House bill would give CISA millions to diversify cyber workforce
The notoriously homogenous cybersecurity field would get help from the federal government to diversify its ranks under new legislation backed by dozens of House Democrats.
The Diverse Cybersecurity Workforce Act of 2024, introduced Wednesday by Democratic Reps. Shontel Brown of Ohio and Haley Stevens of Michigan, would provide the Cybersecurity and Infrastructure Security Agency with $20 million annually to create a program to promote cyber jobs to disadvantaged communities.
The bill, which has 32 House Democratic co-sponsors, aims to make cybersecurity jobs more available to women, racial and ethnic minorities, older individuals, veterans, people with disabilities, geographically and socioeconomically diverse communities, people with nontraditional educational backgrounds and those who were formerly incarcerated.
Brown said in a statement that having a more diverse cybersecurity workforce would make the United States safer and also bring economic benefits to disadvantaged communities and the country as a whole.
“There are hundreds of thousands of good-paying, American cybersecurity jobs that need to be filled, and we will only meet this need by encouraging a wider set of people to work in this growing field,” she said. “We have a diverse country, and we need a cybersecurity workforce that reflects our people, bringing new ideas, backgrounds, and experiences to the table. Workforce diversity is essential to a strong, secure, shining nation that can protect us from a range of threats now and into the future.”
Within 180 days of the bill’s enactment, CISA would be required to establish the new promotional program as part of its Cybersecurity Education and Training Assistance Program. CISA’s director would be charged with promoting the new program with outreach to educators, unions, chambers of commerce, state and local workforce development offices, private sector entities, community colleges, parents of K-12 students and other institutions.
The $20 million in appropriations would start in fiscal year 2025 and continue each year through FY2030.
Although demand for cybersecurity workers has easily outpaced supply in recent years, with estimates of hundreds of thousands of current openings in the United States, the field remains dominated by white men. According to the Aspen Institute, just 9% of cybersecurity workers are Black, while only 4% are Hispanic and 1% are Indigenous. Roughly a quarter of cyber jobs are held by women, according to the think tank.
There are also longstanding salary disparities within the cyber workforce, with women and racial minorities making less than their white, male counterparts — though a recent study from the nonprofit ISC2 found that the gaps are narrowing. Per Labor Department data, the median annual wage for information security analysts is over $120,000.
The Biden administration has taken several steps over the past year to address the problem head on, including with the release of a National Cyber Workforce Education Strategy last summer.
National Cyber Director Harry Coker announced during a White House event last month that federal agencies by next summer will shift toward skill-based hiring — as opposed to considering degrees or years of experience — for IT jobs. Coker previously revealed that he was working with the Office of Management and Budget to scrap the four-year degree requirement for some federal cyber contracting jobs.
“We need to make cyber jobs more available and attainable for groups that traditionally haven’t been recruited and developed,” Coker said during a January speech at the Community College of Baltimore County. “The only way we can defend the digital systems that lay the foundation for our modern way of life is to be sure that every American and people from every community have a pathway to a cyber-based career.”
Wednesday’s bill follows other recent efforts on Capitol Hill to bolster the cybersecurity workforce, including bicameral, bipartisan legislation introduced last year to expand cyber opportunities via a CISA apprenticeship program and a Department of Veterans Affairs pilot program.
Stevens said in a statement that empowering CISA to boost its recruitment of underrepresented populations would go a long way toward protecting U.S. security interests, representing “a win for everyone.”
“In order to ensure the security of our cyber infrastructure we need to have the best workforce possible and that means employing Americans of all backgrounds,” she said.
