Late last month, the Office of the National Cyber Director (ONCD) released an Initial Stages of Implementation report on the National Cyber Workforce and Education Strategy (NCWES). The report was an update on progress made “Unleashing America’s Cyber Talent” roughly one year after the strategy’s deployment. 

Understanding ONCD’s report requires a brief summary of the strategy:

Guiding Imperatives

  • Leverage adaptable ecosystems to effect change at scale.
  • Enable development of lifelong cyber skills. 
  • Grow the cyber workforce through improving its diversity and inclusion.

Approach

  • Equip every American with foundational cyber skills.
  • Transform cyber education in K-12 and beyond.
  • Improve the national cyber workforce and adopt a skills-based approach. 

Commitments 

  • Over 41 organizations, businesses, educational institutions, and government divisions committed to the NCWES through actions and partnerships. Examples: Google, Microsoft, NIST, American University, CISA, Mastercard, SAP, Crowdstrike.

Report Successes

Interagency coordination is better than ever before. ONCD houses over 35 federal departments committed to NCWES in their cyber working groups, exemplifying the initiative’s “whole of government” approach.

The Biden-Harris administration has implemented skill-based hiring, amending the federal hiring process to facilitate more cyber opportunities, including:

  • In April 2024, ONCD announced they were modernizing the Federal hiring process. OPM is officially transitioning to skills-based hiring principles and practices. 
  • Skills-based hiring allows individuals with the necessary skills to apply for cyber positions based on their qualifications, regardless of how or where those skills were acquired. As a result, Americans can seek out higher-paying cyber jobs without minimum experience or educational requirements.

Rigorous direct cyber learning opportunities were created nationwide. This includes the government’s creation of a variety of programs that leverage earn-and-learn registered apprenticeships programs, Cyber Corps scholarship for service programs, military/veteran cyber programs, and others. 

There has also been strong multi-stakeholder collaboration with over 100 diverse organizations – philanthropies, tech companies, academic institutions, and more – making voluntary commitments to NCWES initiatives. Other commitments include:

  • $95 million in investments. 
  • 13,000 new cyber hires.
  • Cyber training for 1 million individuals.
  • $100 million supporting cybersecurity workforce development, educations, tools, and services.
  • Free foundational cyber skill trainings for 5 million girls by 2025.
  • Free cyber training for HR professionals. 

Areas for Improvement

Despite this progress, America remains in desperate need for more cyber talent and cyber skillsets. Today, roughly 500,000 cybersecurity positions are still open nationwide. 

Many Americans who could enter the profession still don’t think of cyber as a potential career. While the report details the considerable progress and opportunities created, it remains unclear if the government and stakeholders can spread awareness on new available resources. 

Public and private partners alike should continuously prioritize spreading awareness of new cyber initiatives to average Americans. Doing so will help Americans recognize their skillsets as applicable to a cyber workforce.

There needs to be more done to meet industry needs. Demand for talent is growing faster than a workforce can be trained. The government must continue prioritizing the expansion of teachers and training resources to fill federal cyber positions in FY 2024, and they are attempting to do so by conducting cyber sprints to expedite hiring.

Making Sense of the Report

The strategy initially intended to “leverage the diversity of America to strengthen the cyber workforce,” emphasizing that meaningful progress on the cyber initiative required strategic execution from all stakeholders. Human input – and a diverse range of input of that – is needed to effectively predict, model, and deter cyber threats. Below are more examples of that multi-stakeholder strategic execution from last month's report:

  • Microsoft announced an alliance with Black Tech Street, committed to training and recruiting 250,000 people into the cyber security workforce by 2025, and provided over $1.1 million in direct scholarship support to 2,378 students. Cisco committed to cyber training for 200,000 people by July 2025.
  • The Department of State is accelerating hiring for cyber positions, granting hundreds of employees Cyber & Digital Policy Tradecraft training, and implementing a trained cyber/digital officer at every overseas mission.
  • The NSA is opening Cyber Clinics in Nevada, Minnesota, Louisiana, and Virginia to provide cyber risk management training to otherwise underserved communities.
  • Multiple universities committed to equipping their students with foundational cyber skills.
  • ONCD launched a national workforce roadshow to amplify the government’s cyber workforce growth priorities, hosting events in collaboration with Members of Congress, Governors, Mayors, and private and public stakeholders in 15 different states.

These are just some of the new initiatives since the implementation of the strategy. With commitments from over 100 different organizations and 35 different federal departments, the report should serve as evidence of definitive progress made towards “Unleashing America’s Cyber Talent” in the workforce.

Moving forward, the report stated that the Biden-Harris administration will continue to drive public and private sector change through whole-of-nation engagement and collaboration, with an urgent focus on skills-based hiring to fill the hundreds of thousands of cyber job vacancies and make the cyber workforce accessible.

Ari Schwartz & Pallavi Bhargava

Read Next

Chevron Pattern Disrupted: The Impact on Cybersecurity Regulations

The Supreme Court struck down a long-standing precedent on the power of federal agencies to interpret and clarify the laws they enforce. The ruling will likely have a sweeping effect on regulations, including cybersecurity rules, in every sector.

EU Cyber Policy with Despina Spanou (DCP S2 E5)

In our latest Distilling Cyber Policy podcast, our hosts are joined by Despina Spanou, the Head of the Cabinet of the Vice-President of the European Commission. In her role, Despina oversees the EUs policies on security, migration, and other topics.

Energy Sector Companies Sign On To G7 Cybersecurity Pledge

Eight companies providing operational control technologies for the energy sector have signed on to a Group of Seven (G7) pledge to abide by a series of cybersecurity principles.