No matter the outcome of the November presidential election, President Joe Biden’s administration will end on Inauguration Day in January 2025. When that happens, his White House tenure will mark the end of a four-year initiative to bring more American workers into the cybersecurity field to fill thousands of open jobs.
Since first taking office after several cybersecurity incidents such as the SolarWinds supply chain attack, Biden focused a significant portion of his presidency on cybersecurity. This includes focusing on cybercrime—ransomware especially—and nation-state attacks directed at government agencies and private enterprises.
At the same time, the White House has attempted to bolster the nation’s cybersecurity workforce in the public and private sectors by appealing to tech professionals looking for career advancement, as well as engaging and recruiting potential candidates who lack four-year college degrees or come from non-traditional backgrounds.
The results of these efforts remain mixed: The CyberSeek website still lists nearly 470,000 open cyber positions in the U.S. A recent report also finds that lack of security budget dollars now hampers hiring, especially among enterprises.
With only four months left, the Biden White House is attempting to try one last “sprint” to fill as many cybersecurity positions as possible. Announced in early September, the latest "Service for America" initiative is spearheaded by the Officer of the National Cyber Director (ONCD) and Office of Management and Budget (OMB); this program is also part of the administration’s National Cyber Workforce and Education Strategy (NCWES).
The goal is to reach more potential workers and candidates interested in careers such as cybersecurity and IT and cutting-edge areas, including artificial intelligence (AI). In keeping with previous initiatives, this latest effort is designed to focus more on skills-based hiring, including seeking out talent using apprenticeships and other learning methods.
“There is a perception that you need a computer science degree and a deeply technical background to get a job in cyber,” National Cyber Director Harry Coker Jr. noted in a blog post about this latest sprint. “The truth is, cyber jobs are available to anyone who wants to pursue them. Cyber professionals are part of a dynamic and diverse modern workforce and individuals from all backgrounds and disciplines have a place.”
While shrinking or closing the cyber skills gap remains daunting, experts believe that whoever wins in November should continue pursuing its main goal: building up the U.S. security workforce as threats remain and new technologies pose a challenge.
“Initiatives like this are essential to sustain and expand the talent pool within the cybersecurity space,” Michael Skelton (a.k.a. Codingo), vice president of operations and hacker success at Bugcrowd, told Dice. “Given the rise of ongoing persistent threats, these efforts will likely continue regardless of changes in administration. The foundational work that has been done, such as broadening pathways and awareness into cybersecurity roles and promoting non-traditional hiring, will remain crucial.”
Signs of Progress in Cybersecurity Hiring
While there remain significant obstacles to overcome when it comes to hiring enough tech professionals to close the security talent gap—CyberSeek estimates that 225,200 more cybersecurity workers are needed—the Biden administration has brought more attention to the issue in the last four years, experts said.
Part of that effort is encouraging potential candidates from non-traditional backgrounds to pursue cybersecurity or other tech careers. In July, the Biden administration announced $244 million to expand its apprenticeship program across multiple industries including tech and cyber.
These initiatives will likely have a long-term effect. “It’s encouraging to see the current administration continue emphasizing cybersecurity as a part of our country and an employment opportunity. Many of us in the field would agree that job descriptions and requirements can place unnecessary barriers to hiring good talent,” Karsten Chearis, a senior sales engineer for the U.S. at XM Cyber, told Dice. “Our federal government working to focus on skills rather than mostly on degrees is welcomed.”
Chearis quickly added that appeals to patriotism and helping out the government in a major undertaking must also be paired with good pay. “It’s noble to introduce cybersecurity as a patriotic duty, but any working American would argue that patriotism doesn’t pay bills,” Chearis added.
Experts also noted that these jobs and skills-development programs will likely stay in place for several administrations, even if a new White House does not emphasize them as much as the Biden administration.
“Cybersecurity workforce development initiatives are likely to continue regardless of administration changes due to the persistent and growing threat landscape,” Stephen Kowski, Field CTO at SlashNext, told Dice. “The need to fill critical cybersecurity roles transcends political boundaries and is driven by technological advancements and evolving cyber threats. Ongoing efforts to expand the talent pipeline through diverse pathways will remain essential to address the skills gap and protect critical infrastructure.”
For Amit Zimerman, co-founder and chief product officer at Oasis Security, the U.S. is following an example from Israel in creating stronger cybersecurity programs and much more cooperation between the private sector and government agencies. This includes training programs to make cybersecurity a much more critical issue that is the responsibility of all employees beyond the security and IT teams.
“Such programs, conducted under strict ethical and legal frameworks, not only enhance the capabilities of security practitioners but also improve defensive strategies by understanding and countering evolving threats,” Zimerman told Dice. “To achieve similar progress elsewhere, there should be greater emphasis on creating integrated training programs that combine practical experience with theoretical knowledge, fostering a robust pipeline of skilled professionals.”
Additional Work to Address Needed Skills
Despite some progress and shining a greater light on the issue of cybersecurity hiring, experts believe the federal government can do more to promote the skills security workers will need to stay competitive, whether those tech pros have four-year degrees, come from a military background, or find their career through a non-traditional path such as an apprenticeship.
“All progress in developing skilled professionals in the security space should be celebrated. However, a significant gap in the market remains for highly specialized professionals with unique specializations,” Bugcrowd’s Skelton noted. “Identifying talent through programs like bug bounty initiatives, and providing clear pathways into specialized roles, would help bridge this gap and further support the work ONCD and its partners have done to raise awareness of opportunities within government roles.”
The federal government can also provide resources for more hands-on training to help close the skills gap and introduce seasoned tech professionals to new areas such as A.I., Kowski said.
“While progress has been made in raising awareness and creating new pathways into cybersecurity careers, the skills gap remains significant. More emphasis could be placed on hands-on training programs that rapidly build practical skills in areas like threat detection and incident response,” Kowski added. “Increased public-private partnerships to align curricula with real-world needs and accelerate workforce development would also be beneficial.”
To take these efforts to the next level, experts like Zimerman want to see the U.S. encourage more cybersecurity startups through tax and other incentives that can help bolster defenses and create new pipelines of tech talent.
“Moreover, the government plays a pivotal role in fostering innovation by supporting cybersecurity startups through various budgetary incentives, creating programs for venture capitalists, and promoting community development,” Zimerman noted. “These initiatives help bridge the gap between government and industry efforts, creating a robust ecosystem where both sectors can thrive together. The combination of patriotism-driven motivation and targeted government support is crucial for advancing cybersecurity capabilities and addressing emerging threats effectively.”
