As the risk of cyber-attacks increases, it is crucial that Governors support the development of a strong cybersecurity workforce by understanding the current workforce, identifying critical roles, developing career pathways and quality credentials, and collaborating with a variety of partners to address the workforce gap. This page will serve as a resource to support Governors in this effort.
Cybersecurity Credentialing and Education Pathways Summit
In November 2023 in Washington D.C., the National Governors Association convened convened advisors from 14 states, along with federal, industry and organizational partners, to discuss the development of cybersecurity talent. This meeting was generously funded by the Western Governors University and built on previous partnership between NASCIO and NGA focused on the cybersecurity workforce gap. The convening was focused on leveraging the expertise of NGA Partners to share best practices in developing career pathways and tools to meet the needs of this workforce. Over the course of two days, state advisors and other experts focused on the current workforce landscape, learned to utilize tools like the NICE Framework to strengthen the cybersecurity workforce, and heard from state and private sector experts regarding their unique talent challenges.
Reflecting on the convening, NGA Center staff have compiled a list of resources regarding general cybersecurity workforce data; materials for teachers, parents, and students; initiatives in various states; and more. Below is a compilation of resources highlighted at the event and collected from attendees.
Resources
Current Cybersecurity Workforce Landscape
CompTIA
- Read State of the Tech Workforce, the definitive guide to national, state, and metropolitan area tech workforce analytics.
CyberSeek
- Cyberseek helps workers, employers, educators, students, policy makers, etc. understand the current cybersecurity working landscape and labor market. Providing interactive tools and data, Cyberseek can be used to close the cybersecurity skills gap. This resource is a joint initiative of the National Institute of Standards and Technology’s NICE program Lightcast and CompTIA.
Lightcast
- Securing a Nation: Improving Federal Cybersecurity Hiring in the United States: Lightcast’s report provides an analysis of the current cybersecurity workforce landscape and highlights specific steps that the federal government can take to effectively address talent shortages in this sector.
- The Bolstering Digital Defenses report provides data on the increasing number of cybersecurity threats that exist. It looks at different hiring methods to fill the talent gap including using community colleges to grant cybersecurity degrees, pursuing a skills-first hiring model, and active intervention addressing the gender gap in the cybersecurity workforce.
Microsoft
- The Microsoft Digital Defense Report provides a comprehensive look at the state of cybersecurity today, the rise of nation state threats, challenges in addressing cybersecurity threats, and finding ways to unite against threats to digital security.
Opportunity@Work
- STARs are workers who are Skilled Through Alternative Routes, including cybersecurity workers. STARs are active in the labor force, have a high school diploma or equivalent, and have developed their skills through alternative routes such as community college, apprenticeships, bootcamps, and most commonly, on-the-job experience.
Learn more about STARs and hear their stories. - Read a series of reports on who STARs are, what skills they have, and their experiences in the labor market.
- STARSight, the STARs strategy dashboard, can provide you with insights you need to unlock half of the United States’ workforce. Learn more about who STARs are, where they live and work, what skills they have, and how to tap into and/or build pathways for STARs through this interactive tool.
NGA Publication Highlight
The NGA Center for Best Practices Energy Team, Workforce Development & Economic Policy Team, and Post Secondary Team published a recent report on the energy cyber workforce and the role Governors can play in developing the field.
You can read the full brief here: https://www.nga.org/publications/energy-cyber-workforce-policy-brief/
For Educators
To meet cybersecurity workforce demands, educators must have the proper tools and resources to teach and upskill current and future workers. The following resources can serve as a guide for teachers looking for professional development opportunities in the cybersecurity space.
College Board
AP’s Career Kickstart – Career Kickstart aspires to expand the successful AP model to the career and technical education space by offering high schools a new set of career-oriented courses and exams.
- Learn more about Career Kickstart here: https://apcentral.collegeboard.org/about-ap/outreach-and-collaborations/career-kickstart?excmpid=vt-00312
- Learn more about the Career Kickstart Cybersecurity Pilots here: https://apcentral.collegeboard.org/about-ap/outreach-and-collaborations/career-kickstart/2024-25-cybersecurity-1-networking-pilot
CYBER.ORG
- Created by the Cyber Innovation Center, CYBER.ORG is an academic resource for students and teachers interested in cybersecurity. This includes career exploration, workshops, events, videos, and more.
Microsoft
- The Microsoft Philanthropies TEALS Program partners industry volunteers with computer science and cybersecurity teachers in high schools. Volunteers can deliver instruction, support during labs, and provide insight into the field.
- The CodePath Community College Cybersecurity Program, in partnership with the Microsoft TEALS Program, brings industry professionals and instructors together to teach real-world cybersecurity skills. By participating in the program, a community college’s CS program will establish valuable industry connections and offer an up-to-date curriculum that directly benefits your students. All at no cost to colleges and students.
- Accelerating Community College Cybersecurity Excellence (ACCCE) is a collaborative project between Microsoft and the National Cybersecurity Training and Education Center (NCyTE). ACCCE supports efforts to expand and diversify the United States’ cybersecurity workforce through providing resources, mentorship, and professional development opportunities to current and potential community college faculty interested in becoming cybersecurity instructors or enhancing their skills and experience if already in the cybersecurity field.
- Microsoft Learn for Educators enables teachers to bring Microsoft Official Curriculum and the instructor-led training materials into the classroom to build students’ technical skills for the future.
- Microsoft’s Cybersecurity Skills page features training, professional development, and mentorship opportunities: https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity-skills
National Center of Academic Excellence in Cybersecurity (NCAE-C)
- Managed by the National Security Agency/Central Security Services’ National Cryptologic University, the National Centers of Academic Excellence in Cybersecurity is a program that designates institutions based on their cybersecurity educational programs in order to standardized and prepare the future cybersecurity workforce. Within this community of designated institutions, individuals can engage with partners on current news, career advice, learning opportunities, program development, and more. Learn more about the Center’s resources by clicking the links below.
- CAE Initiatives: https://www.caecommunity.org/about-us/cae-initiatives
- National Centers: https://www.caecommunity.org/about-us/cae-national-centers
- Cyber Scholarship Program: https://www.dodemergingtech.com/dod-programs/cyber-scholarship-program-cysp/
For Students
To upskill the current cybersecurity workforce and train future generations, there are many programs and resources that can be used to meet this moment. The following resources are for individuals just starting to gain interest in the field, who want to fine-tune their skills, or are looking for a particular certificate or training.
CYBER.ORG
Created by the Cyber Innovation Center, CYBER.ORG is an academic resource for students and teachers interested in cybersecurity. This includes career exploration, workshops, events, videos, and more.
Cybersecurity and Infrastructure Security Agency (CISA)
CISA offers several training, education, and career development programs for professionals and the general public. Additionally, they have multiple initiatives to strengthen the cybersecurity workforce. Starting points to several of their resources can be found linked below.
- CISA Training: https://www.cisa.gov/cybersecurity-training-exercises
- Cybersecurity Education & Career Development: https://www.cisa.gov/topics/cybersecurity-best-practices/cybersecurity-education-career-development
- National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework: https://www.cisa.gov/national-initiative-cybersecurity-education-nice-cybersecurity-workforce-framework
- National Initiative for Cybersecurity Careers and Studies (NICCS): https://niccs.cisa.gov/cybersecurity-career-resources/additional-resources
Microsoft
- Microsoft’s Cybersecurity Skills page features many opportunities. https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity-skills
- The Microsoft Cybersecurity Scholarship Program supports community college degree and industry certificate completion through financial assistance (up to $500) and subsidies for cybersecurity certification exam costs (up to $375). https://aka.ms/Cyber-Scholarship
- Cybersecurity Awareness Month opportunities from across Microsoft. https://aka.ms/Cybersecurity-Awareness
- Earn a Career Essentials Certificate in Cybersecurity by Microsoft and LinkedIn. Available to all at no cost after signing in with a free LinkedIn account until 2025. Discover the skills needed for a career in cybersecurity, gain a solid understanding of commonly used cybersecurity terms, explore the current threat landscape, and learn the core concepts of cybersecurity. https://aka.ms/Cyber-Pathway
- 30 Days to Learn It challenge in Security gives learners the opportunity to work through learning modules, and exchange ideas with peers through a global community forum. Learners could be eligible for 50 percent off the cost of a Microsoft Certification exam by completing the challenge within 30 days. https://aka.ms/30-Days
- NICE Challenge Malicious Malware: The Evil Email Edition is a hands-on, real-world cybersecurity scenario designed to bring the workforce experience to students before they enter the workforce. In this challenge the participant will act as a Cyber Defense Analyst at a small web development company. https://aka.ms/NICE-Challenge
- Minecraft Education’s cybersecurity curriculum helps learners of all ages become cyber heroes – protecting their data, using the Internet safely, and modeling digital citizenship. https://aka.ms/Cyber
- GitHub Security and Monitoring module explores industry standard tools that keep your code safe, your permissions secure and your infrastructure monitored so that you can confidently scale your brilliant ideas. https://education.github.com/experiences/security_monitoring
National Center of Academic Excellence in Cybersecurity (NCAE-C)
Managed by the National Security Agency/Central Security Services’ National Cryptologic University, the National Centers of Academic Excellence in Cybersecurity is a program that designates institutions based on their cybersecurity educational programs in order to standardized and prepare the future cybersecurity workforce. Within this community of designated institutions, individuals can engage with partners on current news, career advice, learning opportunities, program development, and more.
- Institution Map: https://www.caecommunity.org/cae-map
- In alignment with the NCAE-C, the U.S. Department of Defense’s GenCyber program provides cybersecurity content to students and teachers. These are no cost programs for participants.
SANS Institute
- SANS Institute offers several free cybersecurity resources. The page includes links to webcasts, blogs, tools, and more.
- If you are new to the cybersecurity, SANS Institute has an entire page dedicated to how to get started, introductions to career pathways, future events, and courses to take.
For Employers
To upskill the current cybersecurity workforce and train future generations, there are many programs and resources that can be used to meet this moment. The following resources are for individuals just starting to gain interest in the field, who want to fine-tune their skills, or are looking for a particular certificate or training.
Business Roundtable
- Business Roundtable recently released a playbook directed at employers looking to strengthen the cybersecurity talent pipeline. The playbook highlights:
- A Skills-Based Cybersecurity Talent Strategy
- Partnerships Across Sectors to Equip and Recruit Cybersecurity Talent
- On-Ramps to Cybersecurity Careers for Existing Employees
Cybersecurity and Infrastructure Security Agency (CISA)
- CISA offers several training, education, and career development programs for professionals and the general public. Additionally, they have multiple initiatives to strengthen the cybersecurity workforce. Starting points to several of their resources can be found linked below.
- National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework: https://www.cisa.gov/national-initiative-cybersecurity-education-nice-cybersecurity-workforce-framework
- National Initiative for Cybersecurity Careers and Studies (NICCS): https://niccs.cisa.gov/cybersecurity-career-resources/additional-resources
Per Scholas
- Per Scholas offers support for employers’ tech talent acquisition efforts through their Cybersecurity Registered Apprenticeship Program. Whether you want to hire apprentices for specific roles or are interested in exploring the benefits of apprenticeship initiatives, Per Scholas will guide you through the process and customize their program to meet your organization’s needs. They can cater to your local or national needs with over 20 campuses nationwide.
Federal and State Strategy
Federal
Full National Cybersecurity Strategy
President Biden’s cybersecurity strategy seeks to create a secure cyberspace with a specific focus on the following topics:
- Protecting critical digital infrastructure
- Disrupting and dismantling threats to American interest
- Ensuring that market and digital forces work in tandem
- Establishing international partnerships with shared goals.
National Cyber Workforce and Education Strategy
The national cyber workforce and education strategy considers ways to strengthen the cyber workforce and transform cyber education, focusing primarily on the following topics:
- Connecting people to high-quality jobs,
- Promoting a skills-based hiring approach
- Fostering collaboration between employers, educators, government and other key stakeholders.
State
NY State Cybersecurity Strategy
New York’s cybersecurity strategy provides a framework for unifying cybersecurity and resilience activities of stakeholders, with the goal of driving down cyber risk across the State. It utilizes the pillars below as a foundation for this framework:
- Operate state governments securely
- Collaborative with key stakeholders
- Regulate critical industries (ie. the financial sector)
- Communicate cybersecurity advice and guidance
- Grow New York’s cybersecurity and workforce economy
Virginia’s cybersecurity plan consists of a framework that outlines the Commonwealth’s vision, goals, and objectives to mitigate cyber threats. This includes acknowledging the need for a strong cyber workforce. The main goals of the plan include:
- Inventory and Control of Technology Assets, Software and Data
- Threat Monitoring
- Threat Protection and Prevention
- Data Recovery and Continuity
- Security Assessment
This resource page was a collaboration with contributions from the NGA Center for Best Practices Postsecondary Education Team and attendees from NGA’s Cybersecurity Credentialing and Education Pathways Summit. For further information please contact Amanda Winters (awinters@nga.org) or Abigail Rhim (arhim@nga.org).