In July 2023, the White House released the National Cyber Workforce and Education Strategy (NCWES), which was presented as the very first strategy of its kind that aims to build the nation’s cyber talent. As technology takes center stage in Washington during this era of great power competition, the strategy, unlike other documents released by the current administration, focuses on the other essential pillar of cyberspace: people, recognizing that cyberspace is "not only about technology and protocols."
The strategy makes a clear case that filling cyber vacancies is a national security imperative for the United States. The U.S. currently has nearly 700,000 job vacancies in cybersecurity, a concern raised by members of a House Homeland Security Committee subpanel in a hearing last June. “We need not only enough people, but the right people with the right skills in the right jobs to meet the growing cyber threat,” emphasized Rep. Andrew Garbarino (R-N.Y.). The release of the NCWES should be seen within the context of this broader shortage of workers in cybersecurity, in both the public and private sectors. The White House also presented the strategy in line with other bills that the Biden administration has pursued since taking office, such as the Bipartisan Infrastructure Law, the Inflation Reduction Act (IRA), and the Creating Helpful Incentives to Produce Semiconductors (CHIPS) and Science Act.
At its core, the NCWES aims to ignite a new generation of American innovators, equipping all citizens with essential cyber skills and substantially expanding the cybersecurity workforce. Its overarching goals are threefold:
A shift toward skills-based hiring: The strategy advocates for a skills-based approach to hiring, emphasizing competencies over traditional degrees or work experience.
Promoting lifelong learning in cyber skills: Encouraging ongoing education and skills development in the field of cybersecurity, recognizing that the landscape is ever-evolving.
Expanding cyber workforce opportunities to all Americans: Broadening the horizons of candidate evaluation beyond traditional criteria. This includes veterans, parents re-entering the workforce, and retiring first responders, all of whom have the potential to acquire the necessary skills to fill crucial cyber roles.
In remarks delivered during an Atlantic Council event on the launch of the strategy, Rob Shriver, deputy director at the U.S. Office of Personnel Management, underscored the urgency of cultivating top tech talent. He further highlighted the need for federal hiring to transition toward a skills-based approach, effectively eliminating the previous requirements for work experience or degrees as long as candidates can demonstrate the essential skills for the job. These skills, he emphasized, hold value not only in the cybersecurity sector but also across the entire economy.
Moreover, the strategy has a particular focus on bringing rural communities, veterans, historically underrepresented groups, and minorities to the table to work on these critical cybersecurity issues. The strategy also aims to leverage cyber skills and establish a foundational understanding of cybersecurity across the board.
The strategy's approach should be applauded, especially its removal of college education requirements for cybersecurity jobs. This shift expands the definition of qualifications and opens doors to traditionally overlooked candidates, which is fundamental for national security and industry success. The strategy underscores the importance of introducing cybersecurity education through community colleges. This initiative aims to prepare individuals for careers and opportunities in cybersecurity, ensuring a skilled and diverse workforce for the future. The U.S. currently has over 663,000 openings in cybersecurity jobs, but there are enough skilled workers to fill only 69% of these positions.
Beyond the American context, the strategy offers a blueprint for allies and partners that seek to build their own cybersecurity talent pipeline. As it undergoes a process of large-scale digital development and economic diversification, the Gulf region is also grappling with the challenge of cultivating the human capital and talent necessary to power robust and globally competitive cyber sectors. Policymakers and leaders in the Gulf may, therefore, find that the Biden administration’s new Cyber Workforce and Education Strategy offers something of a blueprint to help guide their own efforts.
In particular, a focus on skills-based hiring would be an effective way for governments to avoid reinforcing socioeconomic divides and inequalities and create tech industries that are inclusive of traditionally underrepresented populations — chief among them, women. This is especially true in the Gulf countries, which have been actively working to reduce gender disparities in the workforce more generally. For instance, in 2022, Saudi Arabia's female labor force participation rate reached 37%, representing more than 5 million Saudi women in the workforce, according to the Saudi minister of human resources and social development, Ahmed al-Rajhi, up from 21% five years ago. Countries in the Gulf and across the Middle East also tend to have mostly young populations, so national cyber strategies that combine skills-based hiring practices with an emphasis on continuing, lifelong learning and upskilling may be an effective way to boost current employment and ensure long-term job security.
The U.S. NCWES, introduced in July 2023, aims to address the cybersecurity workforce shortage by emphasizing skills-based hiring and lifelong learning. This aligns with the Biden administration's goals for national security, economic growth, and innovation. The strategy also provides guidance for other nations, particularly in the Gulf region, as they undergo their own digital transformation and work toward gender equality in their workforces. Focusing on skills-based hiring and continuous learning can help bridge socioeconomic gaps and promote inclusive tech sectors, offering opportunities for improved employment and job security.
Mohammed Soliman is the director of the Strategic Technologies and Cyber Security Program at the Middle East Institute, where he leads a global team of scholars to explore the policy challenges associated with the intersection of technology, geopolitics, and business in the Middle East and emerging markets more broadly.
Photo by Sean Gallup/Getty Images
The Middle East Institute (MEI) is an independent, non-partisan, non-for-profit, educational organization. It does not engage in advocacy and its scholars’ opinions are their own. MEI welcomes financial donations, but retains sole editorial control over its work and its publications reflect only the authors’ views. For a listing of MEI donors, please click here.