The federal government and private sector are facing increasing pressure to fill key cyber roles as high-profile attacks and international threats rattle various U.S. sectors.
Workforce shortages have been a long-running issue in cyber, but they have taken on renewed importance amid rising Russian threats stemming from the war in Ukraine.
“It’s an issue that the government faces as well as the private sector, state and local communities,” Iranga Kahangama, a cyber official at the Department of Homeland Security (DHS), said at a House hearing this week.
Kahangama said the shortage has been a top priority for his agency, which conducted a 60-day hiring sprint last summer to hire cybersecurity professionals. Out of 500 job offers DHS sent out, the department was able to hire nearly 300 new cyber workers.
“It was the largest single hiring event we’ve had so far,” Kahangama told lawmakers on a House Homeland Security subcommittee on intelligence and counterterrorism.
The focus on labor shortages comes as the U.S. has been on high alert recently, with intelligence officials warning about possible Russian cyberattacks targeting key government institutions, elections and critical infrastructure, including the energy and finance sectors.
Executives in the private sector are also feeling the pressure to hire highly skilled workers to combat increasing threats from ransomware and other online attacks.
“There absolutely is a shortage for cybersecurity labor across all industries,” said Greg Valentine, a senior vice president at the cybersecurity firm Industrial Defender.
The cyber executive said he’s seen a spike in demand for cyber workers, which he mainly attributes to recent events such as the war in Ukraine, the 2021 Colonial Pipeline ransomware attack and the 2020 SolarWinds hack.
Valentine said whenever there is a security breach that becomes public, executives at companies tend to panic and scramble to get resources and hire more cybersecurity professionals to ensure that their businesses are secure.
He added that it’s not necessarily the breach itself that motivates executives to invest more in cybersecurity, but more the publicity surrounding the hack that pushes industry leaders to take action.
As far as alleviating the current labor shortage — which is caused by demand and growth in cybersecurity outpacing the supply of workers — Valentine warned it will take time.
“It’s not an overnight process,” he said.
Experts who spoke to The Hill said one way to increase the supply of cyber workers is to incentivize students to choose that career path and for the education system to offer more cybersecurity courses and tech-related programs at colleges and universities.
Reed Loden, vice president of security at tech company Teleport, said schools should offer more specialized cyber programs, including boot camps and internships specifically tailored to the field.
Aside from education, Loden said more effort should be placed on recruiting, training and retaining young talent — though he acknowledged that many, including himself, are focused more on getting seasoned workers in a highly competitive market.
“Good talent is already taken,” Loden said
“I would love to be able to hire junior security engineers and mentor them,” he added, “but because I have urgent needs, it’s hard to do right now.”
The labor shortage has encouraged government and the private sector to collaborate more, including on sharing critical information to combat growing cyber threats.
In the past year, the federal government has introduced several key initiatives that encourage public-private partnerships in cyberspace.
For instance, the Cybersecurity and Infrastructure Security Agency (CISA), a subdivision of DHS, launched the Joint Cyber Defense Collaborative in August 2021 in an effort to defend the U.S. against cyberattacks.
CISA has partnered with several companies in the private sector to push forward the effort, which includes implementing nationwide cyber defense strategies, sharing information and mitigating the risks of cyberattacks.
Even the White House has pushed for such partnership. Last spring, President Biden signed an executive order aimed to strengthen and secure federal government networks and critical infrastructure against cyber threats.
The order introduced several key initiatives including facilitating threat information sharing between the government and the private sector.
“Because there’s such a shortage of talent, we need to be working together to defend our networks and systems,” Loden said.