On Tuesday, the administration announced a multi-agency plan to create hundreds of registered apprenticeship programs with the private sector to flesh out the nation’s cybersecurity workforce — and defend against a rising tide of data breaches, ransomware attacks and other hacking incidents.
In a 120-day sprint, the US government will work with employers to establish apprenticeship programs in the cybersecurity industry, said Labor Secretary Marty Walsh, vowing to launch the joint program with the Department of Commerce “in as little as 48 hours.”
The initiative draws funding from a wider $500 million Commerce Department program known as the Good Jobs Challenge, and will particularly focus on recruiting young people, women and minorities to train and work in the cybersecurity field, said Walsh and Commerce Secretary Gina Raimondo at a White House event on Tuesday focused on broader cyber workforce issues.
The US government commitment highlights what officials describe as a critical lack of cybersecurity professionals in both government and the private sector who can help protect the nation from foreign adversaries and cybercriminals. Months ago, there were an estimated 500,000 unfilled cybersecurity positions in the United States, Raimondo said, but today that figure has exploded to more than 700,000, a 40% increase.
In recent years, a steady drumbeat of cyberattacks targeting government agencies, financial institutions, health care and other sectors have demonstrated the country’s vulnerabilities in cyberspace, showcasing a lack of trained IT security professionals and alarming experts who have spent years tracking the growth of hacker groups.
“The cybersecurity talent shortage is one of the most significant and threatening challenges facing our industry today. We all need to think differently about the problem,” said Barbara Massa, executive vice president at the cybersecurity firm Mandiant. “We need more cyber professionals entering the career field. And a cybersecurity career should be in reach for anyone who wishes to pursue it. We need more pathways to cyber careers and we need them as soon as possible.”
To meet the increased demand for cybersecurity defenders, the country cannot depend on legacy talent pipelines, US officials argued, saying that the glut of open job listings provides opportunities to all Americans but particularly to historically underrepresented groups.
“We’re not going to find 700,000 people if we’re only looking for white men. It’s not going to happen,” Raimondo said.
Amb. Susan Rice, the White House domestic policy advisor, said women account for less than a quarter of the country’s cyber workforce, with 9% of the workforce identifying as Black and just 4% as Hispanic.
“America is safer and stronger when we bring everyone to the table,” Rice said, before referring to one notable example of a company hit by a ransomware attack. “Helping a company like Colonial Pipeline protect itself [means] building a much better cybersecurity job pipeline.”
National Cyber Director Chris Inglis told CNN on Tuesday the United States is currently only able to fill about two-thirds of all cyber job openings being added to the industry each year, resulting in the increase in vacancies.
“It’s going to take a little bit longer to arrest its upward climb before we bend it and we trend it down,” he said. “But we’re very aggressive about this, and I think we can make a substantial difference in months or a few years’ time as opposed to having this be with us for the next generation.”
In the coming months, he added, the US government expects to publish a national cyber workforce strategy that will lay a foundation for further training and development.
As part of Tuesday’s summit, dozens of businesses and organizations descended on the White House to discuss how to expand the nation’s cybersecurity workforce. The list of attendees included tech companies such as Amazon and Google; cybersecurity firms such as Mandiant and Fortinet; and businesses that consumers interact with daily, such as Bank of America and Walmart.