The National Association of State Chief Information Officers (NASCIO) and the National Governors Association (NGA) have joined together in a push to help states combat the cybersecurity workforce shortage.

The 2022 Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study found that state chief information security officers (CISOs) agreed that an inadequate availability of cybersecurity professionals is one of the biggest challenges to addressing states’ cybersecurity needs. In a new publication, Securing States: Modernizing to Attract and Retain Cyber Talent, NASCIO and NGA said that to rise to the challenge, state leaders must collaborate and share ideas to achieve results-driven solutions.

NASCIO and NGA said the publication is the “culmination of a partnership between NASCIO and NGA, which started in 2022, to assist states in identifying the concrete actions they can take now to bridge the cybersecurity workforce gap.”

“State cybersecurity workforce challenges have reached crisis levels in some states and is a major concern for all state CIOs,” said Stephanie Dedmon, NASCIO president and CIO for Tennessee. “NASCIO is glad to partner with NGA and other strategic partners to help address this critical issue.”

In developing the resource, NASCIO and NGA brought together governors’ policy advisors, state information technology and cybersecurity leaders, workforce professionals and other experts to discuss best practices and lived experiences.

As a result of these conversations, NASCIO and NGA offered up five recommendations for states:

  • States need to focus on effective marketing and branding of state government as an employer of choice, their mission-driven work, and the unique benefits they offer.
  • States must adapt to the enduring impacts of the COVID-19 pandemic by modernizing the working environment to include flexible schedules, offering remote and work from home (WFH) options, and focusing on addressing burnout and employees’ mental and emotional well-being.
  • States must focus on diversity, equity, inclusion, and belonging (DEIB) in their recruitment, hiring, and retention practices.
  • States need to collaborate with key tech and cybersecurity stakeholders, including the private sector, academia, nonprofit organizations, the Federal government, minority-serving institutions, and professional associations, to provide development opportunities and build workforce pipelines.
  • States should rework position descriptions to reflect industry-standard job titles and reduce barriers to entry, such as outdated or unnecessary requirements.

“The consequences of a constrained state cybersecurity workforce are becoming increasingly hard to ignore,” NASCIO and NGA said in the publication. “Many of the recommendations laid out in this report are not necessarily innovative to the cyber industry as a whole, but to see change, it is critical that there is strong unified support from not only state CIOs and CISOs, but Governors, state legislators and human resources changemakers.”

Read More About
Kate Polit
Kate Polit
Kate Polit is MeriTalk SLG's Assistant Copy & Production Editor, covering Cybersecurity, Education, Homeland Security, Veterans Affairs