The Center for Security and Emerging Technology (CSET) offers the following submission for consideration by the Office of the National Cyber Director. CSET is a policy research organization within Georgetown University’s Walsh School of Foreign Service. We produce data-driven, nonpartisan research and analysis at the intersection of national security and technology. We have organized our response as general recommendations concerning the topics mentioned in the Request for Information and more specific feedback according to sub-areas. We appreciate the opportunity to offer these comments, and we look forward to continued engagement with the ONCD.

We offer the following recommendations related to specific questions in the RFI:

1. To conduct effective outreach through educational programming, cybersecurity competitions are an effective yet underutilized tool for students to access and engage with tools and education. Generally, competitions are an opportunity to incentivize growth, exploration, or knowledge advancement in a particular area.¹Major national K-12 cybersecurity competitions promote cyber education through competitive challenges and encourage students to pursue extracurricular study of cybersecurity.²Students have the opportunity to gain or develop practical and industry-relevant cyber skills outside of the classroom in more realistic situations. Supporting cyber competitions at the K-12 and postsecondary levels can improve learning pathways to careers, increase the number of cyber-related educational programs across higher education, and easily scale outreach initiatives. One known limitation is the availability of trained teachers and mentors. The government’s strategy must address a national shortage in qualified and prepared K-12 educators.³
2. Professional certifications are a critical component of the modern cyber skillset and should be incorporated into the national cyber education and training strategy. On the workforce supply side, certifications allow workers to demonstrate skill competency to potential employers and are often necessary to progress in a cyber career. On the demand side, they serve as important credentials that employers use to assess candidates’ qualifications. However, the certification landscape is expansive, training and preparation can be expensive and time-consuming, and job seekers often lack information about which certifications are most valuable to their career development. The strategy should take these factors into account when evaluating certifications as an educational and professional training tool. Future in-depth cyber workforce research is also necessary to examine the role of certifications as hiring credentials and how they can serve as both a bridge into the cyber workforce and a potential barrier to entry.
3. The forthcoming national strategy should prioritize the funding and promotion of cyber workforce data initiatives that complement existing projects such as CyberSeek. Comprehensive public-facing cyber workforce data remains elusive, resulting in knowledge gaps on the part of both employers and workers.CyberSeek, a National Initiative for Cybersecurity Education (NICE) initiative in collaboration with Lightcast and CompTIA,⁴U.S. Congress, House, Research and Development, Competition, and Innovation Act of 2022, HR 4346, 117th Cong., 2nd sess, https://www.congress.gov/117/bills/hr4346/BILLS-117hr4346enr.pdf.[/efn_note]—which funds CyberSeek—and the National Center for Science and Engineering Statistics (NCSES). CyberSeek can serve as a model for this and future data initiatives, and new cyber workforce data collection should complement CyberSeek’s access to private sector data.
4. The National Centers of Academic Excellence in Cyber (NCAE-C) are leading efforts to produce cyber talent, but there are gaps in opportunity. NCAE-C institutions are recognized as leaders in promoting higher education in cyber and related fields. Not only does this consortium of NSA-accredited institutions graduate cyber talent, but it also prioritizes additional initiatives such as K-12 curriculum and pathway development, faculty professional development, regional hubs, and scholarship programs. However, in the absence of legislation specifying support, the NCAE-C does not receive annual funding for these broader initiatives. Advocacy with Congress for annual funding will ensure the NCAE-C can continue its efforts to improve education and training, scale effective cyber skills development, and increase faculty skills.
5. The National Science Foundation’s CyberCorps program should expand its efforts to attract, recruit, and retain cyber talent. Federal cyber scholarship-for-service programs, like the National Science Foundation’s CyberCorps, create critical talent pipelines to the federal, state, local, and tribal government cyber workforce. However, this program is not active in all U.S. states and territories, nor is it active at every NCAE-C institution. To improve recruitment, hiring, and retention, the national strategy should encourage and prioritize program expansion while identifying and amplifying others like it. Furthermore, data from this program is not widely public or comprehensive. At a minimum, data should include demographic information, award amount per student, specific fields and programs of study, student types (undergraduate, graduate, etc.), obligation fulfillments, and retention so that better metrics can be developed to assess the value of financial investments in cyber training and education. The Cyber Solarium Commision 2.0 also has made these recommendations.⁵

1. Ali Crawford and Ido Wulkan, “Federal Prize Competitions” (Center for Security and Emerging Technology, November 2021). https://doi.org/10.51593/2021CA002
2. Kayla Goode, Ali Crawford, and Christopher Back, “U.S. High School Cybersecurity Competitions: Building Cyber Talent Through Extracurricular Activities” (Center for Security and Emerging Technology, July 2022). https://doi.org/10.51593/2021CA012
3. Computer Science Teachers Association, “The Computer Science Teacher Landscape: Results From a Nationwide Teacher Survey,” 2020, https://csteachers.org/documents/en-us/e1d6ac1e-3ae1-4ac1-983d-aaffdacd03c1/1/
4. CyberSeek homepage, accessed 21 October 2022, https://www.cyberseek.org/.[/enf_note]is a positive outlier because it is publicly accessible and brings together data about current workforce statistics, job openings, requested credentials, career pathways, skills, and education providers. The recent CHIPS and Science Act of 2022 calls for the establishment of a cyber workforce data initiative led by the National Institute of Standards and Technology (NIST)
5. Cyber Solarium Commission 2.0, Workforce Development Agenda for the National Cyber Director,” p.9, June 2022, ​​https://cybersolarium.org/wp-content/uploads/2022/05/CSC2.0_Report_WorkforceDevelopmentAgenda_FullText.pdf