The National Academy of Public Administration (NAPA) appointed a panel of five experts to examine government-wide cybersecurity workforce development strategies, as well as the strategies and partnership models used by the Cybersecurity and Infrastructure Security Agency (CISA).

While CISA and other federal agencies have improved cybersecurity workforce development programs, NAPA found that the lack of a government-wide cybersecurity workforce development strategy and clarity about federal agency roles and responsibilities has stunted the U.S. government’s ability to tap into the capabilities and resources of the private sector, academia and other levels of government.

In the congressionally funded report, the panel provides additional findings and recommendations to better foster the growth of a strong national cybersecurity workforce. With the global cybersecurity workforce gap estimated to be over 2.7 million positions and a national gap of around 500,000, security leaders can use the recommendations provided in the NAPA report to determine how best to close the gap and recruit new cybersecurity talent.

Creating a Unified Workforce Development Strategy

One of the first solutions to the cybersecurity workforce gap suggested by the report is the creation and implementation of a comprehensive, uniform strategy for cyber workforce development. According to the report, this strategy should be developed by the National Cyber Director in coordination with CISA and should include:

1. Cybersecurity career outreach and education
2. Education and training to open up alternative paths into cybersecurity careers
3. Breaking down barriers in talent recruiting
4. Performance assessments and continual innovation in workforce development strategies

Cybersecurity leaders can learn from these federal government-level solutions when growing or maintaining their own programs. By looking in previously untapped areas for new cyber talent and providing educational materials to employees, enterprises can develop cybersecurity professionals uniquely qualified to secure their organizations.

Collecting Data on the Cyber Workforce

The NAPA report outlines a governance framework for the federal government to extend its cybersecurity workforce development efforts. One aspect of this framework involves data collection. According to the report, those looking to further develop the industry should “ensure data relevant to cyber workforce challenges and needs are collected and available for use in developing strategy, creating educational programs, and assessing the impact and effectiveness of workforce development initiatives.”

As security leaders seek to improve enterprise cybersecurity, they can apply this framework to their own organizations while reviewing talent recruiting and retention strategies. For example, identifying industry challenges in cybersecurity workforce development can give hiring personnel a view of the state of cybersecurity and provide insight into how individual organizations can best mitigate the effects of the cyber workforce gap.

Focusing on Long-Term Change  

According to the report, most workforce development programs led by CISA adhere to congressionally identified standards of diversity, excellence and scalability. Enterprise security leaders can strive to meet these standards in their own organizations to drive long-term change in cybersecurity workforce development.  

The report suggests continued focus on diversity, excellence and scalability in cybersecurity through educational program development. By targeting interested parties at K-12 and higher education institutions, security leaders can provide opportunities to entry-level security talent by offering training programs for cybersecurity career skills.