State cyber workforce challenges reaching ‘crisis levels’
Connecting state and local government leaders
By marketing themselves better and adapting to remote work, states can attract and retain more cybersecurity workers, a new report suggests.
States should market themselves as employers of choice, adapt to the flexible, remote work schedules brought by the COVID-19 pandemic and reduce barriers to entry if they are to close the cybersecurity workforce gap, according to a new report.
If they prioritize diversity, equity, inclusion and belonging in their recruitment, hiring and retention practices and collaborate with the private sector, academia, nonprofits and other stakeholders, states can build a pipeline of workers for the thousands of cybersecurity vacancies, according to the report by the National Association of State Chief Information Officers (NASCIO) and National Governors Association (NGA).
The organizations began collaborating on this report last year and arrived at their recommendations after convening governors’ policy advisors, state IT and cybersecurity leaders, workers and other experts to share their experiences and best practices. In a statement, NASCIO President and Tennessee Chief Information Officer Stephanie Dedmon said workforce challenges “have reached crisis levels in some states,” and are a “major concern” for all CIOs.
NASCIO and NGA said states must be better at marketing and branding themselves, including by emphasizing their public service missions and the benefits associated with working in government. Public sector employment could appeal to some younger people’s desire to engage in “meaningful work” that makes a difference, experts have said previously.
The report also urged state governments to modernize their working environments by offering more flexible schedules, remote work options and ways to address employee burnout and mental health challenges. Those changes to the workplace are some of the most “enduring impacts” of the COVID-19 pandemic, NASCIO said. Others have suggested these changes could attract workers laid off from the major tech companies.
When hiring, states should focus on diversifying their employee base, including by reworking position descriptions to match job titles more reflective of industry standards. They should also reduce barriers to entry, for example, by removing job requirements that may be outdated or unnecessary, the report said.
Some states have already had success in this area: the Indiana Office of Technology removed degree requirements for most jobs in 2019 and has an apprenticeship program designed to build a pipeline of employees from more diverse backgrounds.
Building that talent pipeline will take significant collaboration with the private sector, academia, nonprofits, the federal government, professional groups and institutions that serve minority groups, NASCIO and NGA said. Through broad partnerships, states will build opportunities for a more robust workforce pipeline and career development options. Educating young students on the importance of cybersecurity is critical to building that pipeline, observers said.
“A lot of kids, they go to school, and they don't really understand why they're there,” said Sean McCann, regional vice president for state and local government and education at cybersecurity company Zscaler, in a recent interview. “I think it's so important to educate folks on cybersecurity, because there's a big gap with jobs. We need cybersecurity professionals, and it's something where you can literally get a job right when you graduate.”
NASCIO and NGA noted that several states have already acted on some of these recommendations as they try to fill their vacant cybersecurity jobs. The report highlighted Kansas’ effort to hire mid-career interns or those who are looking to make a career change, and Texas has rephrased job descriptions, encouraging people to apply for a position even if they believe they do not meet every requirement.
Meanwhile, Maryland has piloted a one-way interview process. Selected applicants are emailed a link to pre-recorded interview questions, and they log in and record their responses on their own time. The practice not only removes scheduling conflicts that unnecessarily extend the application process; it also benefits more neurodiverse candidates who may struggle in traditional interviews.
And Georgia has taken what the report described as a “multi-pronged approach” to closing the employment gap, including by developing a speakers’ bureau of employees who visit schools to raise awareness of cybersecurity jobs The state has also established a year-long fellowship program that involves six months in the public sector and six months in business, funded employee certifications and works with colleges to produce more diverse talent.
In a statement featured in the report, Tamara Mosley, human resources director for the Georgia Technology Authority, called for “a substantial commitment to the equity of education” to address the workforce challenges state governments face.