In a remarkable confluence of events, the White House released their much-awaited cybersecurity executive order less than a day before the outbreak of a massive global ransomware attack. Amidst the quickly moving news, even experts may be forgiven for missing Section 3(d) of the executive order — the final paragraphs before the document gives way to definitions and formalities. This section calls for an interagency report due to the White House within 120 days with findings and recommendations for developing the cybersecurity workforce. The topic may seem like an unsexy afterthought, but is poised to become one of cybersecurity's most critical challenges.
Current data shows a talent shortfall of 40,000 unfilled cybersecurity jobs per year in the United States, with a growing international talent gap to match. When taken in the context of national security, this skills gap has some very unsettling real-world consequences. As high private-sector salaries and enticing intelligence community job descriptions draw in the limited population of trained workers, other employers are pushed out of the hiring market. This is especially true for small businesses and state governments, many of whom control very valuable and sensitive data sets and systems (for example, drivers' license and voter registration databases).