WASHINGTON, D.C. — Today, the House Committee on Homeland Security, led by Chairman Mark E. Green, MD (R-TN), held a hearing to examine America’s cyber workforce shortage. Ahead of the hearing, Chairman Green reintroduced the “Cyber PIVOTT Act” to address this shortage amid increased threats to our government networks and critical infrastructure. 
 
Witness testimony was provided by Robert Rashotte, vice president of the Training Institute and Global Engagement at Fortinet; David Russomanno, executive vice president of Academic Affairs and provost at the University of Memphis; Chris Jones, president and chief executive officer of Middle Tennessee Electric; and Max Stier, president and chief executive officer of the Partnership for Public Service.

In his opening line of questioning, Chairman Green asked witnesses how the cyber workforce gap impacts their organizations and how to create a more robust cyber workforce moving forward, to which Russomanno answered:
 
“I do know that we have vulnerabilities within the university. We have very sensitive data, student records, what have you. So, yes, we do have vulnerabilities. Many of those vulnerabilities are through, quite frankly, human behavior. So, the training aspect is critically important. A basic level of cybersecurity competency, regardless of your position within an organization, is critically important. A fundamental knowledge cybersecurity for all, if you will, in terms of basic competencies would go a long way in mitigating a lot of the attacks we see today. So, certainly within the university environment we’re doing all we can. I think universities by and large have fared fairly well compared to the private sector in many instances. But there are significant gaps to be addressed, and we would benefit directly from the Cyber PIVOTT Act.”

Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Gabarino (R-NY) asked Rashotte about incentivizing students and professionals to join the cybersecurity workforce:
 
“In your testimony, you identified early educational engagement as essential not only to growing the cyber workforce butalso making students and families aware that these careers exist to begin with. Last year, I led the DHS Cybersecurity Internship Program Act with Congresswoman Clark, and we were very proud of that bill. How do you think we can look to improve [outreach] to draw students and the public at large to these opportunities in cybersecurity?”
 
Rashotte answered:
 
“I think we need to start as young as we possibly can. I know when we started our efforts in providing K-12 education and curriculum, we didn’t think we’d be able to start as young as we could. And we had teachers come to us and say that we could provide cybersecurity awareness training at kindergarten. That really surprised us, but it’s been incredibly effective. So, I think there’s a long game here where we really have to focus at that young of an age so that truly when kids are coming home and talking about becoming doctors, lawyers, engineers, they’re also talking about becomingcybersecurity superheroes.”

Subcommittee on Counterterrorism and Intelligence Chairman August Pfluger (R-TX) asked Russomanno to share his insights on programs that would help fill the cyber workforce gap:
 
“Angelo State is a center of academic excellence in cyber defense—what lessons should Angelo State be learning? What programs should they be trying to seek to help with the shortage of cyber professionals that we have, especially those that come from places like rural Texas that want to be a part of our security and defense? Give us some of the lessons you’ve learned and those that I can share with an institution like that.”
 
Russomanno answered: 
 
“I think the key is expanding the portfolio of training with respect to cybersecurity readiness. Once again, many folks think of just computer science, engineering as those pathways, but there’s others… I will point out the ISC2 [International Information Systems Certification Consortium] study from last year pointed out that our cybersecurity growth is flat year over year last year. So, as the threat is increasing, our workforce growth is flat. We have to broaden the academic programs, the training programs available to our students, and articulate the urgency and the opportunity for Gen Z to make a difference in this challenge our nation faces.”

Rep. Andy Ogles (R-TN)  asked Jones about how best to equip and leverage the cyber workforce in America today, to which Jones answered:
 
“I’ll point to the ‘PIVOTT Act’ first. Again, I think that’s so fundamentally important, and we’re appreciative of what is happening with regard to that, so that’s an important part of it. As far as the work with electric cooperatives, we are really good at collaborating together. By extension, we are seeking to collaborate with educational institutions at the local level. I think that’s important too. We can provide, for example, mentorships for people. Again, the challenge is not quite the same as you are aware for Middle Tennessee Electric as it may be for many other electric co-ops in more rural areas with less economies of scale. So, the challenge is different from place to place. But I believe that our network, our association of cooperatives stands ready to provide something like you’re describing to with regard to mentorships, but particularly with regard to engagement with educational institutions in our communities.”

In response to pushback against Republican efforts to ensure a competent and accountable government workforce, Rep. Brad Knott (R-NC) shared his personal experience and asked Stier what he recommends to incentivize efficiency:
 
“One of the frustrations I had in the federal workforce is when there were people who were partners or people you had to work with and other agencies, firing just was not an option—or removing them. And if you did cross that threshold, immediate litigation and burdensome, burdensome counter suits would have been implemented. So, given the threat of cybersecurity and the need to maintain a professional, efficient and effective workforce, how can we better extract those who are not focused?”
 
Stier replied:
 
“One hundred percent. I entirely agree with you. Like all workforces, there are better and worse. I think that the federal government more broadly has not had effective focus on these kinds of management issues. So, there are some system changes that ought to take place. It’s too complicated to actually fire people. You have to decide, depending on what the issue is where you go—that could actually be streamlined in a very profound way. The thing that would change it the most would be actually to get managers better trained on doing the performance evaluation that you’re describing, and to have leaders that actually support their management to get rid of the poor performers. Because right now, it’s easier to ignore the problem than to address the problem. So, the rules can improve things, but it ultimately is a management responsibility. And that focus is by and large not there.”
 

###