Workforce Development

A state’s ability to manage, prevent and mitigate damage from cyberattacks depends on a workforce trained in the relevant skills. Unfortunately, many state agencies, including those focused on IT and cybersecurity, lack sufficient numbers of skilled employees. Building a cybersecurity workforce pipeline will address these challenges as well as grow a state’s economy by creating a new engine for job growth.

What are the challenges to workforce development?
  1. Cybersecurity specialists choose lucrative positions in the private sector, where their skills command a high price that states find difficult to match;
  2. Talented individuals who express interest in government service often are drawn to federal agencies, which offer access to highly desirable cyber tools;
  3. Budget woes undermine traditional perks of state employment (e.g., pensions); and
  4. Cybersecurity is not yet a high-profile aspect of state service.

State Example The Washington Way

Washington state received an award from NASCIO in 2016 for their unique initiatives to attract and retain IT employees. Specifically, they are: experimenting with self-management; “google-fying” their offices; reclassifying state government technology positions; and hiring for value alignment instead of skills.

State Example Indiana’s Security Operations Center

The Security Operations Center (SOC) for Indiana hires students from Purdue University as parttime cybersecurity analysts--15 students, each for 12 hours per week. Officials report the model is incredibly efficient. For the cost of 1.5 senior analysts, the state receives the work of nine people. Other states are replicating Indiana’s approach.

State Example Cybersecurity Courses in K-12 Classes

Rhode Island launched the Computer Science for Rhode Island (CS4RI) initiative to bring computer science courses into every public school by the end of 2017 through a public-private partnership.

State Example Scholarship for Service

Virginia’s Scholarship for Service initiative awards roughly 25 scholarships for up to two years for students studying cybersecurity. Upon graduation, recipients will work for a state agency for up to two years.

What Should Governors Ask Themselves Prior to Embarking on Any Major Initiatives?
  • What is the unmet demand for cybersecurity workers in my state?
  • What are the current cybersecurity-related course offerings in K-12 and higher education in my state?
  • Is my state providing any incentives to attract individuals into the field of cybersecurity?
  • Are the potential in-state employers of cybersecurity experts already working with any institutions in K-12 or higher education?
What Can Governors Do?
  • Centralize the management of information technology and cybersecurity across the executive branch to reduce the state’s demand for cybersecurity expertise;
  • Begin a program to assign qualified college students as low-cost, high-skilled cybersecurity interns in agencies across the state;
  • Direct the state CIO or CISO to conduct a formal evaluation of the merits of outsourcing more security functions to private vendors;
  • Reclassify cybersecurity and modernize job descriptions to align with the private sector;
  • Exempt cybersecurity positions from civil service pay scales to improve competition with private sector salaries;
  • Encourage schools to seek National Security Agency certification as Centers of Academic Excellence;
  • Identify, establish, and promote mid-career training programs to expand the talent pool beyond college graduates to include older individuals that are more likely to stay local;
  • Identify all current cybersecurity related offerings at all in-state schools;
  • Identify major employers who can assist in curriculum development;
  • Convene K-12 principals and local technology businesses to attract local adjunct instructors who can help alleviate the shortage in instructors; and
  • Work with community colleges to increase the availability of transferrable, two-year cybersecurity degrees.
  • Provide veterans with access to cybersecurity training and skill development.
  • Partner with the private sector to develop cyber apprenticeship programs.