The White House’s upcoming cybersecurity workforce strategy — which will build upon the recently released National Cybersecurity Strategy — will focus on educating all Americans, starting with K-12 schools, on how to be more cyber-aware and participate in the cyber workforce outside of the traditional STEM degree route.
The goal is to enable every American to see themselves in a cyber career, especially women and minorities. Because the U.S. suffers from a severe cybersecurity workforce shortage with upward of half a million open positions, the Biden administration considers closing this gap a national security priority.
“We can't have a cyber workforce if we aren't addressing cyber all the way,” Assistant National Cyber Director for Planning and Operations Caitlin Clarke said during the closing fireside chat of GovCIO Media & Research’s annual Women Tech Leaders Summit on April 13 in Washington, D.C. “That is going to take a whole of nation approach to bring cyber education. We have made strides there, but we want to have a focused effort on revamping education from K-12 into higher ed to look at what are we teaching, how do we broaden the understanding of cybersecurity as not just engineering and developing, and then expand on the workforce piece in terms of the national cyber workforce, how can we work with apprenticeships and other levers that we can work with the private sector to open up where we can pull people from, and then finally looking internally at the federal government and our federal workforce and strengthening our federal workforce.”
During a lightning rounds session at the summit, FBI Deputy Assistant Director for Cyber Cynthia Kaiser said "countering cyber threats is the national security issue of our lifetime," highlighting the need for a strong, diverse cyber workforce and encouraging women to apply for cyber jobs.
Cybersecurity Needs Women
Women bring highly desirable skills to the cybersecurity field and don’t need a STEM degree to work in cyber, Clarke added.
“In addition to my job, I have three children under the age of 10 and two dogs and a husband — [as women] we have full time jobs that we do during the day and then we go home and we have another full time job, right? We have the ability to prioritize, triage and attack problems in a way that I think makes us unique and we bring our whole selves to our jobs,” Clarke said. “Those skills are necessary. The ability to say okay, yes, the world is on fire, but let's take this one step at a time, we are going to address what needs to be done first and we will continue from there.”
Clarke encouraged women interested in cyber careers to be more confident about applying to jobs they may not be 100% qualified for.
“I don't see a lot of men hesitating from putting their resume in for jobs sometimes on a flyer,” she said. “We have to take that leap of faith sometimes.”
Clarke also pushed back on the idea of a cyber career being akin to the role of Chloe, a character on the Fox TV show “24.”
“That's not reality,” she said. “What we need are people who are curious, who will look into a problem and try to get to the root cause. We need people with an analytical mindset, understanding the data that's coming in, what does this tell me? Information should be driving decision-making, so what are the decisions we need from our leaders?”
Soft skills and liberal arts degrees are critical to the cybersecurity field, Clarke added, because good communicators need to “translate” tech jargon to decision-makers in the event of a cyber incident.
“If you can communicate, and if you can translate technical speak to decision-makers who may not live every day on a particular virtual web server … I'm not asking you to reverse-engineer malware, I need someone to explain that to nontechnical folks,” she said. “Cybersecurity at its fundamental is about risk management. So if you understand risk, and you understand how to manage risk, you have a home in cybersecurity.”
Diversity Has a Place in Cyber
At first glance, Clarke’s own career path doesn’t align with typical cyber career expectations, which illustrates her point. After obtaining a bachelor's degree in political science and a master’s degree in public policy, Clarke worked at the Department of Homeland Security in preparedness and planning for potential terrorist attacks.
She then continued in a similar role at the Federal Emergency Management Agency (FEMA) before making a major career pivot to focusing on cyber readiness at American Express, where she focused on ensuring people were “ready” and knew their role in the event of a cyber incident, all the way up to the CEO.
“Then I took on the cyber threat intelligence program because I had those linkages to government,” Clarke said. "All of those public-private partnership groups that exist for information sharing, I was our rep to those. And then finally in the piece de resistance of my career in the private sector, I got cybersecurity regulatory engagement. So what that meant was every time we had an exam on our cybersecurity policies and procedures, I was the lead for talking to the government about what our policies and programs and tooling looked like. And then I got the call to say, hey, would you like to come back to government to this new Office of National Cyber Director? And I jumped at it because I thought my background gave me a unique position of understanding how the federal government worked in incident response and planning.”
Clarke said ONCD expects to release its cybersecurity workforce strategy sometime this summer.