CISA would get millions for cyber workforce outreach to underserved communities under new bill
The measure comes amid concerns from cybersecurity officials and professionals over how workforce diversity gaps may threaten U.S. cyber defenses.
A bill being introduced Wednesday would require the Cybersecurity and Infrastructure Security Agency to stand up a program focused on cyber workforce opportunity outreach to underprivileged communities and gives the agency $20 million per year to conduct the efforts.
The Diverse Cybersecurity Workforce Act led by Reps. Haley Stevens, D-Mich. and Shontel Brown, D-Ohio would task CISA to house the initiative in its existing Cybersecurity Education and Training Assistance Program on grounds that the American cyber workforce landscape is not diverse enough and that overall workforce shortages pose risks to U.S. cybersecurity posture.
The proposed measure, which has 32 other cosponsors, directs CISA to conduct outreach to disadvantaged groups, including veterans, racial or ethnic minorities, people with disabilities and formerly incarcerated individuals, according to bill text first seen by Nextgov/FCW.
The cosponsors are all Democrats, a staffer in Brown’s office said, adding they will be working to get GOP colleagues to back the measure. The bill currently does not have a Senate companion measure.
CISA would also be required to update Congress annually on the efforts, which would involve discussions with schools, unions, chambers of commerce and other entities. The annual $20 million in funding would continue through 2030. Once the bill is signed, the agency would have 180 days to kick off the program.
“We have a diverse country, and we need a cybersecurity workforce that reflects our people, bringing new ideas, backgrounds, and experiences to the table. Workforce diversity is essential to a strong, secure, shining nation that can protect us from a range of threats now and into the future,” Brown said in a statement.
Her office added they are not working to include the bill in the must-pass National Defense Authorization Act.
Over 448,000 jobs were listed in cybersecurity between February 2023 and January 2024, according to Cyberseek, a cybersecurity employment and education resource backed by the National Institute of Standards and Technology. Nearly 5,000 of those positions were listed for the federal public sector alone in that time period.
The White House’s Office of the National Cyber Director has also been focused on the cybersecurity workforce. It released a cybersecurity workforce-focused strategy in 2023, which included action items meant to address diversity, including leveraging community colleges.
Women make up about half of the U.S. workforce, but only 26% of the cybersecurity workforce, that strategy noted. Black, Hispanic, rural workers and people with disabilities also are underrepresented in the cybersecurity workforce, it adds.
Ensuring that women are better represented in the cybersecurity field will require not only addressing barriers keeping women out of the workforce now, but also ensuring that women feel included once they are in the workforce, current women tech and cyber leaders said earlier this year.
“The lack of diversity is a symptom of the lack of inclusion,” said Lynn Dohm, executive director of Women in Cybersecurity, a nonprofit membership organization.
Ultimately, the makeup of the cybersecurity workforce also impacts national security, former White House cyber workforce official from ONCD, Camille Stewart Gloster, recently said.
“I am concerned with the move to not address diversity head on. I think that is a loss, especially in national security spaces. For cybersecurity in particular, understanding technology and context means understanding people, and the best proxy for that is to have diverse representation in your staff,” she said at the time. “The absence of that focus — ignoring where you have gaps in terms of skill sets, backgrounds, genders and ethnicities — is really a disservice to the work.”
A CISA spokesperson declined to comment.