Our adversaries have never had more tools at their disposal to increase the volume, velocity, and sophistication of the threats they deploy. As these malicious actors advance their efforts—with transnational crime groups and cybercriminals increasingly working together to converge physical and digital threats that uniquely threaten our nation’s critical infrastructure—our country faces a significant challenge as we collectively struggle to fill vacant yet vital cybersecurity roles. According to a recent report, more than 500,000 cybersecurity professionals are needed to close the current workforce gap in the United States alone.
Earlier this year, I served as a witness before the U.S. House Committee on Homeland Security’s hearing on “Preparing the Pipeline: Examining the State of America’s Cyber Workforce.” In my testimony, I emphasized the need for stronger public-private partnerships to break down barriers to entering the cyber workforce. I discussed the need for new and creative approaches to recruiting, hiring, and retaining talent. I also highlighted the importance of initiatives like the Cyber PIVOTT Act, which would provide a pathway for training 10,000 new cyber professionals a year through two-year degree programs at community colleges and technical schools.
With 75% of U.S. leaders saying the shortage of skilled cybersecurity professionals contributes to heightened security risks, our country’s skills gap requires urgent attention from the public and private sectors. Together, we must adopt new programs that help us collectively attract, hire, and retain new cybersecurity practitioners. Our national security depends on it.
New Recruitment Approaches are Vital to Filling Critical Cyber Roles
Ongoing recruitment challenges represent a significant and dangerous supply problem for public and private sector organizations, with more than half of leaders indicating that they continue to struggle to find cybersecurity talent.
Embracing new recruitment strategies—including seeking out candidates from untapped and underrepresented talent pools—is crucial to effectively shrinking the skills gap and ensuring organizations find the professionals they need. For example, military veterans moving into key civilian roles possess skills that are highly relevant to cybersecurity, such as situational awareness, leading in a crisis, and the ability to perform under pressure. While technical skills can be taught, these innate attributes are critical in many cyber roles. It’s encouraging to see organizations increasingly recognizing the value that groups like our military veterans bring to the cybersecurity field, with 83% of companies indicating that they have implemented hiring goals dedicated to recruiting professionals from fresh talent pools.
Eliminating the Barriers to Entry in Cybersecurity
Several interconnected challenges have aggravated the cybersecurity workforce gap, such as a lack of standardization across cybersecurity roles and competition across other industries for technically skilled professionals. One of the most significant hurdles is the many barriers to entering the field of cybersecurity, both for entry-level candidates and career changers, such as a lack of access to education and training. Compounding the problem is the fact that many public and private sector organizations require a candidate applying for a cybersecurity role to have a traditional four-year degree in a related field.
Organizations must reconsider using a four-year degree as a baseline requirement and a default filter when hiring, as this often results in promising candidates being rejected from the outset. Other education pathways, such as cybersecurity and technical certifications, boot camps, and train-to-hire programs, can be highly effective in equipping professionals with the skills needed to jump-start or advance a cybersecurity career. Many executives regard certifications as badges of cybersecurity knowledge. More than 90% prefer to hire candidates who hold certifications and 89% say they would pay for an employee to obtain a certification.
Retention Efforts Matter
Retention efforts are just as vital as recruitment in addressing the cyber talent shortage. High turnover rates exacerbate the skills gap and result in knowledge loss, increased training costs, and potential disruptions in cybersecurity operations.
Cybersecurity professionals often face high stress levels, burnout, and job dissatisfaction because of long hours and intense workloads. Without clearly defined career pathways, opportunities for advancement, and upskilling, many practitioners may leave the field for roles in other industries.
Organizations must find ways to keep existing talent engaged, motivated, and growing within their careers. Investing in retention strategies is crucial to maintaining an experienced cyber workforce. In addition to providing competitive compensation and recognition for strong performance, enterprises should consider offering cybersecurity practitioners a robust set of professional development opportunities, including continuous learning and training, exposure to challenging projects and new technology, and mentorship programs.
Building the Cyber Workforce of Tomorrow
As the threat landscape grows more complex, the need for a skilled cybersecurity workforce has never been greater. Prioritizing and investing in cyber workforce development through stronger public-private partnerships and innovative recruitment and retention strategies will enable our nation to protect its critical infrastructure and build continued resilience against adversaries.
