National security leaders routinely warn that the United States faces growing cyber threats. Managing risks will require expertise in the public and private sector to improve security. But there are currently more than 700,000 open cybersecurity positions across the country. That includes nearly 39,000 open government jobs.
Federal and state government agencies often struggle to hire and retain employees with needed skills to fill cybersecurity positions. The Commerce Department’s chief information officer recently told FedScoop that his agency had resorted to poaching talent from other agencies. “We’re stealing people from each other, that’s what it’s come down to,” commented Commerce CIO André Mendes.
For state and local government agencies, the competition for cyber talent is even more challenging. The National Association of State Chief Information Officers described the “talent crisis” as a top issue facing state technology leaders in 2022. With state and local governments facing growing cyber threats, many state and local government agencies struggle to recruit, fill, and retain key positions responsible for cybersecurity.
Recognizing the problem, the Department of Homeland Security recently announced a new state and local cybersecurity grant program that will award $1 billion in funds over the next four years. That’s on top of the billions in unspent homeland security grants awarded to states and local governments that could be spent to improve cyber risk management.
But states and localities, like the federal government, will continue to struggle to manage cyber risks if they don’t have the workers needed to fill key positions. Addressing the nation’s cyber workforce challenge will require new approaches at the federal and state level to improve training and help prepare future workers for careers in cybersecurity.
One promising approach is Rep. Lisa McClain (R-Mich.) and Rep. Yvette Clarke (D-N.Y.)’s new National Community College Cybersecurity Challenge Act, introduced on Thursday. The bill aims to address the cyber workforce talent gap by leveraging the nation’s community colleges and public-private partnerships to improve training.
The bipartisan bill would authorize funding for the Department of Education to provide challenge grants to states that submit a plan to expand cybersecurity instruction at community colleges. It would also increase the number of students earning degrees in cybersecurity, with a focus on helping disadvantaged students. States would be required to provide 50 percent in matching funds (though the Education secretary would be empowered to waive this requirement). States would also be required to help community college students gain access to “real-world cybersecurity work-based experiences” and job opportunities through public-private partnerships.
The legislation would also create a “national cybersecurity workforce innovation fund” to award matching grants to community colleges and public or private entities that focus on cybersecurity training. Awarded funds would be required to be used to improve training by placing cybersecurity professionals into teaching positions and work-based training programs for students to gain real-world cybersecurity experience.
The bill would authorize $250 million in annual grants to states through 2027 and a total of $150 million for the workforce innovation fund. The bill wisely offsets these authorized spending increases by rescinding the same amount from unspent coronavirus relief funding bills passed in 2020.
With growing questions about the return on investment of federal subsidies for higher education, refocusing federal funds to improve cybersecurity training at community colleges through public-private partnerships is a commonsense strategy to address the nation’s cybersecurity workforce training gap while offering students new pathways for promising careers.
The cybersecurity workforce talent gap also spur the education sector to address the cybersecurity workforce talent gap. Student demand for this training should be on the rise, since cybersecurity degrees offer a promising return on investment. According to the Department of Homeland Security, the average starting salary for a two-year degree in cybersecurity is $70,000, increasing to $116,000 for students earning four-year degrees.
Schools at all levels of the education system, including K-12, should be working to provide students with options to train for cybersecurity careers. With states having more than $100 billion in unspent relief funds for education, there is a particularly good opportunity to use funds to help disadvantaged students receive training for these high-paying jobs.
Facing growing threats, the nation faces an urgent need to prepare a workforce for open positions to defend the public and private sectors from cyber attacks. Federal and state policymakers, and the entire education sector, should consider new approaches to solving this workforce training gap. The bipartisan National Community College Cybersecurity Challenge Act is a good place to start.
Dan Lips is Head of Policy at Lincoln Network.