Security Staff Acquisition & Development, Government Regulations

House bill would create new cyber training and apprentice programs at DHS

Rep. Chrissy Houlahan, D-Pa., speaks during news conference discussing the “Shutdown to End All Shutdowns (SEAS) Act” on Jan. 29, 2019, in Washington. Houlahan introduced proposed legislation that would create two new cybersecurity training and apprenticeship programs within the Department of Homeland Security. (Photo by Zach Gibson/Get...

A bill introduced in the House this week would create a program within the Cybersecurity and Infrastructure Security Agency to retrain military veterans and members of the armed forces.

The Federal Cybersecurity Workforce Expansion Act would create one or more new apprenticeship programs that are geared towards filling cybersecurity roles or needs at CISA, or that directly lead to a cybersecurity job with the agency or its contractors and grantees. It would also create a pilot program to train members of the military who are transitioning to civilian life to develop cybersecurity specific skills that includes virtual coursework and training, skills labs and assessments and portable credentials that can be used to pursue cybersecurity work at CISA or elsewhere in the government and private sector.

The legislation, introduced this week by Reps. Chrissy Houlahan, D-Pa., and Anthony Gonzalez, R-Ohio, directly cites the SolarWinds hack and recent high-profile ransomware attacks against critical infrastructure to argue that the need today for qualified federal cybersecurity personnel is more crucial than ever.

“The damage of security breaches is reaching new, treacherous highs every day, and we must respond accordingly — the U.S. needs an experienced cybersecurity workforce to defend ourselves and our interests against bad actors,” Houlahan said. “This legislation does exactly that. By training the veteran community to fill some of these jobs, we are not only doing what is right for our brave service members but also what is right for our national security.”

The legislation would also extend the timeline for a planned federal workforce assessment by an additional three years from 2022 to 2025. A companion bill was introduced in the Senate earlier this year.

Like virtually all large public and private sector organizations, CISA and the federal government are having trouble finding and hiring enough cybersecurity personnel to keep up with demand. CyberSeek, a supply and demand heat map for cybersecurity jobs created by the National Initiative for Cybersecurity Education found approximately half a million unfilled job openings across the country. It also found that cybersecurity positions on average take 21% longer to fill than other jobs.

Members of the cybersecurity community often debate whether these statistics reflect an actual shortage of available talent or the ongoing failure of many organizations to put forth realistic or appropriate requirements around experience, certifications and other qualifiers. But there’s no doubt the government needs more cyber talent. CISA announced earlier this year it was going on a 200-person hiring blitz to fill gaps in their digital security mission.

In April, Brian Scott, Director of Critical Infrastructure and Cybersecurity at the National Security Council, said the increased threat landscape and targeting from nation state and ransomware actors have created an even greater sense of urgency within the government to develop new programs and initiatives to bolster the government’s cybersecurity workforce.

Just last week the White House rolled out a range of initiatives related to the cybersecurity workforce last week, including moving forward on a DHS program that would create a new category of federal employee that would allow agencies like CISA to sidestep cumbersome federal hiring requirements and offer higher salaries and benefits to compete with the private sector.

“We can not afford to continue to lose great candidates to other jobs in other sectors and to the private sector because of lengthy delays in hiring processes and onboarding processes,” said Scott.

Training programs in particular are a key component of the Biden administration’s plans nd not just for IT or security positions.

 “Cybersecurity skills are not only needed for our cyber workforce professionals, they’re also a necessary core competency for every member of our workforce,” said Scott. "Cybersecurity is a requirement in everything we do and touch in today’s world and the threats and consequences we are facing are continuing to grow and become more complex.”

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.