Initiatives for Cyber Workforce Development

Last week, I had the privilege of participating in the inaugural meeting of the Operational Technology Cybersecurity Center of Excellence (OTC-COE). The OTC-COE aims to provide a global platform to enhance shared knowledge and foster multi-stakeholder collaboration to advance common interests in OT and Industrial Control Systems (ICS) cybersecurity. This initiative was co-founded by ARAMCO and the Global Cybersecurity Forum (GCF), with founding members playing a pivotal role in guiding the strategic direction of the center.   During the meeting, I introduced our OT/ICS Cybersecurity Track, part of the OT/ICS Cybersecurity Workforce Development efforts. The architect of the this Track is Dr. Rashid Tahir from the Department of Cyber Security and Forensic Computing at the University of Prince Mugrin. This track is designed in a way to bridge the gap between academic output and job market needs by focusing on the following areas: 1. Comprehensive understanding of various OT/ICS environments 2. Offensive and defensive strategies in OT/ICS cybersecurity 3. Governance, risk, and compliance for the OT sector 4. Research and innovation in the OT and IIoT domains   The OT/ICS Cybersecurity Track is the result of an extensive benchmarking exercise, drawing from both academic and industry resources. It comprises four courses totaling 12 credit hours, exclusively focusing on OT/ICS, and includes an optional Final Year Capstone Project. The courses are:   a. *Introduction to OT & ICS* – Covers Industry 4.0, ICS components and architectures, and networking protocols in the OT sector, with regular field visits to operational facilities.   b. *Fundamentals of OT Security* – Involves cybersecurity essentials for OT/ICS, penetration testing, hacking ICS (including MITRE ATT&CK for ICS), threat analysis, network security, and incident response (ICS Cyber Kill Chain), enriched with guest lectures from OT security experts.   c. *Advanced OT Security* – Offers an in-depth study of ICS malware such as Stuxnet, Industroyer, Trisis, and PIPEDREAM, includes Red vs. Blue Team exercises, and features a 10-week industry-sponsored research project focusing on either offensive or defensive security.   d. *Governance, Risk, and Compliance (GRC) for OT Sectors* – Covers standards such as ISA 62443, NIST SP 800-82 Rev. 3, NCA OTCC, Aramco OT Compliance Framework and CISA CSET-based evaluations for Various Industry 4.0 Verticals (carried out with industry partners)   These courses will be delivered in collaboration with industry partners and OT security professionals worldwide, providing a comprehensive and practical learning experience. The program also includes a practical summer field training or a 6-month on-site COOP training program in the industry. I would like to thank Dr. Rashid Tahir and his team for the great work. Special thanks to Eng. Naveed Ahmad and Eng. Mohammed AL-khatib for their exceptional efforts and significant contributions in reaching this milestone.

Cybersecurity has moved beyond being an IT issue.  It’s now a national security imperative. Yet the U.S. faces a massive talent gap, with estimates of around 700,000 unfilled cybersecurity roles. This gap raises deeper, systemic questions: - Are we doing enough to increase access to this critical industry? - Are education models keeping pace with the skills needed in the field? - Are we adequately preparing students for the rapid evolution of cyber threats? The answer, in many cases, is no. Cybersecurity demands both technical expertise and adaptability, but many aspiring professionals aren’t given the chance to build these skills. The barriers are often higher for underrepresented groups, due to inequities in education and access. So, how do we build a talent pipeline that meets the scale and complexity of the problem? Some key learnings we’ve had at CodePath: 1️⃣ Deeper collaboration between educational institutions and employers is key to ensuring students are ready for real-world challenges. CodePath has built incredible industry partnerships that align education with workforce demands. 2️⃣ Accessible and inclusive pathways are essential. CodePath’s work focuses on empowering students from all backgrounds, ensuring they have a mastery of deep technical skills and the tools + mindset to excel in cybersecurity careers. 3️⃣ Practical, hands-on training is non-negotiable. Cybersecurity is dynamic, and the training must reflect that. That's why our immersive coursework equips students to solve real-world threats, preparing them to lead in high-stakes environments. Now is the time to rethink how we prepare the next generation of cybersecurity professionals. The future of innovation— and safety— depends on creating a skilled and adaptable talent pipeline. How can we better align our efforts to address this critical challenge?

🇺🇸𝗨𝗦𝗖𝗬𝗕𝗘𝗥𝗖𝗢𝗠 2.0 is reshaping cyber force generation. At the Senate Armed Services Subcommittee on Cybersecurity hearing (Jan 28, 2026), the Pentagon leaders including Assistant Secretary for Cyber Policy Katie Sutton and Acting USCYBERCOM Commander Lt. Gen. William Hartman described CYBERCOM 2.0 as a fundamental overhaul that prioritizes career-long expertise and mission-specialized agility. 𝗧𝗵𝗲 𝗶𝗻𝗶𝘁𝗶𝗮𝘁𝗶𝘃𝗲 𝗽𝗶𝘃𝗼𝘁𝘀 𝗼𝗻 𝟯 𝗰𝗼𝗿𝗲 𝗽𝗶𝗹𝗹𝗮𝗿𝘀 ⚫️ 𝗗𝗼𝗺𝗮𝗶𝗻 𝗠𝗮𝘀𝘁𝗲𝗿𝘆: build 𝗱𝗲𝗲𝗽 𝗲𝘅𝗽𝗲𝗿𝘁𝗶𝘀𝗲, not rotating generalists ⚫️ 𝗦𝗽𝗲𝗰𝗶𝗮𝗹𝗶𝘇𝗮𝘁𝗶𝗼𝗻: dedicated mission teams for 𝗰𝗹𝗼𝘂𝗱, 𝗜𝗖𝗦, 𝘀𝗽𝗮𝗰𝗲, and 𝗔𝗜-𝗲𝗻𝗮𝗯𝗹𝗲𝗱 𝗰𝘆𝗯𝗲𝗿 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝘀 ⚫️ 𝗔𝗴𝗶𝗹𝗶𝘁𝘆: rapidly assemble the right talent against 𝗲𝗺𝗲𝗿𝗴𝗲𝗻𝘁 𝘁𝗵𝗿𝗲𝗮𝘁𝘀, not one-size allocations 🔒 𝗪𝗵𝗮𝘁 𝗰𝗵𝗮𝗻𝗴𝗲𝘀 𝘁𝗵𝗲 𝗴𝗮𝗺𝗲 Under authorities like 𝗧𝗶𝘁𝗹𝗲 𝟭𝟬 (10 U.S.C. §167b), operational commander input gets embedded directly into 𝗿𝗲𝗰𝗿𝘂𝗶𝘁𝗶𝗻𝗴, 𝘁𝗿𝗮𝗶𝗻𝗶𝗻𝗴, and 𝗮𝘀𝘀𝗶𝗴𝗻𝗺𝗲𝗻𝘁 decisions intentionally blurring the old line between the Services and the operational command to move the 𝗿𝗶𝗴𝗵𝘁 𝗽𝗲𝗼𝗽𝗹𝗲 to the 𝗿𝗶𝗴𝗵𝘁 𝗺𝗶𝘀𝘀𝗶𝗼𝗻𝘀 faster. ⚙️ 𝗧𝗵𝗿𝗲𝗲 𝗲𝗻𝗮𝗯𝗹𝗲𝗿𝘀 𝘁𝗵𝗮𝘁 𝗺𝗮𝗸𝗲 𝗶𝘁 𝗿𝗲𝗮𝗹 ⚫️ 𝗖𝗧𝗠𝗢 (Cyber Talent Management Organization): synchronizes talent pipelines with operational demand ⚫️ 𝗔𝗖𝗧𝗘𝗖 (Advanced Cyber Training & Education Center): rapid, modular mission training with industry/academic partners ⚫️ 𝗖𝗜𝗪𝗖 (Cyber Innovation Warfare Center): integrates innovation, 𝗧𝗧𝗣𝘀, and 𝗔𝗜/𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻 into operational capability at tempo #USCYBERCOM #CyberOperations #DoD #CyberWorkforce #NationalSecurity Cyber Security Forum Initiative #CSFI United States Department of War

The White House Office of the National Cyber Director (ONCD), in partnership with the Office of Management and Budget (OMB) and Office of Personnel Management (OPM), has launched Service for America—an initiative focused on preparing the U.S. for a digitally enabled future by expanding access to well-paying, meaningful jobs in cyber. Aligned with the 2023 National Cyber Workforce and Education Strategy (NCWES), this effort prioritizes skills-based hiring, removing unnecessary barriers, and promoting work-based learning opportunities like registered apprenticeships. These programs aim to create pathways for Americans from diverse backgrounds, including veterans, career changers, and rural workers, to step into rewarding careers in cyber. I believe this initiative is crucial for securing the future workforce in an AI-powered America. By focusing on skills and creating accessible pathways, we are building a stronger, more inclusive workforce ready to tackle the challenges of tomorrow. The importance of local partnerships and collaboration to meet the evolving needs of the cyber workforce cannot be understated! As we approach Cybersecurity Awareness Month, I encourage you to explore the different opportunities and resources available through this initiative. #ServiceForAmerica #CyberWorkforce #Cybersecurity 

One of the most rewarding aspects of working with our customers and partners across industries is seeing how our AI tools are transforming not only how organizations defend themselves but also how they can assist in empowering the next generation of cybersecurity professionals!   I recently had the opportunity to sit down with Ryan I. from Cyber Florida at USF: The Florida Center for Cybersecurity to learn more about the inspiring work they’re doing with their student Security Operations Center. By giving students—many with limited experience—the chance to participate in real cyber investigations and collaborate with public sector partners, they are bridging the gap between classroom learning and hands-on experience. Programs like these are vital to building the skilled and confident defenders we need for the future. It’s exciting to see innovation and education come together to empower the cybersecurity workforce of tomorrow. 

Letter T: Talent Gap: Bridging the Cybersecurity Skills Divide Our ‘A to Z of Cybersecurity’ tackles the Talent Gap - the shortage of skilled cybersecurity professionals needed to defend organizations in today's digital world. With cyber threats on the rise, the demand for skilled defenders far outpaces the available talent pool: The Skills Shortage: · Rapidly Evolving Threats: The cybersecurity landscape is constantly changing, requiring a skilled workforce that can adapt quickly. · Complex Technologies: Security professionals need expertise in various security tools, technologies, and methodologies. · Limited Educational Opportunities: Not enough educational programs are producing graduates with the necessary cybersecurity skills. Bridging the Divide: · Upskilling & Reskilling Initiatives: Invest in training and certification programs to develop the skills of your existing workforce. · Collaboration with Academia: Partner with educational institutions to develop a cybersecurity curriculum aligned with industry needs. · Promoting Diversity & Inclusion: Encourage individuals from diverse backgrounds to pursue careers in cybersecurity. Closing the talent gap requires a multi-pronged approach. By investing in training, promoting education, and fostering diversity, we can build a stronger cybersecurity workforce for the future. #QuickHeal #Seqrite #Cybersecurity #TalentGap

As promised, here's my first follow-up on the The White House AI Action Plan, focusing on how we can empower America's workers to lead in the AI era. America's AI Action Plan makes clear that U.S. leadership in AI depends not only on technology but on talent. At Booz Allen Hamilton, we've long recognized that building tomorrow's advanced technology solutions starts with empowering #America's workers. That's why we've invested in a nationwide ecosystem of training, apprenticeship, outreach and credentialing programs designed to scale #AI literacy, proficiency and career mobility across every stage of the talent pipeline. We're proud to have: - Credentialed 35% of our 30K+ workforce through our AI Ready badging program - Trained more than 10K high school students across DC, VA, NC and TX since 2023 with partners like aiEDU and AI bootcamps - Launched NC State AI Academy, a 40-week paid apprenticeship program with 5K apprentices and 100 employer partners - Delivered SkillBridge and Hiring Our Heroes fellowships, equipping 400+ veterans and spouses annually with AI and #cybersecurity skills, achieving a 90% placement rate - Set an ambitious goal through TechXplore to empower 1M students with AI, cybersecurity and advanced technology skills The White House AI Action plan underscores what we have long believed - America's competitive edge lies in our ability to educate, credential and equip our workforce at scale. We are proud to help lead this effort. More to come...

With more than half a million cybersecurity jobs unfilled nationwide in the US, private enterprise and the federal government alike are focusing efforts to help fill the gap by changing hiring strategies and encouraging careers in IT security. This week, the White House Office of the National Cyber Director (ONCD), in collaboration with the Office of Management and Budget (OMB), announced the "Service for America" initiative, which is part of the National Cyber Workforce and Education Strategy (NCWES). The main directive is to recruit and prepare Americans for jobs in cybersecurity, technology, and artificial intelligence (AI). The initiative focuses on creating accessible career pathways by removing degree requirements, and emphasizing skills-based hiring.

The education sector is a prime target for cybercrime, with universities facing unique challenges in defending their digital infrastructures with limited security resources. Conversely, the cybersecurity industry continues to struggle with workforce shortages. Cue the light bulb: What if there was a solution to tackle both issues at the same time? That’s exactly what many universities across the U.S. are starting to do – staffing SOCs with their own students. It’s a win-win: Students get invaluable hands-on training with threat detection, incident response, and other tasks, setting them up with the experience to fill much-needed cybersecurity roles after graduation. Universities get a cost-effective solution to strengthen their defenses against cyberattacks (don’t worry, the students still get paid). And the industry gets a new generation of diverse, expert-level cyber talent who are already well-versed with AI security tools like Microsoft Security Copilot. Love to see this kind of creative problem solving in action! https://lnkd.in/e6zuBpTd #Cybersecurity #Cybercrime #AI #SOC