Cybersecurity workforce bill faces Trump's cuts, freezes

Republican lawmakers are advocating to expand the federal cybersecurity workforce, while President Donald Trump pushes for federal employee reductions.

A key feature of the proposed legislation, which was reintroduced this week, is to strengthen the government's cybersecurity efforts emphasizes two-year degree programs over four-year degrees, which critics view as barriers to addressing the growing demand for cybersecurity professionals.

However, the legislation, which aims to train 10,000 cybersecurity professionals annually, was quickly mired in controversy this week during a House Committee on Homeland Security hearing on the government's cybersecurity workforce needs. Critics of the hiring effort weren't necessarily opposed to the legislation, but to actions by Trump that will make hiring difficult, especially the federal workforce hiring freeze and promised labor force reductions. 

Before any of the committee's witnesses testified, Rep. Bennie Thompson (D-Miss.), the ranking committee Democrat, said the government workforce is in a "tailspin." Federal employees are left unsure about job security, receiving deferred resignation emails and hearing rhetoric questioning their value.

Hiring freezes are delaying the onboarding and recruitment of top cyber talent.

"Hiring freezes are delaying the onboarding and recruitment of top cyber talent," Thompson said. 

If passed, the bill would direct funds to cover tuition and fees for students pursuing cybersecurity degrees or technical certifications at community colleges. In exchange, students would commit to a mandatory two-year government service obligation. The cost of this program is not clear.

The work requirement at a federal, state or local job "cultivates a sense of community and service to the country, like the ROTC program," Rep. Mark Green (R-Tenn.), the chair of the House Committee on Homeland Security, said at the  hearing. The Reserve Officers' Training Corps is a college program that provides military training and tuition scholarships. 

The bill is called the Cyber PIVOTT Act, or Providing Individuals Various Opportunities for Technical Training to Build a Skills-Based Cyber Workforce Act of 2025. It was first introduced last year, but with Green as committee chair in the Republican House, the bill has a better chance of winning approval. 

Rob Rashotte, vice president of Fortinet's training institute, testified about the state of the cybersecurity workforce. He pointed to a recent study of cybersecurity professionals that found "the shortage of skilled cybersecurity workers is escalating security risks."

A major obstacle to expanding the cybersecurity workforce, Rashotte noted, is the over-reliance on four-year degrees by companies and government agencies as the primary qualification. He argued that many two-year programs now "effectively prepare students" with the necessary skills and industry certifications.

But Max Stier, president and CEO of the Partnership for Public Service, who also testified, said he recently heard from a scholarship recipient through another federal program, the CyberCorps Scholarship for Service. The recipient has had job offers rescinded after Trump imposed hiring freezes. 

Stier noted that the Department of Homeland Security reported that it had over 8,000 cybersecurity employees but 2,000 vacancies last June. "We need skills at all levels," he said. 

Patrick Thibodeau is an editor at large for Informa TechTarget who covers HCM and ERP technologies. He's worked for more than two decades as an enterprise IT reporter.