New order promises training and job openings for government staff

President Donald Trump has signed an executive order pledging to improve the US federal government’s cybersecurity workforce.

The order will make steps to strengthen the government’s efforts by providing training for current workers and upskilling workers from other departments.

It reads: “America’s cybersecurity workforce is a diverse group of practitioners who govern, design, defend, analyze, administer, operate, and maintain the data, systems, and networks on which our economy and way of life depend.

“Whether they are employed in the public or private sectors, they are guardians of our national and economic security.”

“The Nation is experiencing a shortage of cybersecurity talent and capability, and innovative approaches are required to improve access to training that maximizes individuals’ cybersecurity knowledge, skills, and abilities.

“Training opportunities, such as work-based learning, apprenticeships, and blended learning approaches, must be enhanced for both new workforce entrants and those who are advanced in their careers.”

Training will include a rotational program for IT and cybersecurity staff members, allowing them to work at different agencies to learn new skills.

The NICE Framework will be the basis of the skills requirements needed to participate in the program.

It will also be incorporated into the IT and cybersecurity contractual language, the order states.

Departments will carry out aptitude tests to identify existing workers that could potentially excel in a cyber career.

This move is a positive step for the Trump administration, which has so far made a number of controversial decisions including axing his cybersecurity coordinator role and allegedly forcing the resignation of Homeland Security secretary Kirstjen Nielsen.

Trump has made efforts, however, to increase spending on White House cyber efforts, recently requesting a $9.6 million security budget.

Skills shortage

The signing of the executive order comes at a time when there are an estimated 300,000 unfilled cybersecurity positions within the US private sector.

The order hints at the widening skills gap, stating that the current shortage of talent and capabilities should be amended with “innovative” solutions.

Based on data from US-based IT security certification group (ISC)2, the worldwide cybersecurity workers shortage is closer to three million.

A report published last year stated that 2.93 million people were needed to plug the gap, putting more and more organizations at risk of security shortfalls.

To put this figure into context, laid from head to toe, the number of additional personnel required to fill the cybersecurity workforce gap around the world would stretch from New York to San Francisco – and beyond, The Daily Swig reported.

In North America, the report suggests there are at least 498,000 jobs unfilled, and 136,000 in Latin America.

These vacant positions put both private and public sector organizations into difficulty – without staff to maintain a level of security protection, they remain vulnerable to various attacks.

John McCumber, director of cybersecurity advocacy in North America for (ISC)2, and co-chair of the NICE Training & Certifications subworking group, said that the order is a step in the right direction, and called for other global governments to implement similar policy.

He told The Daily Swig: “As a nonprofit international association of more than 140,000 cybersecurity professionals, (ISC)² is encouraged that the President’s Executive Order recognizes the importance of and the need for a trained and dynamic cybersecurity workforce that is enabled with a greater degree of mobility to move between the public and private sectors.

“Standardization around the NICE framework and a national call to action are also positive initiatives. It will be important that the requested plans the order calls for not only address information and job sharing between all levels of government, but more importantly outline how new policies will work in practice.

“(ISC)² certification programs provide assurances to employers in the public and private sectors that the professionals they hire have the skills necessary to meet today’s cybersecurity challenges, and our association stands ready to assist in the continued training and certification of a global professional cybersecurity workforce.

“Cybersecurity has no geographic boundaries, and as our members reside in more than 170 countries, it is also our hope that similar measures will be enacted by governments across the globe.” 

RELATED US government agencies now have just 15 days to patch critical security flaws