Cyber Maryland program aims to address cybersecurity workforce shortage

As the number of jobs unfilled in Maryland’s cybersecurity industry continues to grow, Maryland leaders are looking for ways to meet the demand for skilled workers.

In the 2023 legislative session, the Cyber Maryland Program was established for this exact purpose, and to support the development of a highly skilled and diverse cybersecurity workforce. There are currently 30,000 unfilled cyber jobs in the state of Maryland.

A full report is expected in December, but Troy LeMaile-Stovall, CEO of the Maryland Technology Development Corporation (TEDCO) (the organization that is tasked with developing the strategic plan), said that the overall goal is to create a strategic plan to not only address how to meet the demand for unfilled jobs, but also identify new ways to tap into talent. Part of this strategy, he said, is to define the different roles that cybersecurity professionals can take.

“When people think of cybersecurity, most people think about the NSA and security clearances. Not all cyber jobs require high-security clearances, there are also main street businesses, for example, that need access to affordable cybersecurity talent,” LeMaile-Stovall said.

That’s why, he said, they are looking to create different pathways to fill various positions. Not all technology-related jobs require a four-year degree, and their goal is to find ways to help new talent get the years of experience they need whether a security clearance is required or not. Another key initiative of the strategic plan is to create a cohesive statewide approach. Many organizations are working to address the issue, but not necessarily in tandem.

“With many organizations working in silos to close the cyber workforce talent gap, there is a need to synergize efforts, centralize reliable data, collaborate and create a cohesive approach. The Cyber Maryland program addresses two key challenges facing the industry, as identified through CAMI’s Center for Cybersecurity Talent Acquisition. First, employers seeking to leverage cybersecurity workforce development programs offered by the state and its partners will have access to centralized, reliable data on what programs are available. Additionally, the work of the Cyber Maryland program will inform cybersecurity training and education programs operated by public or private entities with industry-driven needs, which is critical to building a qualified pipeline of cybersecurity talent,” said Tasha Cornish, Executive Director of the Cybersecurity Association of Maryland, Inc. (CAMI).

Another key piece is funding. LeMaile-Stovall and key partners are looking at what other states have done to address their cyber workforce shortage needs. States like Florida and Georgia have invested heavily in cybersecurity. Through state-appropriated funds, the Georgia Technology Authority opened a $100 million Georgia Cyber Center which trains the next generation of professionals through education and real-world practice. It also supports companies focused on technology to strengthen online defenses. It is the result of a public/private partnership that includes universities, state government, U.S. military and the federal government. Florida launched a similar initiative with a $16 million annual state-funded appropriation. In 2022, the Florida governor announced another $20 million investment for cybersecurity.

Senator Katie Fry Hester (D, Howard/Montgomery), the sponsor of the Cyber Maryland Program bill, believes that a $36 million to $40 million investment is required for the state to adequately address the workforce shortage and to accelerate what the state is already doing. However, she is hoping for $20 million in earmarked funds given state budget constraints.

“We are already investing $20 million in a plethora of workforce development and education initiatives through various cyber programs in the state. Cyber Maryland will look through what we are already doing, determine if it’s producing the results we want, and then determine if we can redirect funds if need be,” Senator Hester said.

But, Hester said, the Cyber Maryland Program was designed so that funding can come from various sources, not just state money. The team is looking at federal grant money, partnerships through MOUs with local cybersecurity leaders, like Lockheed Martin and Northrup Grumman, and smaller cybersecurity companies.

Hester sees the Cyber Maryland Program as both an economic and security issue.

“My driving force is protecting Marylanders. Our cyber infrastructure is a lot like our transportation infrastructure. No one really thinks about the roads and bridges until they fail. Cybersecurity is similar, if there’s an attack, it can really impact life. This bill is really about getting these critical jobs filled. We need certified information systems professionals and other key players to make this infrastructure work,” she said.