Reintroduced in February by Rep. Mark Green, R-Tenn., the Cyber PIVOTT Act aims to fill a gaping workforce need by bringing a Reserve Officers' Training Corps (ROTC)-like model to cybersecurity work, offering full scholarships for two-year degrees in exchange for two years of government service.
“Far too often, cybersecurity can be a daunting industry for students and mid-career professionals to break into, creating a dangerous challenge for businesses, institutions or agencies that work to protect the digital infrastructure Americans rely on every day,” Green, the chairman of the House Committee on Homeland Security, said in a public statement. “My legislation would open doors for professionals who are hoping to ‘pivot’ to the cybersecurity field but might not have access to, or want to pursue, a traditional four-year degree.”
If the bill passes, the Cybersecurity and Infrastructure Security Agency (CISA) would facilitate the scholarship and establish partnerships and programs to ensure students are prepared for a job in the modern cybersecurity landscape. This includes working with two-year colleges and technical schools to establish partnerships and facilitate internships and job opportunities for graduates. CISA would also be required to host an annual recruitment fair with government agency representatives and maintain a database of cyber training resources, federal cyber job opportunities and additional certification programs.
With cyber attacks increasing in frequency and growing more sophisticated while half a million cybersecurity positions nationwide sit vacant, Casey Ellis, founder of cybersecurity platform Bugcrowd and member of the advocacy group Hacking Policy Council, said government leaders are increasingly seeing cybersecurity training as an urgent priority.
Additionally, he said, events like Edward Snowden’s leak of NSA documents and major breaches like the Office of Personnel Management’s in 2015 have made cybersecurity more relevant to the everyday person.
While students understand the importance of the field, the path into it has traditionally been narrow, according to David Russomanno, provost at the University of Memphis, who provided witness testimony to the House Committee on Homeland Security in February.
That path typically runs through four-year institutions, especially computer science and engineering programs, which may present financial or mental barriers to students, he said. They might see a prerequisite math requirement and think they can’t do it, for example. More flexible programs through two-year and technical colleges may allow those students to enter, widening the workforce pipeline.
If students do wish to pursue a four-year degree, they could defer their government service while they complete the additional requirements, per the act. The CyberCorps Scholarship for Service program, created in 2000, also provides scholarships for up to three years of a traditional cybersecurity-related degree in exchange for government service.
WHERE IT STANDS
Rep. Green first introduced the act last September, and since then it has seen bipartisan support, experts say, but recent layoffs led by the Department of Government Efficiency have made some lawmakers hesitant to ask young students to commit to government service.
“As I speak, the federal workforce is in a tailspin. All of us are hearing from federal employees not knowing should they stay, should they go,” Rep. Bennie Thompson, D-Miss., said in the Feb. 5 hearing. “Mr. Chairman, I appreciate your commitment to addressing the cyber workforce challenge by expanding scholarships for service for community college, but under these circumstances, who would want to commit to working for the government until the administration begins to treat its workforce with more respect?”
While cybersecurity hasn’t been targeted in recent federal staff reductions, it also hasn’t been exempted, according to Marcus Fowler, who spent years working in cyber operations for the CIA and is now CEO of Darktrace Federal, an AI cybersecurity company for government customers. He said he hired one former government cybersecurity professional who got caught in the fray.
But Fowler and Ellis agree that cybersecurity is too important a priority for any reductions that have taken place so far to be lasting, and the Cyber PIVOTT Act reflects an interest in increasing, not reducing, the cyber workforce.
“I wouldn't want students to be discouraged by what they may interpret as reduced job opportunities, because I think it's pretty clear that our nation is going to have to continue with a steadfast commitment to supporting education, job opportunities, training and cybersecurity and applied artificial intelligence,” Russomanno said.
While there are no scheduled actions on the Cyber PIVOTT Act, Fowler said it is progressing.
“It's in the mix,” Ellis said. “It hasn’t, sort of, died on the vine, but there are so many other high-priority things getting shuttered through right now. It's trying to find its place in all that.”
