Removal of Certain Degree Requirements To Boost Federal Cyber Workforce

Where appropriate, certain degree requirements for federal cyber jobs and contracting positions will be lifted to add hiring flexibility in the U.S. cyber field and pull in talented personnel, reported Acting Principal Deputy National Cyber Director Jake Braun in the White House Office of the National Cyber Director (ONCD).

Braun spoke with Col. Michael Black, USAF (Ret.), vice president of defense at AFCEA International, on Wednesday during AFCEA’s annual TechNet Cyber conference in Baltimore.

“We can't just go to the four-year institutions that have folks with bachelor's degrees in cybersecurity and think that's going to solve the problem,” Braun said. “And look, I'm all for four-year degrees. We're not against secondary education. But even if everybody in a cyber program in an undergraduate school today graduated from that program and went into cyber, we still wouldn't have enough people.”

The federal government needs to expand the cyber workforce pipeline to target workers from all over, such as from community colleges in rural areas, veterans’ groups and minority-serving institutions, he emphasized. To help advance the cyber workforce, the ONCD is supporting the build out of apprenticeship programs, internships and hiring people based on skills, not necessarily four-year degrees.

“Through OPM [the Office of Personnel Management], we are in the process of removing the four-year degree requirement for the 2210 job series, which is basically information technology (IT) workers,” Braun explained. “About 60-70% of cyber jobs fall within that category. Essentially, we're able to then hire people based on years of experience, certifications, aptitude tests and so on.”

The ONCD and OPM are coming up with a range of ways to assess people’s cyber skills whether or not they have an undergraduate degree. And since most of the cyber federal workforce is fielded by cybersecurity contractors, the organizations are working with the acquisition community to selectively remove four-year degree requirements from contract language.

“Of course, in some cases, you may need a Ph.D. for a particular cyber job, but where appropriate, we're working to remove four-year degree requirements from contracts as well,” Braun shared. “And again, no one wants a race to the bottom on talent. And so, we're working with the acquisition community to identify what other ways to assess talent.”

In addition, the ONCD launched three federal cyber hiring sprints and is completing an effort with the OPM to count all cyber jobs in the federal government to better understand vacancy rates.

“Nobody today could tell you how big the problem is that we are trying to solve of how many cyber vacancies there are in the federal government,” Braun stated. “And so, we started an initiative with OPM, about six to eight months ago, to actually for the very first time for the entire federal government, count the number of cyber jobs and figure out how many are filled.”

The ONCD was created in 2019 by a bipartisan act of Congress and is now led by its second director, Harry Coker, a former CIA senior executive and naval officer, who was confirmed by Congress for the role in December 2023. The White House-based agency is overseeing and implementing these cyber workforce steps and other key cyber security policy measures, based on the National Cybersecurity Strategy, a 10-year plan it drafted, and the subsequent National Cyber Workforce and Education Strategy, Braun stated.

“The strategy really calls for two key shifts in how we think about cyber,” he continued. “No. 1 is that we're trying to shift the burden of cyber from the individual to the folks in industry that build our technology, the big tech companies … The second piece of this is really incentivizing long-term investments in cybersecurity on the front end of building out our national infrastructure.”

Notably, cyber initiatives have the funding to back up efforts, thanks in part to $1.8 trillion in appropriations across three major pieces of legislation, the Bipartisan Infrastructure Law (BIL)—which is for investing in roads, bridges and airports—the Inflation Reduction Act, and the CHIPS and Science Act.

“So, marrying up the cyber strategy with this $1.8 trillion of investment is a way that we're really trying to think about what the cyber ecosystem of the future looks like for us,” Braun stressed.

For those in the cybersecurity industry, this means creating opportunities that companies may not have thought of yet, Braun emphasized.

“Cyber is implicit throughout all three bills,” he said. “You can't build a wing of a modern airport without having cyber in it. You shouldn't hook up solar panel installations or wind farms to the grid without having cyber be a part of it, nor should you build an advanced manufacturing plant with CHIPS money without having cyber be a major part of the plant. And what we are trying to figure out and work with the [cybersecurity companies] on is how do we take the goals of the strategy and provide resources to those who invest in long-term cybersecurity and marrying that up with this 'once in a generation' investment.”

To provide a central knowledge of resources for the federal government and states to build a cyber workforce, the ONCD also took inventory of all the programs that support federal cyber workforce development across the country. The office found 109 such programs, including scholarships, grants and other programs at the state and local levels.

“I was just in the mayor's office in Cleveland, and they were like, ‘How do we do a better job of building out our cyber workforce?’” Braun said. “Instead of doing what the White House normally does, which is to give you a ‘best practice guide,’ I could say, ‘Actually, there's 109 programs that you guys can access, and feel free to reach back out to us for any more information.’”

Lastly, what is different about the ONCD than other agencies is that it has up “to nearly 100 people whose sole job is driving federal cohesion on cybersecurity,” Braun emphasized. This means interagency calls on a daily basis and tracking cybersecurity efforts on a federal scale to make sure cybersecurity happens.

“I'm not aware of another time in the history of the federal government where we put out a strategy on cybersecurity like this and then had a team this large that was driving implementation of it and cohesion across the federal government to implement that strategy,” he said.

TechNet Cyber is an annual event held in Baltimore, Maryland, organized by AFCEA International. SIGNAL Media is the official media of AFCEA.