Reflections: NGA Cybersecurity Pathways Forum

Michele Robinson and I had the privilege of being invited to attend the National Governors Association's Cybersecurity Credentialing and Education Pathways Forum, which took place at the Microsoft Innovation and Policy Center in Washington, DC. The forum brought together state advisor networks, federal partners, post-secondary academic institutions, and workforce development organizations from across the country. The primary goal was to collaboratively chart out effective cybersecurity credentialing pathways, discover groundbreaking programs, and foster valuable partnerships. 

The forum was helpful in validating several strategies Washington’s Cybersecurity Center of Excellence has embarked on over the last year. Here are some of the key highlights and reflections: 

Embracing the NICE framework is crucial for employers to standardize cybersecurity roles and skills. Transitioning from degree requirements to competency-based assessments can address workforce demands, enhance diversity and inclusion, and build cybersecurity pathways. 

Hire missionaries not mercenaries -Experienced managers with 5-7 years of experience are highly sought-after in the cybersecurity filed, causing retention issues for many organizations. Cyberseek.org reports over 570,000 job openings in the last year, with cybersecurity roles taking 21% longer to fill and offering 10% higher salaries compared to other IT positions. Lightcast emphasized the importance of hiring committed professionals over short-term hires, as cyber analysts with at least a bachelor’s degree have a 64% higher turnover rate than those with an associate degree. 

Chip Stewart, former Chief Information Security Officer of Maryland, discovered that eliminating degree requirements, aligning job descriptions with the NICE Framework, and investing in employee training resulted in a more dedicated, loyal, and satisfied cybersecurity staff, even in the face of competitive job offers. Presentations by Accenture and Deloitte support Maryland's approach, emphasizing career-connected learning through apprenticeships and supplementary instruction, effectively meeting cybersecurity workforce needs, enhancing retention, and boosting employee satisfaction.

State-funded cyber ranges are essential for training cybersecurity students and workers. Maryland heavily invested in a statewide cyber range to enhance the skills of educators, students, and the state workforce in CompTIA's Security+ and (ISC)2 CISSP. This resource offers safe and secure access to vital cybersecurity tools and exercises for professional training. Likewise, the CCoE has teamed up with Cyber Range Poulsbo to promote awareness and adoption of this invaluable no-cost tool for Washington schools.

Maryland actively courts Israeli cyber defense startups, while Washington state boasts a thriving tech hub, including giants like Amazon, Microsoft, and Boeing. This vibrant ecosystem sparks thoughts about how our colleges and neighboring communities can attract foreign cybersecurity startups and their innovation. More will be revealed as we embark on maturing Washington’s cybersecurity workforce and community. 

Sincerely,

Brent Lundstrom 

Director – Cybersecurity Center of Excellence