Inglis Says He Won't 'Dictate' Cyber Workforce Policy

National Cyber Director Chris Inglis said Tuesday that he's ready to "coordinate," but not "dictate," in the cybersecurity workforce arena, offering a hint of the office's approach to the cybersecurity workforce. 

His remarks at an event hosted by the National Academy of Public Administration and the Florida Center for Cybersecurity come months after a Congressionally-mandated report by NAPA recommended that the National Cyber Director take charge of coordinating a multi-sector effort on the cybersecurity workforce.

Several agencies including the Department of Defense and the Cybersecurity and Infrastructure Security Agency already have lines of efforts focused on the cybersecurity workforce.

Inglis emphasized during his talk that he "greatly appreciates" existing efforts by the National Institute of Standards and Technology and other agencies, and that the Office of the National Cyber Director will "support fully any initiative which is trying to get us to a better place."

"Our job is to not come in and hierarchically dictate the actions in this space. There are plenty of experts. There are plenty of folks who actually have the authority, the expertise to do what they should do," said Inglis of the role of the ONCD. "Our job is to connect all of those pieces so they add up to something greater than the arithmetic sum. We coordinate, not operate. We coach, not quarterback."

The ONCD, created in the 2021 National Defense Authorization Act, is still in the process of fully staffing up: the office has about 30 staff members currently and is set to grow to 90, said Inglis.

So far, exactly how the ONCD will pursue this coordination work for cybersecurity workforce initiatives is still unclear, as a top ONCD official said in February.

The office does, however, have "a specific, directorate line of effort that's devoted to workforce, training and education" and "trying to make sure that the federal government has … coherence across various workforce initiatives," an ONCD press official told FCW. 

"If we don't get the roles and responsibilities right, then we're in a place where someone might assume someone else is defending something that they care about when no one is. So we have to get all of those pieces right," said Inglis. 

One target is expanding the focus of cyber workforce initiatives beyond the need for experts to fill cybersecurity positions - the gap of open cyber jobs in the United States, estimated at almost 600,000 – to include those whose work is adjacent to cybersecurity. 

"Not simply do we have a half a million jobs that are unfilled, but there's weakness everywhere you look," said Inglis. "People remain oftentimes the weak link. They're not up to speed in terms of what they need to do."

Another area of focus is performance assessments looking into "not simply how the dollars are expended in this space, but whether we have the right roles and responsibilities," said Inglis. 

Inglis also touched on the lack of diversity in the field, as well as how cybersecurity jobs are defined.

"We can address our diversity challenges by making sure that we have every head, every perspective, every talent in the game by taking another look at how do we create the pipeline and another look at how do we define those jobs," said Inglis.