It’s no secret that most industries struggle to hire and retain cybersecurity talent — across the U.S., more than 755,000 cybersecurity jobs remain open, according to Statistica.
But in the public sector, finding skilled and reliable employees presents a particularly steep mountain to climb. Government agencies are often impeded by long, bureaucratic hiring processes — which include factors such as security clearance and lengthy background checks — compounded by an inability to offer the competitive salaries available in many of their industry counterparts. What’s more, many government agencies are facing a groundswell of employees nearing retirement; in 2022, around 30% of the federal cybersecurity workforce was 55 or older.
It’s all taken a toll. In 2022, the public sector struggled to fill around 40,000 cyber job vacancies — a delta growing ever wider with time.
If there is a silver lining, however, the public sector is no stranger to creative problem solving — and has applied that same “out of the box” innovation to finding sustainable solutions that address the growing talent crisis. Here are just a few of the many ways public sector organizations are thinking outside the box to ensure they have a steady stream of cybersecurity talent at their fingertips.
Student SOCs, and post grad incentives offer new opportunities
Few experiences are more motivating than seeing how you’re making a difference in the real world. To that end, student SOC programs at Louisiana State University, California Polytechnic State University (Cal Poly) and many other U.S. colleges and universities provide hands-on experiences for students to protect university’s systems and data, while simultaneously filling much-needed talent gaps in higher education.
While they’re attending universities, students develop cybersecurity skills in a live SOC environment, tackling security threats and incidents that they might not have otherwise encountered in a standard academic curriculum. But in addition to providing students with a wealth of knowledge and experience, these programs also fill critical gaps in the university’s cybersecurity infrastructure and staffing by employing students who bring a fresh perspective to some of their most pressing security problems. As students are honing and refining their skills, the universities are identifying talent early on and building out talent pipelines to other educational institutions and public sector organizations, which can then be an immediate source of employment once the students graduate.
Thus far, several other colleges and universities nationwide have launched student SOC programs that have helped students cultivate their stills while protecting university data and environments from theft and attack. But the incentives to stay in cybersecurity professions — both tangible and intangible — don’t stop at graduation.
To slow the “brain drain” — the rush of talent lost to competitive jobs in the private sector — some government agencies are offering salary matches where they can, with the hopes that being more aggressive in a competitive job market will help retain early talent security workers who might otherwise seek higher salaries elsewhere.
As an additional incentive, several public sector organizations are also offering student loan repayment or forgiveness programs as part of their comprehensive benefits packages, representing a major advantage over the private sector. For many students coming out of school with a significant amount of debt, knowing that they’ll soon be debt-free comes as a welcome benefit.
But the public sector can also offer several intangible benefits and incentives over private sector industry counterparts as well. For one, public sector jobs tend to be a little more immune to certain market and economic volatilities, making them a bit more insulated from downturns and mass layoffs, even in an uncertain economy fraught with industry shifts and downsizing. Many government and public sector jobs are more reliable, with career paths that can eventually be tenured — and ultimately more secure.
In addition, many public sector jobs provide meaningful and mission-driven work. Instead of being driven by money, graduates who join the public sector are often motivated by the opportunity to make a difference. It’s a labor of love, and working in these organizations allows them to contribute to the greater good, whether by protecting critical infrastructure, ensuring national security, or serving the greater public interest.
AI and automation become talent force multipliers
With limited talent pools, public sector organizations need to use their expertise and resources strategically — and often sparingly. To fill in the day-to-day gaps, however, the public sector is leaning on technologies like AI and automation to perform routine, repetitive or administrative functions that they don’t have the time or staffing to accomplish. Many functions like incident response, malware analysis and process documentation among others, can all be automated, which in turn frees up analysts to focus on high-level security investigations and other mission-critical tasks that protect and drive the business.
Meanwhile, government mandates on AI are paving the way, from the President's Executive Order on AI in October 2023, to legislation at the state level requiring new sets of guardrails and standards for secure AI adoption. Among other things, these new laws will require agencies to thoughtfully prepare an inventory of non classified and non sensitive current and planned AI use cases.
These mandates also mean that more public sector organizations have the green light to implement AI infrastructure safely and securely across public safety, healthcare, transportation, education, and many other government sectors. To help address the talent crisis, for example, technologies like natural language processing can help organizations with skills matching for open jobs, and then AI algorithms can provide personalized job recommendations based on user input and opportunity descriptions.
Training, upskilling and partnering offer strong foundation
Public sector organizations are already adept at using the resources that they have available — so when it comes to talent shortfalls, it stands to reason that they are being smart about what they already have. Government agencies are increasingly offering cybersecurity and AI training for people already in public sector jobs who may not have had a formal role in those disciplines before. They’re also reskilling and upskilling their current workforce in certain areas like cloud as organizations move away from on-prem environments while providing much-needed training to upscale their IT staff to broaden the base of cyber security knowledge within the organization.
To formalize training, public sector organizations are establishing cyber security academies or training centers that offer intensive programs to help rapidly develop those skills. They also cultivated apprenticeship programs, which combine formal education and training with actual on job training that allow participants to rotate or shadow other different parts of the agencies or departments to uplevel their skill sets.
Of course, public sector organizations recognize that to overcome talent challenges, they can’t go it alone. In addition to partnering with educational institutions, public sector organizations are working with private sector entities, such as Splunk, to try to close some of the gaps, while also increasingly leaning on consultants, third parties and retired experts that they are bringing back into their workforce as strategic advisors.
The public sector’s talent shortages are real and won’t go away anytime soon. But public sector and government organizations are also in no short supply of creativity and innovation that will not only close some of the most significant gaps, but build out an even bigger, long-term pipeline to ensure a sustainable future for subsequent generations of workers — one that will enable them to grow and thrive.
For more insights on how the public sector is addressing talent shortages, read the State of Security 2024: The Race to Harness AI.
