The National Cyber Workforce & Education Strategy (NCWES) Explained

Imagine a world where every cyber threat gets a swift and skilled response. This is the vision of the National Cyber Workforce and Education Strategy (NCWES), a program aimed at creating a future-proof cybersecurity workforce.

Why is future-proofing our cybersecurity workforce so important? Because the cyber challenges of today and tomorrow require a diverse, well-educated, and agile workforce.

In this article, we'll see how this national cyber strategy contributes to building a resilient and capable cybersecurity community.

What is the NCWES?

Short for “National Cyber Workforce and Education Strategy”, the NCWES is a comprehensive and first of its kind approach that is aimed at “addressing both immediate and long-term cyber workforce needs”.

As the Biden-Harris Administration announced in July 2023:

Under the guidance of The President, the Office of the National Cyber Director (ONCD) is leading the charge in executing the national Cyber Workforce and Education Strategy. It has set precise goals, metrics, and timelines to effectively implement this strategy by collaborating closely with various government agencies. ONCD is also already working with another federal agencies, including:

• National Science Foundation (NSF)
• National Security Agency (NSA)
• National Institute of Standards and Technology (NIST)
• Department of Labor (DOL)
• Office of Personnel Management (OPM)
• Cybersecurity and Infrastructure Security Agency (CISA)
• Department of Veterans Affairs (VA)

However, this collaborative approach extends beyond government entities, encouraging initiatives from academia, industry, and non-profits aligned with the strategy's vision. Some of the many, varied players in this space include:

• SANS Institute
• Women in CyberSecurity (WiCyS)
• Cybersafe Foundation

Additionally, the ONCD has created an advisory committee, and by using the existing public-private partnerships, they gather diverse input and foster cooperation across the cybersecurity ecosystem.

Bringing together various stakeholders and focusing on outcome-based goals will equip Americans with the required cyber skills needed for a secure and interconnected future.

(Splunk can help your organization align federal cybersecurity initiatives, including the National Cybersecurity Strategy and OMB M-21-31.)

The 4 pillars of NCWES

In fact, here are four core goals of this strategy to spread cybersecurity awareness among people:

Equip every American with foundational cyber skills

The first objective is to ensure that every American possesses some cyber skills. That’s because, in our technology-reliant societies, you could argue that digital literacy is as fundamental as reading and math skills.

With cyber threats escalating in frequency and complexity, a population of people that is cyber-literate can better protect personal data, identify scams, and safeguard against cyberattacks. By adding these skills into the educational curriculum, this strategy aims to create a workforce naturally inclined towards innovation and problem-solving.

(Want a free way to uplevel your cyber knowledge? Listen to these podcasts.)

Transform cyber education

The next goal is to make cyber education accessible to all. Bridging the gap between cyber education systems, training providers, and employers will create clear and reliable pathways for individuals to pursue fulfilling cyber careers.

But this shift is not solely about career preparation — the aim here is to enrich the cyber sector with diverse insights and experiences.

Expand & strengthen America’s existing cyber workforce

The third pillar advocates for a skills-based approach in workforce development — valuing practical skills alongside traditional qualifications like degrees and certifications. For example, employees should know how to use different cybersecurity frameworks.

After all, adopting this skills-driven approach will make the cyber workforce more dynamic and responsive to the changing tech environment.

(Related reading: cybersecurity conferences to attend & cybersecurity certifications to earn.)

Strengthen the federal cyber workforce

The fourth pillar of NCWES is to fortify the federal workforce. The employment ecosystem that supports the federal government is vast, spanning public and private sectors. This workforce is the key player in protecting crucial areas like:

• Government IT systems and data platforms
• Critical infrastructure, both physical and digital
• National security

Federal teams implement policies to safeguard and boost America’s interests domestically and internationally. However, attracting top talent to federal service can be challenging due to less-competitive salaries and lengthy hiring processes. For that purpose, NCWES aims to:

• Diversify the workforce by attracting women, younger professionals, and members of underserved groups.
• Use skills-based hiring practices to focus on practical abilities rather than formal qualifications.

This approach will ensure that the government leads by example in cybersecurity readiness and workforce diversity.

Meeting future challenges of cybersecurity through a comprehensive national strategy

The NCWES strategy recognizes three areas that we must pay attention to: new and emerging technologies, the constant evolution of vulnerabilities and threats, and a continuous approach to learning.

Adapting to technological advancements

The national strategy recognizes the rapid pace of technological innovation, including the rise of artificial intelligence, blockchain, and the Internet of Things (IoT). To ensure the cybersecurity workforce stays ahead, NCWES includes targeted training programs and educational modules focused on these emerging technologies.

Equipping experts with the knowledge to use and secure these technologies will create a workforce proficient in current cyber defenses and mitigate future vulnerabilities.

Addressing evolving cyber threats

NCWES proposes a dynamic approach — developing the workforce's strategic thinking and problem-solving skills. It prioritizes continuous training and upskilling to ensure cybersecurity professionals remain updated on the latest threats and defense mechanisms.

By staying abreast of current and emerging threats, they can develop more effective strategies to safeguard against cyberattacks.

(Know the differences: vulnerabilities, threats & risk.)

Emphasizing continuous learning and development

Initial training is merely the first step in cybersecurity — what follows is continuous education and skill enhancement. This ongoing learning approach maintains high competence and adaptability among industry professionals and prepares them for facing resilient threats.

To support this, the ONCD has established partnerships with private sector organizations and educational institutes to provide advanced learning opportunities and certifications. This partnership ensures that the security training is relevant, up-to-date, and aligned with the current industry demands and challenges.

Key actions of NCWES to building a cyber-savvy society

Here’s how NCWES can make the nation cyber-savvy and prepare them for future cybersecurity challenges:

• Emphasize cybersecurity as a universal concern, not just for IT experts. Implement widespread awareness programs to educate the public about safe digital practices.
• Introduce cybersecurity in early education to foster responsible digital citizenship and prepare future generations for cyber-related careers.
• Use social media, apps, and online platforms innovatively to spread awareness about cyber risks and safe practices.
• Break stereotypes about the field, promote diverse opportunities, and encourage an inclusive workforce to improve problem-solving with varied perspectives.

How NCWES is shaping the cyber workforce

National cyber workforce and education strategy is a forward-thinking initiative, crucial for anyone in the tech sphere to understand. It lays out a cyber education and workforce development framework for creating a robust, future-proof cyber defense system.

This is an opportunity for professionals like you in the tech field to be at the leading edge of cybersecurity resilience.