Introduction
The Cybersecurity Workforce Data Initiative (CWDI) exists to assess the feasibility of producing national estimates and statistical information on the cybersecurity workforce as mandated by the CHIPS and Science Act of 2022 (Section 10317). The National Center for Science and Engineering Statistics (NCSES), the federal statistical agency within the National Science Foundation (NSF), is leading the work in collaboration with their contractor, RTI International, to describe the cybersecurity workforce, which includes individuals trained and educated in cybersecurity and working in the cybersecurity field in the United States.
Cybersecurity is considered a critical part of national security and the larger national workforce. In addition to NSF, the Department of Defense, the White House, the Office of Management and Budget, and the National Institute of Standards and Technology (NIST) all have initiatives related to the importance of cybersecurity and developing the cybersecurity workforce. The discipline, workforce, and practice of cybersecurity continue to evolve rapidly, presenting challenges for those who seek to measure and understand a field that has become central to our national security. The CWDI is set up in several stages in order to better understand the cybersecurity workforce, including who is in the cybersecurity workforce, what those individuals do, and how they are trained.
Each stage of the CWDI is explained in more detail below. As these activities progress, updates will be posted to this page.
Authorizing Legislation
On 9 August 2022, President Biden signed the CHIPS and Science Act of 2022 into law. The legislation authorized NSF, in coordination with the Director of the NIST and other appropriate federal statistical agencies, to establish a CWDI that
- Assesses the feasibility of providing nationally representative estimates and statistical information on the cybersecurity workforce
- Utilizes the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NIST Special Publication 800–181), or other frameworks, as appropriate, to enable a consistent measurement of the cybersecurity workforce
- Utilizes and complements existing data on employer requirements and unfilled positions in the cybersecurity workforce
- Consults key stakeholders and the broader community of practice in cybersecurity workforce development to determine data requirements needed to strengthen the cybersecurity workforce
- Evaluates existing federal survey data for information pertinent to developing national estimates of the cybersecurity workforce
- Evaluates administrative data and other supplementary data sources, as available, to describe and measure the cybersecurity workforce
- Collects statistical data, to the greatest extent practicable, on credential attainment and employment outcomes information for the cybersecurity workforce
Project Stages
Please come back to the Project Stages section for updates as these activities progress.
1. Scan existing definitions and data
As a first step of the CWDI, we will conduct a comprehensive landscape scan. Some activities will include
- Evaluating existing cybersecurity workforce definitions (598 KB)
- Assessing cybersecurity workforce supply and demand (783 KB)
- Evaluating existing federal survey data related to the cybersecurity workforce (870 KB)
- Exploring existing administrative data or other supplementary data sources related to the cybersecurity workforce (1.1 MB)
These activities took place between fall 2023 and summer 2024.
2. Organize stakeholder interviews and workshops
As a second step of the CWDI, we will be conducting approximately 30 stakeholder interviews. Approximately half the interviews will be focused on gathering information on the types of professionals included in the cybersecurity workforce. The other half will be focused on current information gaps and needs in cybersecurity workforce data. Additionally, we will hold three large workshops on important topics related to cybersecurity workforce data. These workshops will be open to the public and used for information gathering to inform a future cybersecurity workforce data collection.
The stakeholder interviews will begin in January 2024, and the workshops will take place in late spring 2024. To learn more about the CWDI workshops and register to attend, please click below.
The stakeholder interviews will begin in January 2024, and the workshops will take place in late spring 2024. To learn more about the CWDI workshops and register to attend, please click below.
3. Prepare research questions for the survey
If the scan of existing definitions and the stakeholder interviews and workshops indicate that there is a need for a new data collection focused on the U.S. cybersecurity workforce, CWDI will move to the third step, preparing for a future CWDI survey. Some activities include
- Developing high-priority research questions and analytical products that a future survey should be able to answer
- Developing a draft survey questionnaire
- Conducting cognitive testing on the draft survey module
These activities will take place between spring 2024 and summer 2025.
4. Conduct the pilot study
As a final step of the CWDI, if earlier steps indicate the need for a new data collection, we will be conducting a pilot study to collect information on the cybersecurity workforce. This pilot will be informed by earlier study activities, such as evaluating existing federal and administrative data and preparing high-priority research questions, to maximize the utility of the study for future data users.
The pilot study will be used to inform a potential future full-scale CWDI data collection. This activity will take place between summer 2025 and summer 2026.
Contact Information
CWDI
NCSES-CWDI@nsf.gov
NCSES-CWDI@nsf.gov