Skills-based Hiring Can Address Cyber Workforce Shortfalls

On an overwhelmingly bipartisan basis, the House of Representatives on October 2 passed the Modernizing the Acquisition of Cybersecurity Experts Act, which would eliminate all minimum educational requirements for federal cybersecurity positions. If signed into law, this bill would help federal agencies attract non-traditional but highly skilled candidates.

The act is designed to tackle the cybersecurity talent shortage across the federal government by making it easier for candidates without bachelor’s degrees to apply for jobs. The bill allows federal agencies to consider a candidate’s education only if it helps satisfy the minimum job qualifications. Removing college degrees as a job requirement for cyber positions often makes sense because candidates can obtain the necessary knowledge and skills through certification programs, apprenticeship programs, and other on-the-job training, not just through a four-year degree. It also allows hiring managers to consider other qualifications besides an academic degree to distinguish qualified candidates from unqualified ones.

The federal government has already taken steps to emphasize job-specific skillsets rather than educational requirements when hiring for federal cybersecurity positions. Last year, the Office of Personnel Management released guidance on skill-based hiring, aiming to attract a diverse range of candidates and remove employment barriers for historically under-represented groups. In July, the White House released the National Cyber Workforce and Education Strategy to address hiring and retention difficulties. The strategy emphasizes the need for a standardized approach to hiring based on skillsets rather than relying solely on traditional indicators like education levels, years of experience, and industry-recognized certifications, which can cost hundreds of thousands of dollars.

The White House strategy also commits the administration to establishing a Federal Cyber Workforce Development Institute to address hiring and retention challenges by offering skills-based training to federal cybersecurity employees. The institute, which would offer a specialized curriculum for reskilling and upskilling entry-level and mid-career employees, aims to help retain employees while also accelerating their cyber career advancement for distinguished personnel for potential employment opportunities elsewhere in federal service. The institute would also provide continuing education for mid-career and senior talent as a complement to their hands-on experience.

To facilitate skills-based hiring, the institute should also train human resources (HR) personnel responsible for hiring cybersecurity personnel so that they know how to spot talent without relying on traditional indicators like four-year degrees. Those who hire should also receive training on the collection and management of data about cybersecurity positions to gather an accurate assessment of federal cyber workforce gaps. This would enable HR personnel to develop tailored outreach programs and connect departments and agencies to each other to collaborate on cybersecurity hiring and training initiatives to build the cyber workforce of the future.

Jiwon Ma is a program analyst with the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD). For more analysis from the author and CCTI, please subscribe HERE. Follow Jiwon on X @jiwonma_92. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.