August 26, 2024 By Josh Nadeau 3 min read

On July 25, 2024, a new form of legislation was introduced by United States Senators Jacky Rose and Marsh Blackburn. This new Senate bill, labeled the Cyber Ready Workforce Act, is intended to add additional financial support through government grants to help create and expand the availability of cybersecurity apprenticeship programs across the country.

This new bill outlines new guidelines for the U.S. Department of Labor when it comes to providing financial support to approved organizations registering new apprenticeships while also tasking them with coordinating between employers and training providers to maximize the efficiency of their programs.

Why was the Cyber Ready Workforce Act created?

Currently, there are over half a million open cybersecurity jobs in the nation. While minor progress has been made in reducing the cybersecurity staffing shortage crisis over the past few years, states like California, Texas and Virginia have tens of thousands of unfilled cybersecurity jobs.

Many of these employment gaps are due to how quickly the cybersecurity landscape has shifted over the last few years. With cyber threats evolving every day, primarily driven by advancements in next-generation technologies, organizations find it much harder to source applicable skills during their recruitment efforts.

According to the Cybersecurity Supply and Demand Heat Map provided by Cyberseek, some of the largest gaps that exist in the sector are centered around oversight and governance, design and development, and protection and defense. For example, between May 2023 and April 2024, there were over 139,000 gaps present in systems authorization skills, over 125,000 gaps in data analysis skills and over 85,000 gaps in vulnerability analysis skills.

The introduction of the Cyber Ready Workforce Act promises to help shift this narrative by making cybersecurity training and certification programs more accessible to everyone.

What are the expectations and requirements for seeking grant approvals?

The Cyber Ready Workforce Act outlines several guidelines on how organizations can seek approval for receiving grants toward cybersecurity apprenticeships. Below is a summary of the guidelines associated.

Build your security skills

Eligible workforce intermediaries

Grant funding will be available to both public and private sector entities that meet the following eligibility:

  • Business or industry organizations
  • Community-based organizations
  • State or local workforce boards
  • Postsecondary education institutions
  • Joint labor-management partnerships
  • Institutions of higher education
  • Nonprofit organizations

It is welcoming news that the recent grant provision has been extended to encompass both public and private sector organizations. According to RAND Corporation, in the private sector, salaries tend to be considerably higher than in the public sector, with a 20-35% average difference and roles like computer and information research scientists being compensated 47% more on average.

This new provision afforded by the Cyber Ready Workforce Act will help provide the financial support necessary for organizations to raise the skillsets of their cybersecurity workforce, helping to close the gap in compensation brackets across multiple roles.

Specific program requirements

The new legislation outlines requirements for the Department of Labor regarding what should be considered grant-worthy program activities. These include:

  • Technical instruction, workplace training and industry-recognized certification in cybersecurity
  • Certifications in CompTIA Network+, CompTIA A+, CompTIA Security+, Microsoft Certified System Administrator, Certified Ethical Hacker or other industry-recognized certifications
  • The encouragement of stackable and portable credentials
  • Training for occupations in computer support, cybersecurity, cloud computing, programming, systems analysis and security

How funds need to be used

Regarding fund allocations, grant approvals will stipulate an 85/15 split, with the majority of funds being used in the planning and executing of apprenticeship programs and a small portion of funds being used for supporting elements.

Below is how this split is defined.

85% of grant funding should be allocated to:

  • Development and technical support for apprenticeship registration and assisting employers
  • Developing curricula and technical instruction in cooperation with local businesses and organizations
  • Providing support services to apprentices, such as career counseling and mentorship and assistance with transportation, housing and childcare

15% of grant funding may be allocated to:

  • Marketing apprenticeships to employers and secondary school administrators
  • Recruiting potential apprentices, including underrepresented populations, youth and veterans
  • Connecting and collaborating with other workforce intermediaries to share best practices and resources

Looking to the future

In support of this new bipartisan legislation, Senator Jacky Rosen (D-NV) stated, “As the cybersecurity industry grows and cyber threats become more common, we need to ensure we have the workforce with the training and skills necessary to fill jobs in this critical sector.”

Referencing the new Senate bill, Rosen also stated that it would “help fill gaps in our cybersecurity workforce through a new grant program that will support Registered Apprenticeships and technical skills training in this field. It’ll open the door to more good-paying, cutting-edge jobs for Nevadans and all Americans, including for those without a college degree.”

More from News

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally.The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets.Who is exploiting the NGFW zero-day?As of now, little is known about the actors behind the…

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

CISA adds Microsoft SharePoint vulnerability to the KEV Catalog

3 min read - In late October, the United States Cybersecurity & Infrastructure Security Agency (CISA) added a new threat to its Known Exploited Vulnerability (KEV) Catalog. Cyber criminals used remote code execution vulnerability in Microsoft SharePoint to gain access to organizations’ networks. The CISA press release states that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” However, Microsoft identified and released a patch for this vulnerability in July 2024. Cybersecurity experts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today