In partnership with the White House and the U.S. Department of Commerce, the Department of Labor (DOL) announced a 120-day Cybersecurity Apprenticeship Sprint to promote the Registered Apprenticeship model as a solution for numerous industries to develop and train a skilled cybersecurity workforce. The Sprint would address the cybersecurity field’s current job openings and longer-term job quality and retention issues. 

In addition, the Sprint seeks to:

• To increase awareness of current successful Cybersecurity-related Registered Apprenticeship programs, partnerships, and initiatives and how they’re helping industry educate and train a skilled cybersecurity workforce to reduce cybersecurity risk.
• To advance diversity, equity, inclusion, and accessibility (DEIA) across Cybersecurity occupations through Registered Apprenticeship, especially for historically underrepresented populations such as women and communities of color.
• To educate the public on the efforts, the Department of Labor’s Office of Apprenticeship is taking to accelerate the process by helping employers to launch programs in as little as 48 hours by using existing industry vetted and DOL-approved standards.
• To recruit employers to explore Registered Apprenticeship and partner with DOL and the Department of Commerce’s National Initiative for Cybersecurity Education (NICE) to help meet critical Cybersecurity workforce needs of the Nation; and
• To connect career seekers to Cybersecurity apprenticeship opportunities.

The National Initiative for Cybersecurity Education (NICE) Cybersecurity Apprenticeship Program Finder can help locate Cybersecurity apprenticeship programs, youth apprenticeship programs, and pre-apprenticeship programs throughout the United States, many of which use the NICE Workforce Framework for Cybersecurity (NICE Framework).

Below, security leaders react to the initiative.

Casey Ellis, Founder and CTO at Bugcrowd:

The cybersecurity apprenticeship sprint is a creative initiative that will encourage a swath of new talent into the cybersecurity workforce by bootstrapping highly visible and valuable work experience and by focusing on inclusivity and diversity as a primary objective.

Michael DeBolt, Chief Intelligence Officer at Intel 471:

This is a very promising step in the right direction to help both sides of the equation: the busy employer occupied in the fight against cybercrime and the aspiring cyber security professional looking for entry into the profession. All reasonably-minded employers agree that we can only win this fight with fresh, creative minds and diverse backgrounds and perspectives. But this requires investment in time, money, and energy. So often, these resources are directed toward tangible things that provide the clearest, safest, and quickest path for return on investment, such as the newest technology or the proven senior analyst that can hit the ground running.

Employers who’ve invested in hiring and onboarding new employees breaking into the cybersecurity industry have benefited from novel and fresh approaches to bring the fight to the adversary. This apprenticeship initiative will help new employees and make a lasting impact on our ability to fight new cyber threats.

Sounil Yu, Chief Information Security Officer at JupiterOne:

Although many cybersecurity workers take pride in their professional status, many of their jobs, as well as the thousands of unfilled cybersecurity jobs, are actually vocational in nature and could be filled by those with the appropriate level of vocational training. In vocational schools, students focus nearly entirely on learning the skills of their trade. In this case, cybersecurity. By immersing themselves in a particular field, like cybersecurity, students practice tangible skills they will need and can apply to the workplace. Furthermore, this period of training can happen at an accelerated pace that produces qualified candidates in one or two years, if not faster.

The critical workforce shortage in cybersecurity continues to threaten our ability to properly defend our digital ecosystem and way of life. Leveraging the successes we have seen in other job markets, we should examine which of our unfilled cybersecurity jobs can be addressed through vocational training and adapt our hiring practices to enable a similar scale to address the shortfalls in the job market. At the same time, we should team up with cybersecurity-focused vocational training and education programs that equip a wider range of job seekers to qualify for these opportunities.

By reexamining some of our traditional cybersecurity roles through the lens of vocational opportunities, we can build a more robust and adaptive workforce that can better defend against today’s complex cybersecurity threats.

Joseph Carson, chief security scientist and Advisory CISO at Delinea:

Recent initiatives, including commitments to providing more security awareness training and more cybersecurity jobs, are great. However, we must prioritize what we can do now and what we must do in the near future. We need to fast-track the need for skilled workers in cybersecurity and fast-track them into the industry as the skills shortage is only getting larger.