At a glance.
- US cyber workforce summit focuses on training.
- US Justice Department releases its cyber review.
- US Senate Armed Services Committee reports on cyber roles of Navy, NSA, and CYBERCOM.
US cyber workforce summit focuses on training.
The National Cyber Workforce and Education Summit was held at the White House yesterday, gathering experts from academia and the cyber community, as well as representatives from private sector companies and federal agencies to discuss the urgent need for a boost in cybersecurity talent to fill vacant cybersecurity positions across the country. At the event, Secretary of Labor Marty Walsh and Secretary of Commerce Gina Raimondo announced a 120-Day Cybersecurity Apprenticeship Sprint, aimed at supporting the use of Registered Apprenticeships to develop and train a qualified and diverse cybersecurity workforce. Secretary Walsh explained, “The 120-Day Cybersecurity Apprenticeship Sprint will increase awareness of current successful cybersecurity-related Registered Apprenticeship programs while recruiting employers and industry associations to expand and promote Registered Apprenticeships as a means to provide workers with high-quality, earn-as-you-learn training for good-paying cybersecurity jobs.” As CNN notes, the program will be supported by funding from the Commerce Department’s $500 million Good Jobs Challenge, with a focus on the recruitment of young people, women, and minorities.
Also at the event, networking and security giant Cisco pledged to address the digital skills shortage by training 200,000 students over the next three years. (Cisco’s Networking Academy already partners with nearly half of the nation’s community and technical colleges, and has worked with more than two million students over the past twenty-five years.) As well, IT nonprofit CompTIA and software company ConnectWise announced a joint effort focused on paid apprenticeships. The program will pair new, CompTIA-certified IT professionals with IT firms in the ConnectWise partner community. ConnectWise CEO Jason Magee stated, “With the backing of the White House, and in partnership with CompTIA as an established educator of IT professionals, we have a unique opportunity to move hiring forward by matching trained workers with a robust group of potential employers.”
Heather Adkins, Google’s Vice President of Security Engineering, represented the company at the White House hosted the National Cyber Workforce and Education Summit. She says that Google has expressed its commitment to workforce development with its commitment to qualifying people in essential technical fields. “I was honored to represent Google at the White House National Cyber Workforce and Education Summit today," she said. "At Google, we know that our collective cybersecurity ultimately depends on having a diverse, skilled workforce that can implement it. That’s why we’re working to help 100,000 Americans earn Google Career Certificates in fields like IT Support and Data Analytics to learn in-demand skills including data privacy and security. And why we’re investing $10 billion to strengthen cybersecurity through expanded zero-trust programs, helping secure the software supply chain, enhancing open-source security and training cybersecurity professionals.”
Akamai Chief Security Officer Boaz Gelbord also represented industry at the Summit, and commented, “Akamai was pleased to take part in the National Cyber Workforce and Education Summit at the White House today. We are committed to continuing to partner with both the public and private sector to create a robust talent pipeline in cybersecurity and to build bridges to historically underrepresented talent pools. Not only will this create high wage jobs for hundreds of thousands of Americans, it is essential to securing an increasingly digital world. A skilled workforce is vital to stay ahead of ever-evolving threats and to enable society to safely embrace the benefits of rapidly emerging technologies.”
Claroty also offered comment on the summit and the problems it sought to address. Grant Geyer, the company's Chief Product Officer, said:
"While the United States continues to grow its cyber talent, the stark reality is that the need is dramatically outpacing the talent pool. As nation states and cyber criminals are opening a new front for cyber-attacks with sabotaging physical infrastructure - as we saw with the attacks on Oldsmar's water treatment facility and Colonial Pipeline - that talent picture is even bleaker in the highly specialized area of securing critical infrastructure. Critical infrastructure that provides us electricity, clean drinking water, and supports our supply chain are dependent on specialized Industrial IoT capabilities that require unique cyber skills to keep us safe. For these reasons, the White House's focus on driving cyber talent is important to our national security and preserving our way of life."
Galina Antova, Claroty's Co-Founder, frames it as a difficult challenge for the industry as a whole, and that reaching hitherto underrepresented talent will be the key to solving it:
“Overall, we are seeing a great challenge in the cybersecurity industry with more than 2.72 million unfilled positions in the space. The need for talent in the cyber industry continues to increase as cybersecurity threats evolve to become more sophisticated.
"There isn’t an easy solution to filling the cyber skills gap, but with what we are seeing now, influential cybersecurity players are making sure to set the industry up for success down the line. It’s heartening to see a number of initiatives sprouting up to help address this problem, such as the Coalition to Close the Cybersecurity Talent Gap, a campaign to raise $1 million to help fund one year of community college courses for Bay Area students pursuing careers in cybersecurity.
"As of 2021, 24% of cybersecurity workers identify as women, 9% as Black and 4% as Hispanic. Tapping into underrepresented communities and helping show that they have a career path in the cyber industry will be vital in closing the gap.
"The cybersecurity talent shortage is a problem for everyone since cyber threats impact all industries and our nation's security. This coalition demonstrates that the cyber industry can come together to combat not one but two issues within the space, filling the diversity and skills gap by sponsoring the next generation of cyber talent.”
Chris Hallenbeck, CISO at Tanium, thinks the problem isn't the number of available candidates, but of self-defeating hiring practices:
“We don't have a shortage of people. The hiring process is utterly inflexible and getting worse. There is a rigid recruitment system in both government and private sector alike that requires combinations of experience, education, and certification that cannot be found in abundance in the candidate pool. Curiosity, critical thinking, strong work ethic all are hallmark traits. Training the ‘cyber’ pieces is arguably the easy part.
"Finding employers willing to take the gamble and provide the training, especially at a time when worker movement between employers is at an all-time high, is the challenge. Right now, this process is tied to accredited collegiate programs. Instead, it needs to be expanded and treated more like a vocational program. Government involvement could include a job corps – training and employment with a period of service.
"We need something reminiscent of a digital era 'Works Progress Administration' to encourage and cultivate the next generation of cyber security experts through a standardized and organized framework that can be successfully duplicated on a mass scale.
US Justice Department releases its cyber review.
Last year US Deputy Attorney General Lisa Monaco directed a 120-day review of the Justice Department’s approach to threats in cyberspace, and the full report on that review was released this week. The Washington Post offers three main takeaways from the analysis. Justice Department officials urge private tech companies to comply with warrants, subpoenas, or court orders and more proactively report criminal activity to law enforcement, warning that failure to do so could result in cybercriminals escaping arrest. The report also highlights the Justice Department’s successes in disrupting threat groups by seizing cryptocurrency and servers, removing malicious software, and apprehending hackers. As well, the report emphasizes the need to improve the Justice Department’s cyber workforce. As noted above, this is an issue faced by all federal agencies and the country at-large, but the analysis shows that the Justice Department is even worse off than most due to an inability to pay competitive salaries and a lack of cyber-specialized attorneys. The report recommends the Department “initiate an internal campaign to educate managers and budgetary personnel regarding existing hiring and retention incentives.”
US Senate Armed Services Committee reports on cyber roles of Navy, NSA, and CYBERCOM.
The full text of the Senate Armed Services’ National Defense Authorization Act for fiscal 2023 was released this week, and the annual defense policy bill questions whether the Navy should be involved in cyberoperations for US Cyber Command. FedScoop explains that the Navy does not have a dedicated military occupational specialty for cyber, and one provision of the bill recommends an evaluation of the Department of Defense’s approach to training and organizing cyber forces. Currently the services are largely responsible for training cyber mission teams, but some experts say the number of forces and their tool sets might be inadequate, and the Senate Armed Services Committee (SASC) bill calls for a study examining the responsibilities of the military services for organizing training and presenting the total forces to Cyber Command, with the establishment of fresh model by the secretary of defense by the end of 2024.
FedScoop adds, the SASC bill also calls for annual briefings on the relationship between Cyber Command and the National Security Agency, which share a location and resources, including their boss, General Paul Nakasone. The arrangement was intended to be a temporary solution, as the two groups have very different missions, and critics argue sharing intel increases risk of espionage, and having General Nakasone lead both groups gives the role too much power. The report accompanying the bill states, “The committee believes that the dual hat relationship ensures a strategic alignment between these organizations and is essential to the Nation’s success in strategic competition,” but the annual briefings are intended to ensure that this is the case.