Connecting state and local government leaders

The Immediate Need to Close the Daunting Cyber Workforce Gap

Stanton Gatewood, Georgia's chief information security officer

Stanton Gatewood, Georgia's chief information security officer Michael Grass / Route Fifty


Connecting state and local government leaders

States have to think creatively to attract and retain the talent they need to respond to cyberattacks and other threats.

AUSTIN, Texas — Here’s an eye-popping statistic to think about: By 2020, there will be a 1.5 million cybersecurity workforce shortage around the world. And that is something being felt acutely in public sector organizations, including U.S. state government agencies.  

“We have an issue, ladies and gentlemen,” Stanton Gatewood, Georgia’s chief information security officer told a gathering at the National Association of State Chief Information Officers annual conference in Texas’ capital city on Wednesday. “We need to work on filling that gap.”

The difficulties public sector organizations face when it comes to recruiting and, more importantly, retaining cybersecurity talent aren’t anything new. It’s something NASCIO has been beating the drum on in recent years.

Ongoing workforce trends, including experienced cybersecurity personnel reaching retirement age and better compensation in the private sector, makes the challenge even more daunting.

“The private sector is sucking the public sector dry everyday,” said Gatewood, who has 33 years of cybersecurity experience in the U.S. military, state and federal governments, higher education and private sector.

Even if state government budgets for cybersecurity increased, it would never be enough to compete with the private sector. State CIOs and other IT leaders need to think of creative ways to get the people they need and build a long-term talent pipeline.

“Our need is immediate,” Gatewood said. To build the cyber workforce of tomorrow, “[y]ou’re just not going to create them or [have them] pop up one day. That’s not going to work.”

One of the regulatory barriers is the high bar that’s often set for cybersecurity certification, which can shut out early-career talent that might be interested in pursuing positions in public sector cyber defense. Gatewood noted that some agency leaders might be setting expectations too high in some cases.

Long term, states and other public sector organizations need to be more aggressive in building higher education partnerships, internships and other efforts to develop cyber training programs or foster K-12 STEM initiatives to better prepare students for cybersecurity certifications.

Gatewood pointed to his own state as an example. The Georgia Cyber Academy is a cross-sector partnership involving the state, local academic institutions and the private sector that aims to build the next generation of cybersecurity personnel.

Michigan’s outside-the-box solution has been to build a volunteer Cyber Civilian Corps, which will help the state respond to cyber threats when they’re needed. 

“If people are not trained, you lose out,” Rajiv Das, Michigan’s chief security officer, told NASCIO attendees on Wednesday.

Das said the Michigan Civilian Cyber Corps currently has 64 members and is aiming to increase that number to 200 by the end of 2018.

Michael Grass is Executive Editor of Government Executive’s Route Fifty and is based in Seattle.

NEXT STORY Senate Committee Approves Automated Vehicle Bill