Top considerations for narrowing the federal cybersecurity skills gap
Addressing the federal cybersecurity skills gap requires a multifaceted approach in coordination with the private sector.
As the cybersecurity landscape continues to evolve, so do threats posed by adversaries who want to disrupt the federal government’s networks and critical infrastructure.
The federal government has voiced its concern about employee readiness to prevent the latest cybersecurity issues and made progress with the National Cyber Workforce and Education Strategy. However, as attacks become more sophisticated, agencies must work more closely with industry to stay ahead of the fast-paced cybersecurity challenges that lay ahead.
In a recent survey conducted by the International Information System Security Certification Consortium (ISC2), 78% of government and 76% of military respondents noted they face cybersecurity staffing shortages, tied for first and second by industry. With organizations across the private and public sectors looking to rapidly build out their cybersecurity teams, federal agencies must prioritize upskilling opportunities for their current workforce while identifying opportunities to recruit and retain top talent.
Upskilling and expanding the federal cybersecurity workforce
With the existing cybersecurity workforce shortage, agencies must identify gaps in their cybersecurity plans and equip current employees with adequate tools and training.
Federal employees have access to various government training environments, including the Persistent Cyber Training Environment (PCTE) and Federal Virtual Training Environment (FedVTE), that can help them develop foundational cybersecurity skills. However, these programs often cannot update content and technology fast enough to keep pace with both adversarial techniques and industry advancements.
Industry can augment the federal government’s existing skills-training capabilities and expose employees to emerging cyber technologies as well as AI and automation. For example, industry-led capture the flag (CTF) competitions can help federal cybersecurity professionals obtain hands-on experience with new technologies and analyze their understanding of the threat landscape to better prepare for a wider range of potential attacks. These customizable environments provide continuous learning and skill enhancement opportunities while helping teams develop coordination and chemistry.
Another consideration to combat the federal cybersecurity skills shortage is the role of diversity within teams and the opportunity its continued development presents. Creating a diverse cybersecurity workforce is top of mind for the federal government with the introduction of the Diverse Cybersecurity Workforce Act, which would create a program under the Cybersecurity and Infrastructure Security Agency (CISA) focused on cyber workforce outreach in disadvantaged groups, including veterans, racial or ethnic minorities, people with disabilities and formerly incarcerated individuals.
The White House recently championed skills-based hiring, opening up opportunities to workers who have learned from apprenticeships and other training programs, as opposed to relying solely on degree requirements. Beginning next summer, the Information Technology Management series, otherwise known as the 2210 job series, will fully embrace skills-based hiring practices, creating new pathways for citizens to enter the growing government cybersecurity field.
A clear business advantage, a diverse workforce gives agencies visibility into a talent pool that they otherwise wouldn’t have access to and provides a new line of sight into the rapidly evolving tactics used by adversaries. By tapping into candidates with non-traditional backgrounds, agencies can take one more step towards addressing skills shortages and empowering existing employees with the additional support they require.
Empowering employees with AI and automation
As adversaries evolve their use of AI and automation, their ability to build complex cyber tools and cyber weapons accelerates. To outpace these threats, federal agencies must couple skills-based training opportunities with the right AI tools, which will ultimately require updates to legacy technologies. By improving outdated hardware and software, agencies can strike the right balance between the risks and opportunities AI presents. This includes increasing speed and efficiency in operations, leveraging AI to counter adversaries, expanding staff and resources to offset a talent shortage, complying with data privacy regulations, maintaining customer trust, and avoiding costly remediation and recovery.
AI, automation and other cutting-edge tools can create a more dynamic and innovative work environment for federal employees. These advancements can help reduce menial tasks and simplify complex projects, freeing up employees’ time to enhance their skills and reduce the risks of oversight due to staffing challenges and burnout. In turn, providing this necessary support will help retain top talent and allow professionals to grow in the long term.
Addressing the federal cybersecurity skills gap requires a multifaceted approach in coordination with the private sector that includes evolving skills-based training opportunities, developing a diverse workforce, and empowering employees with the latest AI and automation tools. By prioritizing these strategies, federal agencies can upskill their current workforce while attracting and retaining top talent, ensuring widespread protection against evolving cyber threats and safeguarding national security.
Vimesh Patel is federal chief technology advisor at World Wide Technology.
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.