To expand cyber workforce, government must unfreeze hiring and target youth, experts told House committee

To address the national cybersecurity workforce gap, the House Committee on Homeland Security held a hearing on Wednesday morning, where a panel of experts testified before a contentious group of Democratic and Republican lawmakers, who traded barbs over President Donald Trump’s recent executive orders.

On Jan. 20, Trump signed an executive order instituting a hiring freeze across federal agencies, including the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which some experts testifying before the committee said weakened the capabilities of the security organization.

Beyond the national workforce, the hearing also at times targeted cyber workforce shortages inside government. Some experts on the panel and congressional leaders said the president’s hiring freeze is at odds with a robust hiring practices that could drive more cyber talent to federal, state and local agencies.

“The reality is we need to see more investment in the capacity of our public sector respond to the cyber challenges. When you have hiring freezes that actually encompass the cyber workforce, of course that’s going to diminish capacity of the organization,” Max Stier, president of the Partnership for Public Service, a nonprofit focused on building the next generation of civil servants, said during Wednesday’s hearing.

There is a shortage of about 500,000 to 700,000 cybersecurity professionals in the United States, according to National Institute of Standards and Technology.

“We already have a hiring system in the federal government that is not just ridiculously slow, and that’s a big problem, but even more important is that it doesn’t often identify the best talent or really operate in a strategic fashion. So it is enormously disruptive,” Stier added.

‘Harmful hiring freezes’

Rep. LaMonica McIver, D-N.J., told the committee she also believed that some of the president’s recent policies have been disruptive.

“Unfortunately, the recent decisions, as mentioned multiple times here, including the harmful hiring freezes and federal grant interruptions under the Trump administration, have weakened the critical pipeline needed to safeguard our digital infrastructure,” McIver said.

Stier said the pause in federal hiring will drive more qualified cyber professionals to the private sector, where companies can afford to pay them higher salaries, citing an outdated federal pay system as a challenge to attracting top-tier talent.

In 2022, the average salary for a cyber professional in the private sector was $100,000, which was 14% higher than the average salary in the public sector, according to one labor market report.

“We have a pay system in the federal government that was designed in 1949 when the federal workforce was almost exclusively clerical, and now it’s professional,” Stier said. “The world has changed, our government has not kept up.”

Rep. Eli Crane, R-Ariz., agreed that the Congress needs to increase salaries for federal roles, but argued that government agencies need also to change their recruiting tactics to attract a more “purpose-driven workforce.”

“It is what enables you to recruit people, even if you’re not going to make as much money,” Crane said. “It’s worth noting, as well, that a third of federal employees are veterans, and it’s because they care. They serve the country, and they’re uniform, and they want to serve their country as civil servants.”

‘Early’ messaging

During the hearing, some congressional leaders emphasized the importance of early cyber education and finding new ways to recruit millennials and Generation Z into government cybersecurity positions. New York Rep. Andrew Garbarino, R-N.Y., suggested CISA develop cybersecurity curriculum for K-12 students, with a focus on early education. The federal security agency provides resources and guidance to K-12 schools on strengthening their administrative cybersecurity efforts, but does not currently offer cyber educational materials for students.

“I think it’s very important to message early on, and glad to hear about these early K through 12 initiatives is how vast the cybersecurity field is,” David Russomanno, executive vice president of academic affairs at the University of Memphis, testified before the committee.

Many universities are adding new cybersecurity courses and workforce programs to their academic offerings. Russomanno pointed to a new cybersecurity scholarship and recent efforts to expand his school’s cybersecurity degree portfolio to better align with community colleges and other training programs across the country.

The hearing comes a week after the National Association of State Chief Information Officers released its federal advocacy priorities for 2025, which included addressing cybersecurity workforce shortages. The group recommended that states, for their part, take a “collaborative approach” to workforce that creates new partnerships with federal agencies. It also recommended expanding worker training and education programs.

Rep. Mark Green, R-Tenn., who chairs the Homeland Security Committee, introduced legislation that would offer scholarships to students at community colleges and technical schools in exchange for two years of service in federal, state, local, tribal or territorial government cyber positions — similar to the Reserve Officer Training Corps program.