According to a late 2023 CyberSN study, the number of cybersecurity job postings in the U.S. decreased by 22% from the previous year. At the time it was attributed to a move away from proactive threat analysis and mitigation, with a greater focus on immediate threat response. There are now warnings that the recent downsizing of the U.S. government could result in a hiring freeze for cybersecurity positions in some key agencies.
“A hiring freeze that precludes federal agencies from filling cybersecurity positions risks the security of federal networks and may prevent sector risk management agencies from fulfilling their obligations to help defend critical infrastructure,” lawmakers on the House Homeland Security Committee wrote in a letter to acting Office of Personnel Management Director Charlez Ezell earlier this month.
The lawmakers further warned that “reckless attacks on federal workers risk reversing recent progress in addressing the federal government’s cyber workforce shortage.”
Serious Security Concerns
Though the goal of the cutbacks implemented by the newly created Department of Government Efficiency (DOGE) was meant to curb government waste, those in cybersecurity positions are now among the employees facing the chopping block.
Willy Leichter, chief marketing officer for AppSOC told ClearanceJobs that the cuts couldn’t be happening at a more precarious time for government cybersecurity.
“China and other countries have been ramping up attacks, already targeting many of the same networks, stealing data, and planting the tools to cripple our critical infrastructure,” Leichter explained. “If this type of activity happened in the private sector, with this level of highly sensitive and regulated information, we would be talking about massive fines and personal criminal liability for all the actors involved.”
Years Worth of Work Being Undone
There are also growing concerns that years of effort that has been put into developing robust cybersecurity could be undone in very short order if too many positions are cut, but also if prior openings remain unfilled.
“For any organization, the process of securing data is often developed over years, taking in myriad perspectives to ensure confidential data is minimally accessible, and that logging can recreate a picture of accessed data, or data in transit when required,” said Evan Dornbush, former NSA cybersecurity expert.
Dornbush added that the efforts to curb government waste are important and have merit, what isn’t so clear is whether this has the correct infosec strategy – the plan that outlines how an organization will protect its information from threats. At issue is that there are now fewer people charged with even maintaining what could be a treasure trove to hackers and foreign actors.
There are also concerns that DOGE may have more data than it can properly maintain and secure. Coupled with the lack of personnel, this is a perfect storm for something very bad to happen.
“The data may need to be destroyed, all inappropriate access revoked, and the highly trained government custodians need to be allowed to return to work and do their jobs,” Dornbush told ClearanceJobs.
Threat Actors Are Getting Better
Another concern is that America’s adversaries could use some of the chaos that is being created as an opportunity to mount strikes. Some could be carried out in the short term, but others could prepare for a “long game,” as there may not be enough people paying attention to the government networks. That could allow threat actors to set up future attacks.
“We’re at a critical and dangerous period with cybersecurity, especially in the government sector, and any cuts seem ill-advised. We’re giving a huge gift to our adversaries,” warned Leichter.
The other component is which positions are being cut.
“If you don’t know what you’re cutting then they are already going too deep. We need to be expanding our cybersecurity infrastructure and expertise – not cutting it,” said Leichter. “Any changes need to be based on a careful and realistic evaluation of the current threats, trends, and defensive capabilities. Reassigning experts to fill gaps makes perfect sense, but blanket cuts are reckless and dangerous.”
The final consideration is that due to fears of job security, the best talent could opt to head for the private sector and those now entering the workforce may opt to not even consider looking at opportunities in the federal government. That could make it especially challenging to fill positions for years to come.
“Our government cyber experts are highly trained and often under-compensated,” Leichter continued. “The current climate is demoralizing to anyone committed to the cause, and the effects of the cuts will go far beyond the people let go, as smart, capable people will be heading for the exits regardless of who it initially cut.”
