A U.S. commission focused on bolstering the nation's cyber security posture on Tuesday released guidelines aimed at creating a strategy to develop the federal cyber workforce.
The overall goal is to grow the nation's workforce, but the latest white paper from the Cyberspace Solarium Commission says the new guidelines focus on making the federal government efforts here a "proof of concept of effective cyber workforce planning and policies."
The paper puts forth five elements to guide a "coherent" federal cyber workforce strategy "that enables substantive investment" in developing the workforce.
The five elements include better organizing departments and agencies to organize and manage their workforces. Recommendations here include identifying cyber-specific job classifications and creating a federal cyber service for clear and agile hiring authorities.
The second element is focused on the recruitment of talent, including taking advantage of existing programs such as the CyberCorps: Scholarship for Service by investing in them and minimizing barriers to hiring due to security clearance processes.
The commission says that to develop talent it should begin drawing from a more diverse set of educational backgrounds due to insufficient numbers of people graduating from "conventional" computer science and engineering programs. More than 500,000 cyber security jobs in the U.S. are open and that number is growing, it says.
To help remedy the workforce development challenge, the commission recommends establishing apprenticeship programs that include classroom learning with paid on-the-job learning, and creating a pilot program for "upskilling" military veterans and service members that are leaving the Armed Forces to take advantage of existing educational opportunities to create pathways into cyber security work.
The fourth element is focused on a more flexible approach to retaining cyber talent such as making it easier to move between the private and public sectors, creating rotational and exchange programs, pay flexibility and developing career pathways.
The commission points out that federal pay is usually based on academic degrees and years on the job yet cyber security talent often has nothing to do with either. It says "an associate's degree can be a very valuable credential" but under the federal pay scale such a degree ranks lower than a bachelor's degree and pays less when entering the workforce.
The commission also says the government needs to "stimulate growth" of the national cyber talent pool including making the National Initiative for Cybersecurity Education public-private partnership, which is managed by the National Institute of Standards and Technology, the lead in coordinating government efforts here.
The commission also recommends that the government support cyber education in kindergarten through high school, invest in a more diverse workforce, and develop and measure data to better understand the workforce.