⚡NIMITZ TECH NEWS FLASH⚡

“Preparing the Pipeline: Examining the State of America’s Cyber Workforce”

House Committee on Homeland Security

February 5, 2025 (recording linked here)

HEARING INFORMATION

Witnesses and Written Testimony (linked here):

• Mr. Robert Rashotte: VP of Training Institute and Global Engagement, Fortinet

• Dr. David Russomanno: EVP of Academic Affairs and Provost, University of Memphis

• Mr. Chris Jones: President and CEO, Middle Tennessee Electric Membership Corp

• Mr. Max Stier: President and CEO, Partnership for Public Service

HEARING HIGHLIGHTS

IN THEIR WORDS

SUMMARY OF OPENING STATEMENTS FROM THE COMMITTEES

• Chairman Green stated that the hearing aimed to examine the severity of America's cyber workforce gap and its impact on national security. He highlighted that the shortage of approximately 500,000 cyber professionals leaves critical infrastructure vulnerable to threats from nation-state actors like China, Russia, North Korea, and Iran. He emphasized the need for a new approach to workforce development, including alternative pathways into the field, hands-on training, and a public-private collaboration model. He introduced the Cyber Pivot Act, which seeks to address these challenges, and urged bipartisan support to pass it into law.

• Ranking Member Thompson criticized the Trump administration's handling of federal cybersecurity policies, arguing that hiring freezes and workforce reductions were harming national security. He accused Elon Musk of gaining unauthorized access to federal networks and sensitive American data, alleging that the administration had done little to prevent this. He expressed concerns about the administration's treatment of federal employees, particularly in cybersecurity roles, and its hostility toward diversity initiatives. He announced his intention to introduce two resolutions of inquiry to investigate the administration's cybersecurity policies and their impact on workforce development.

SUMMARY OF WITNESS STATEMENT

• Dr. Russomanno highlighted the persistent challenges in aligning cybersecurity education with workforce needs, citing studies showing that many graduates feel unprepared for the job market. He warned that the private sector’s preference for hiring experienced professionals over new graduates worsens the workforce shortage and creates barriers to entry. He advocated for stronger partnerships between industry, government, and educational institutions to develop a sustainable talent pipeline and improve articulation agreements between applied technology programs and four-year degrees.

• Mr. Rashotte emphasized the urgent need to address the cybersecurity workforce gap, which currently leaves over 500,000 positions unfilled in the U.S. He noted that Fortinet, a major cybersecurity company, has developed an awareness training program for K-12 students to introduce cybersecurity concepts early. He highlighted challenges such as the over-reliance on four-year degrees, the need to attract underutilized talent pools like military veterans, and the high stress levels leading to burnout among cyber professionals. He supported the Cyber Pivot Act, emphasizing its potential to strengthen workforce development through scholarships, internships, and government partnerships.

• Mr. Jones highlighted the cybersecurity challenges faced by electric cooperatives. He noted that rural electric co-ops provide power to critical infrastructure but struggle to attract cybersecurity professionals due to competition from larger firms and limited career development opportunities in rural areas. He praised the Cyber Pivot Act for extending cybersecurity internship opportunities to critical infrastructure in rural communities. He emphasized the need for innovative partnerships and investments to build a local cybersecurity workforce capable of protecting rural America's essential services.

• Mr. Stier argued that the federal government has not kept pace with modern workforce needs, citing outdated pay structures, siloed agency approaches, and gaps in strategic human capital management. He supported the Cyber Pivot Act, likening it to an ROTC-style program for cybersecurity careers, and called for increased exchanges between the public and private sectors to facilitate knowledge sharing. He concluded by warning that current federal hiring freezes and workforce policies are actively harming cybersecurity recruitment, sharing an email from a CyberCorps Scholarship for Service student whose job offers were rescinded due to administrative uncertainty.

SUMMARY OF Q and A

• Chairman Green asked how the cybersecurity workforce gap had impacted their organizations and how expanding the workforce would help. Dr. Russomanno stated that vulnerabilities at the University of Memphis stemmed from human error and that basic cybersecurity competency across all positions would reduce attacks. Mr. Stier warned that the workforce shortage had severe national security implications, as adversaries exploited breaches and leadership needed greater cybersecurity literacy.

  Chairman Green asked about the biggest recruitment hurdles for cybersecurity professionals. Mr. Jones explained that rural electric cooperatives struggled with salary competitiveness and location challenges in attracting talent. Mr. Rashotte stated that while Fortinet had a different hiring landscape, many of its partners struggled to retain experienced cybersecurity professionals.

• Ranking Member Thompson asked how the federal hiring freeze impacted agencies' ability to perform their jobs. Mr. Stier responded that hiring freezes created fear, diminished capacity, and harmed national security efforts.

  The Ranking Member asked how temporary freezes and delays disrupted hiring processes. Mr. Stier explained that they compounded existing inefficiencies, deterred applicants, and damaged the federal government’s reputation as an employer.

  Ranking Member Thompson asked how Dr. Russomanno’s institution protected sensitive information. Dr. Russomanno stated that the Chief Information Officer ensured compliance with FERPA and cybersecurity protections, despite a lean IT team.

• Rep. McCaul asked about the CyberCorps Scholarship for Service program and how the Cyber Pivot Act could enhance it. Dr. Russomanno praised CyberCorps’ impact but suggested expanding internship locations and increasing private-sector involvement. Mr. Stier recommended adding private-sector experience to CyberCorps to strengthen workforce readiness and address the talent gap.

  Rep. McCaul asked how state-level initiatives could improve cybersecurity. Dr. Russomanno suggested adapting the CyberCorps model to state and local levels to expand cybersecurity capabilities.

  Rep. McCaul highlighted utilizing veterans in cybersecurity and reassured the panel that CISA and DoD roles were exempt from hiring freezes.

• Rep. Correa asked how agencies could compete with private-sector salaries and how workforce uncertainty affected recruitment. Dr. Russomanno focused on providing students with career opportunities. Mr. Jones emphasized public service as a motivator but admitted that buyouts harmed recruitment. Mr. Rashotte noted that cybersecurity professionals valued continuous education. Mr. Stier asserted that hiring freezes discouraged recruitment, especially for veterans entering federal cybersecurity roles.

• Rep. Higgins asked how to make cybersecurity more appealing to Gen Z. Dr. Russomanno stressed early education and broadening opportunities beyond computer science and engineering.

  Rep. Higgins asked if students were showing more interest in cybersecurity careers. Dr. Russomanno said visibility was the challenge, while Mr. Rashotte emphasized clear career pathways through public-private partnerships.

• Rep. Thanedar asked about the importance of independent inspectors general (IGs) in government oversight. Mr. Stier explained that IGs ensured accountability, and their removal weakened cybersecurity oversight.

  Rep. Thanedar asked about attracting cybersecurity talent and competing globally. Dr. Russomanno suggested early exposure through dual enrollment programs to create a clear cybersecurity pathway.

• Rep. Luttrell asked if Fortinet could expand cybersecurity education in rural schools. Mr. Rashotte confirmed Fortinet’s K-12 training program was available in 43 states.

  Rep. Luttrell asked if a centralized federal department coordinated cybersecurity workforce initiatives. Dr. Russomanno suggested the National Science Foundation could facilitate partnerships, while Mr. Rashotte highlighted state and local governments' role.

  Rep. Luttrell asked witnesses to streamline workforce strategies and maintain communication. Mr. Jones recommended utilizing cooperatives as facilitators for rural cybersecurity education.

• Rep. Swalwell criticized the Trump administration’s policies for weakening national security and asked if reducing CISA personnel would improve cybersecurity. Mr. Stier responded that the workforce was already in crisis and cutting personnel would further weaken national defenses.

• Rep. Pfluger asked what institutions like Angelo State University could learn to address cybersecurity workforce shortages. Dr. Russomanno stated that cybersecurity training must expand beyond engineering to attract a broader talent pool.

  Rep. Pfluger asked if training programs were sufficient to keep up with cyber threats. Dr. Russomanno stated that more investment was needed, and the Cyber Pivot Act could help scale workforce capabilities.

  Rep. Pfluger asked how internships helped rural students enter cybersecurity. Mr. Jones said internships introduced students to cybersecurity and provided career pathways in rural electric cooperatives.

  Rep. Pfluger asked about cybersecurity threats to the power grid. Mr. Jones confirmed cybersecurity was a top concern, and cooperatives were working with the federal government to bolster security.

  Rep. Pfluger asked what kept Mr. Rashotte up at night and how the Cyber Pivot Act could help. Mr. Rashotte emphasized the need to broaden cybersecurity training beyond traditional roles and industries.

• Rep. Ramirez criticized hiring freezes and asked how federal benefits affected cybersecurity workforce retention. Mr. Stier argued that outdated pay structures weakened recruitment and recommended modernizing the system.

  Rep. Ramirez asked how politicizing the federal workforce through Schedule F would impact national security. Mr. Stier warned that removing nonpartisan civil service protections would lead to corruption and incompetence.

• Rep. Crane questioned Democratic concerns about Musk while emphasizing China’s growing cyber force and asked how Memphis utilized CyberCorps. Dr. Russomanno stated that CyberCorps provided financial support, networking, and career preparation for federal cybersecurity roles.

  Rep. Crane asked how academia, industry, and government could collaborate to keep pace with China. Mr. Rashotte highlighted Fortinet’s free cybersecurity training as a model for expanding access.

  Rep. Crane asked how electric cooperatives balanced financial responsibility with national security. Mr. Jones emphasized that cooperatives prioritized cybersecurity and reliable power service.

• Rep. Magaziner criticized the Trump administration’s cybersecurity hiring freeze and asked if it strengthened national security. No panelist responded, and Magaziner took their silence as confirmation it weakened security.

  Rep. Magaziner asked if panelists were comfortable with unvetted individuals accessing federal financial systems. No panelist defended the actions, reinforcing his concerns about cybersecurity risks.

• Rep. Greene defended merit-based hiring and accused Mr. Stier of promoting DEI in federal cybersecurity roles. Mr. Stier responded that his organization supported both Republican and Democratic transitions, including Trump’s in 2016.

  Rep. Greene asked if Mr. Stier’s organization worked to prevent Trump from firing federal employees. Mr. Stier denied involvement but warned that mass firings could weaken cybersecurity defenses.

  Rep. Greene asked if Mr. Stier’s organization received taxpayer funds. Mr. Stier confirmed it did through government-provided services.

• Rep. McIver asked how hiring freezes impacted cybersecurity expertise across federal agencies. Mr. Stier stated that workforce deficits were worsening, morale was declining, and urgent congressional action was needed.

• Rep. Garbarino asked how early education could improve cybersecurity workforce awareness. Mr. Rashotte stated that cybersecurity training should start as early as kindergarten through integrated lesson plans.

  Rep. Garbarino asked whether CISA or the Department of Education played a role in K-12 cybersecurity curricula. Mr. Rashotte stated that CISA could be involved, but Fortinet focused on teacher-friendly resources.

  Rep. Garbarino asked how alternative training could accelerate workforce entry. Mr. Rashotte highlighted free cybersecurity certification programs as a fast-track option.

  Rep. Garbarino asked how colleges could better align education with workforce needs. Dr. Russomanno emphasized expanding dual enrollment and increasing awareness of technology-driven careers.

• Rep. Goldman criticized the hearing as pointless while cybersecurity jobs were being cut and unqualified individuals accessed government networks.

• Rep. Ogles defended young cybersecurity professionals and asked how to better engage 18-to-20-year-olds in workforce development. Mr. Jones praised the Cyber Pivot Act and emphasized collaboration with educational institutions.

  Rep. Ogles stressed the importance of cybersecurity as a national security issue and asked how universities manage human error risks. Dr. Russomanno stated that cybersecurity training, phishing drills, and vulnerability testing helped protect university data.

• Rep. Johnson stated that the U.S. faces a cybersecurity crisis due to workforce shortages, lack of education preparedness, and inadequate recruitment strategies. Mr. Jones acknowledged the severe threat to rural electric cooperatives and emphasized the need for national-level collaboration to strengthen cybersecurity.

  Rep. Johnson criticized the Trump administration’s hiring freezes and workforce reductions for undermining national security. Mr. Steyer stated that recruiting diverse talent was critical and that DEI initiatives expanded access to cybersecurity careers without lowering standards.

• Rep. Strong discussed his CyberCorps Enhancement Act and asked how extending the program’s participation period would benefit students. Dr. Russomanno supported the extension, stating it would provide more career flexibility and advancement opportunities.

  Rep. Strong asked how the Cyber Pivot Act and CyberCorps Enhancement Act could work together to address workforce shortages. Dr. Russomanno noted they complemented each other, particularly by improving transfer pathways from technical schools and community colleges to four-year universities.

  Rep. Strong inquired about strategies to recruit and retain cybersecurity professionals. Dr. Russomanno emphasized public-private partnerships and the need for clear career pathways and continuing education opportunities.

  Rep. Strong asked how the government could retain cybersecurity talent despite private-sector competition. Dr. Russomanno suggested offering tuition assistance and graduate education opportunities as incentives for retention.

  Rep. Strong asked how federal workforce initiatives could better support cybersecurity in the energy industry. Mr. Jones stressed the need for more cybersecurity resources and collaboration through initiatives like the Cyber Pivot Act.

• Rep. Hernandez raised concerns about anti-DEI policies affecting cybersecurity efforts, particularly in Puerto Rico, where Spanish is the dominant language. Mr. Steyer admitted he lacked expertise on Puerto Rico but emphasized that diverse talent was critical to closing the cybersecurity workforce gap.

  Rep. Hernandez asked whether a diverse, Spanish-speaking federal workforce could improve cybersecurity collaboration. Mr. Steyer agreed that hiring Spanish-speaking professionals was both practical and essential for effective government partnerships.

• Rep. Biggs emphasized that rural communities face unique cybersecurity vulnerabilities and expressed strong support for the Cyber Pivot Act. Mr. Jones said that interns in utility companies could develop real-world cybersecurity skills while learning the mission of electric cooperatives.

  Rep. Biggs asked how to retain cybersecurity professionals in rural areas. Mr. Jones acknowledged salary challenges but said meaningful work and mission-driven roles helped with retention.

• Rep. Turner stressed the urgency of addressing cybersecurity threats and protecting personal data for constituents in Houston. All witnesses agreed that cybersecurity should be open to diverse talent from all backgrounds and that diversity strengthens organizations.

  Rep. Turner asked how students could better see themselves in cybersecurity careers. Dr. Russomanno emphasized that financial aid, outreach, and representation were critical to encouraging students to enter the field.

• Rep. Knott asked whether the U.S. cybersecurity workforce was suffering more from a personnel shortage or a skills gap. Dr. Russomanno stated that both were issues, with companies struggling to find mid- and senior-level cybersecurity professionals.

  Rep. Knott asked if cybersecurity risks increased due to illegal entry into the U.S. and how rural electric cooperatives were affected. Mr. Jones emphasized that human error, such as phishing attacks, was the primary cause of breaches but acknowledged physical security concerns as well.

  Rep. Knott asked how poorly performing federal employees could be removed more efficiently. Mr. Steyer agreed that federal workforce inefficiencies needed to be addressed through better management training and streamlined termination processes.

• Chairman Green closed by emphasizing the urgent need to expand the U.S. cybersecurity workforce in response to growing cyber threats from China, Russia, and Iran. He expressed disappointment that some committee members focused on criticizing government reforms rather than addressing workforce shortages. Green further criticized federal spending priorities, arguing that taxpayer money was being wasted on foreign programs like green transportation in Georgia and pottery classes in Morocco instead of bolstering national cybersecurity. He defended Elon Musk, stating that Musk holds a top-secret security clearance and contributes to NASA projects, countering concerns about his role in government efficiency efforts.

• Ranking Member Thompson emphasized the importance of Rural Electric Cooperatives in maintaining national infrastructure and cybersecurity, stressing the need for government support to protect them from cyber threats. He criticized Elon Musk’s alleged unauthorized access to federal networks and condemned the majority party for failing to address the issue. The Ranking Member strongly opposed the Trump administration’s hiring freeze and workforce reductions at cybersecurity agencies like CISA, arguing that these policies weakened national security. He cited an example from Mr. Steyer’s testimony about a Cyber Corps scholarship recipient who had their federal job rescinded due to the freeze, illustrating the real-world consequences of these decisions. He urged bipartisan action to counteract these harmful policies and warned that failing to strengthen the federal cybersecurity workforce would leave the country vulnerable to cyber threats.

ADD TO THE NIMITZ NETWORK

Know someone else who would enjoy our updates? Feel free to forward them this email and have them subscribe here.