Panelists at a Capitol Hill hearing made a broad call today for employers to no longer require four-year college degrees when it comes to hiring a robust cybersecurity workforce.
During a June 22 House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection hearing, expert witnesses addressed lawmakers’ bipartisan concern for the nation’s cybersecurity workforce shortage and said that employers – including the Federal government – must also consider cyber certifications alongside college degrees when looking to make hires.
From May 2022 through April 2023, the cybersecurity workforce gap boasted over 660,000 open jobs nationwide, according to CyberSeek. Will Markow, the vice president of applied research at Lightcast and the lead developer of CyberSeek, said that this gap is equivalent to missing one-third of an army.
“We are stepping onto the digital battlefield missing nearly a third of our cyber army,” Markow said during his testimony. “We need over 460,000 new skilled cybersecurity workers to meet employer demand.”
Markow said that one way Congress, the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal government in general can work together to strengthen the cyber pipeline is to become “an exemplar for innovative, skills-based cybersecurity hiring practices.”
This means shifting to a skills-based approach to hiring for cybersecurity roles and cataloging and promoting best practices for the private sector to emulate, Markow said – including reducing education, experience, and certification requirements in job openings; prioritizing training for high-growth, high-value skills; and building career pathways to enhance career advancement potential for cybersecurity workers.
Lightcast data shows that removing a bachelor’s degree from early-career cybersecurity job postings can reduce the average cost to hire by over $15,000 and increase the candidate pool by over 60 percent, Markow explained.
Retired Marine Col. Chris Starling – who now serves as the executive director of NPower in California – said he is working to close the cyber gap and help families who live below the poverty line – and specifically veterans.
The company’s mission is to create pathways to economic prosperity by launching digital careers for military veterans and young adults, aged 18 to 26, from underserved communities. Starling explained there are two different types of cyber courses NPower students can take – which cost about $7,000 for the company – but come at no cost to those who take the course.
Once they get that cyber certification after 16 to 18 weeks of learning, they can land a job in California that pays anywhere from $50,000 to $63,000 –and has the veteran or young adult on the path to making well over six figures after three years at their company, he said.
The retired Marine said that NPower has trained 560 individuals from under-resourced communities in cybersecurity since 2015, but they’re looking to scale up the program in the coming years.
“Technology is one of the main drivers of the U.S. economy, and the demand for talent constantly outpaces the supply of skilled workers,” Starling said. “Experts project tech sector employment to grow at the fastest rate of all occupations – and people simply aren’t entering the field fast enough to replace retiring workers.”
Starling called on the subcommittee to modernize and reform Federal workforce hiring practices to adopt skills-based hiring practices. “This allows the Federal government to compete for a talented and diverse workforce pool that prioritizes skills and a candidate’s ability to do the job and leads by example in equity-focused workforce development,” he said.
The panelists also acknowledged that Congress needs to help educate individual employers on the criticality of skills-based hiring in the cyber workforce.
Senior Director of U.S. Government Affairs at SAP America Anjelica Dortch said that the government needs to create a dashboard where both employers and employees can go to seek out cyber training resources in one centralized place. They should do the same for cyber careers as well, through a centralized hub, she said.
Dortch added, “It’s really a call for harmonization and removing duplication, that’s key.”
Dortch said that Congress’ current and forthcoming frameworks and regulations must be “best practices that we can incorporate into our businesses and make sure that we’re fostering good cyber hygiene.”
