other industries, communicating the benefits of careers in public service to job seekers and lowering barriers associated with hiring and onboarding, according to the Office of the National Cyber Director.

Why it matters
The new workforce efforts follow the Biden Administration’s National Cybersecurity Strategy, released this past March.

The NCWES seeks to equip every American with foundational cybersecurity skills, transform cyber education, expand and enhance the national cyber workforce, and strengthen the federal cyber workforce.

“We are at an inflection point,” said Kemba Walden, acting National Cyber Director in the Office of the National Cyber Director, today at an in-person and virtual event hosted by the Atlantic Council’s Cyber Statecraft Initiative.

Previously Walden was an assistant general counsel in Microsoft’s Digital Crimes Unit. She said the cyber workforce and education strategy is not just to grow the digital economy and make cyber openings accessible to more workers, but it is also a national security imperative, according to the NCWES.

The national cyber director established the National Cyber Workforce Coordination Group in December to serve as the principal interagency forum for departments and agencies to address the challenges and opportunities associated with cyber education, training and workforce development.

The NCWCG will coordinate efforts across federal agencies. For example, U.S. Health and Human Services and Centers for Medicare & Medicaid Services are called upon to help recruit veterans into the cyber workforce.

Camille Stewart Gloster, deputy national cyber director for technology and ecosystem security, said that it’s not only the open jobs, “but the changing dynamics of the digital society we have,” that is driving a national imperative to grow the cyber workforce.

“That is the challenge we seek to address today,” which will address historic issues with equity and inclusion, as well as digital resilience, she said.

The goal is “for everyone to understand what their role is in cyberspace,” such as nurses that need to protect their patient’s data.

“The NCWCG will explore ways to encourage ecosystem stakeholders to integrate cybersecurity including security by design, threat modeling, memory safe languages, privacy, standards, ethics and other elements of cybersecurity into computer science, software engineering, operational technology, and related college courses, as well as K-12 education, boot camps, employer-led training, and other forms of cyber education,” according to the strategy document posted on the White House website.

“Participants in the software development process – from business leaders to software developers and product managers – must be equipped to manage the security and privacy implications of the software they create.”

To unleash America’s cyber talent, the NCWES outlines a path to move federal hiring to a skills-based system by implementing strategies like bringing in secondary students to serve as cyber interns and increasing paid internships, said Rob Shriver, deputy director of the U.S. Office of Personnel Management.

He noted that virtually any tech job is available in the federal government, and his agency is working to send the message that good-paying, skilled jobs which do not require an advanced college degree are available.

Government can’t do this alone, added Rob Duhart, vice president and deputy CISO at Walmart, in the panel discussion that followed. “We in the industry want to be leaders here.”

Duhart said he started as a Department of Education scholar that was a “non-traditional cybersecurity learner,” and he and others are skilled in finding nontraditional “geniuses in our own backyards” and connecting them with the opportunities laid out in the strategy.

The White House is prioritizing investments into “disinvested communities,” Walden noted in her comments.

The media advisory from the Office of the National Cyber Director listed initial grant commitments and other investments in Alabama, California, Louisiana, Minnesota, Mississippi, Nevada, New York, Tennessee and Virginia.

“The Department of Labor announced a $65 million award in formula and competitive grants to 45 states and territories to develop and scale registered apprenticeship programs in cybersecurity and other critical sectors,” the White House said in the NCWES announcement.

Gloster called partnerships with state and local governments critical to implementing the strategy.

Former Arizona CISO Tim Roemer, who is now head of its public-sector division at ThriveDX, a cyber education training firm, asked about funding for the initiatives from the infrastructure bill.

Gloster responded that broadband funding is a key part of the funding strategy.

Diana Burley, vice provost for research and innovation and professor at American University said that “innovation occurs at the edges” and educators must make space available for people to tell them what they need to participate.

“How do we incentivize people to participate in the integration that will allow for the innovation to occur?”

Dr Kathi Hiyane-Brown, President of Whatcom Community College, called the strategy “very impressive” because it builds upon best practices and brings national attention on connecting community college students to solve a workforce issue.

“It’s all about empowering people through education and training … and success is based on the partnerships in which we have.”

The larger trend
Recognizing the dearth of talent and applicants to fill its 30,000 open cyber positions, the Department of Defense rolled out its cyber workforce strategy in May.

The agency is looking for talent over certification, Mark Gorak, principal director for resources and analysis for DoD’s deputy chief information officer, said at TechNet Cyber 2023 in Baltimore.

Shifting away from infosec skill requirements for candidates the agency intends to foster ongoing technical training on the job, as it does in other specialist fields, such as law and medicine.

“It’s not a new thing, but we’ve never done that in our technical workforce,” he said.

Like DoD, the new national cyber workforce strategy also focuses on “lifelong learning” as a core tenet of maintaining a robust cyber workforce for the country.

On the record
“We need to start evaluating candidates beyond those with bachelor’s degrees,” Walden said at the broadcast strategy launch event. “Our diversity is our superpower.” Healthcare IT News