US government outlines National Cyber Workforce and Education Strategy

After the release of a National Cybersecurity Strategy and its implementation plan, the Biden-Harris Administration has unveiled the National Cyber Workforce and Education Strategy (NCWES), “aimed at addressing both immediate and long-term cyber workforce needs.”

The National Cyber Workforce and Education Strategy

The ongoing cybersecurity skills shortage is a major threat to national, enterprise and consumer safety.

“The NCWES emphasizes that no one actor can alone affect the needed change at scale. This means all stakeholders – including educators, industry, government, and more – must all execute on the objectives set forth in this Strategy,” the Administration stated.

The NCWES aims to:

• Equip every American with foundational cyber skills – digital literacy, computational literacy, and digital resilience – by providing learning opportunities to all and promoting the pursuit of foundational cyber skills and cyber careers
• Transform cyber education by building and leveraging ecosystems to improve cyber education, expanding competency-based cyber education, investing in educators, and making cyber education and training more affordable and accessible
• Expand and enhance the national cyber workforce by collaborating with a wide range of stakeholders, adoping a skills-based approach to recruitment and development, and increasing access to cyber jobs for all Americans
• Strengthen the federal cyber workforce by communicating the benefits of careers in public service amongst both job seekers and current employees and lower the barriers associated with hiring and onboarding

“The NCWES envisions a skills-based digital future where workers have access to good-paying, middle-class cyber jobs within their communities,” the Administration noted.

“Many communities currently underrepresented in the cyber workforce do not envision themselves in cyber jobs or are not aware of the tremendous opportunity to join this important and growing workforce. The NCWES focuses on empowering Americans to pursue these career paths in cyber. Many of these jobs are attainable with a certificate or community college degree, and available now in your local community and across the country.”

A comprehensive effort

Many government and private sector organizations have already acted or have announced their intention to work towards realizing the NCWES.

For example, the National Science Foundation (NSF) will invest over $24M in CyberCorps: Scholarship for Service (SFS) awards over the next four years; the Department of Labor will award $65 million award in grants to 45 US states and territories to develop and scale registered apprenticeship programs in cybersecurity; and workforce development non-profit NPower has committed to training over 6000 individuals during the next three years.

Debbie Gordon, Founder and CEO, Cloud Range, cybersecurity simulation training solution that helps organizations reduce cyber risk.

“We are excited to see the Biden Administration addressing the critical cyber workforce needs,” Debbie Gordon, Founder and CEO at Cloud Range, told Help Net Security, but noted that while this is a significant step forward in direction, there are some areas where “the how” or more guidance could be beneficial.

“For example, in section 2, under Transform Cyber Education, it mentions ‘expand competency-based cyber education.’ Expanding competency-based cyber education is only attainable by utilizing simulation based training to overcome the age-old conundrum of you can’t get experience without a job and you can’t get a job without experience. The only way to do this is to incorporate experiential learning in the form of advanced simulation into cyber education programs.”

Candy Alexander, President of the Information Systems Security Association (ISSA), says that the NCWES couldn’t be timelier.

“ISSA has long been studying the life and times of the cybersecurity professional for the past 7 years and has seen little change in the cyber skills gap. In fact, it is widening. The Biden Administration’s strategy is exactly what the industry needs and addresses what we have been advocating for: the collaboration of education institutions, government programs, corporate organizations, and the cyber association communities to build pathways to bridge the gap between pure education and employment,” she noted.

Sherron Burgess, VP Strategy at Cyversity, noted that the NCWES sets a direction for both workforce and education and represents a necessary innovation in transforming cyber education.

“We commend the strong focus of the strategy on lifelong skills—and removing some of the conventional barriers to entry to cybersecurity. And, importantly, the strategy follows the newly released GAO Cybersecurity Workforce report on NIST’s NICE program, highlighting its strengths and the shortcomings.”