President's Commentary: Do Cyber Warriors Need a Degree?
The United States faces a severe shortage of workers needed to design, build, operate, secure and defend the cyber domain and conduct offensive operations in that vital arena.
In September, the Federal Cyber Workforce Management and Coordinating Working Group estimated that the country needs to fill 700,000 cyber-related jobs with 40,000 of those vacancies in the public sector. The report further revealed that 30% of the cyber workforce is 55 or older and only 6% is under 30. This shortage adversely affects missions across the national security and defense community.
Fortunately, the entire federal government is taking serious steps to alleviate the shortage. The Department of Defense (DoD), for example, recently rolled out the 2023-2027 cyber workforce strategy. The DoD cyber workforce includes professionals in information technology, cybersecurity, cyberspace effects, cyberspace intelligence and cyberspace enablers. Among its goals, the military aims to expand the workforce to include expertise in artificial intelligence, cloud computing, data and secure software development and to ensure the skills required for building, securing, operating and defending control systems.
Military cyber forces stand 225,000 strong—larger than almost half of all other federal agencies combined—but officials hope to bring in more nontraditional workers. They also will institute regular capability assessments and analysis processes to identify and better manage personnel needs.
One important element within the cyber workforce strategy may be somewhat controversial but also long overdue: it recognizes that college degrees are not always necessary for cyber personnel to contribute to mission success. The department’s chief information officer (CIO) is developing tools to assess civilian cyber skills and more effectively hire qualified experts by eliminating certain degree or policy requirements.
While a college education is critical to many things going on at the DoD, an ability to think creatively and solve problems also is important, according to Patrick Johnson, who leads the Workforce Innovation Directorate within the CIO office. Jackson made the comments while talking to reporters when the strategy was released. He added that the DoD will not follow a “one-size-fits-all” policy in pulling in cyber workers. The department will tap into high schools and apprenticeships with industry, for example, to vary the worker pool.
No one discounts the value of college degrees, but many individuals without degrees have helped to build the cyber domain as we know it today. And we at AFCEA sometimes hear from our government teammates that the degrees being offered often focus too heavily on theory rather than the practical hands-on experience needed for day-to-day missions. Theory certainly adds value, but too many graduates do not know how to conduct penetration testing or perform other critical tasks.
I’ve been told that in at least one instance industry has learned that blind aptitude testing for software developer skills sidesteps a degree requirement and brings in a more diverse workforce as well.
Acknowledging that experts who are self-taught or have received hands-on training can contribute to the nation’s security and cyber success will allow the military and other government agencies to more rapidly broaden the pool of professionals and could help fill current skills gaps. Degree-free cyber warriors who want to rise into senior positions can take advantage of in-house or other learning opportunities. After all, learning is a life-long process in the cyber field.
Fighting successfully in the cyber domain requires myriad skills, diverse experiences and an array of leadership styles. What is needed is a diverse cyber workforce with a combination of training, certifications, experience and education in the various functional areas, all working together to achieve mission success.
The men and women working diligently in the cyber arena richly deserve our thanks and the relief that will come with expanding the force. These improvements are needed to continue building, diversifying and enhancing our already strong, innovative, intelligent and dedicated cyber force.