DOD wants cyber apprenticeships for contractors, but acquisition regs may remain an obstacle

The Defense Department is encouraging the use of cybersecurity apprenticeships within its walls and in the defense industrial base, an effort in line with a broader apprenticeship push by the Biden-Harris administration. 

But some contractors say that education and experience requirements are still commonplace in federal contracts and make it difficult for companies to utilize workers without those qualifications.

Registered apprenticeships — training programs that are validated by the Department of Labor or state-level apprenticeship agencies — are meant to be an alternative entryway into cybersecurity work. Traditionally, educational attainment, years of experience and certifications have been the price of admission into the field, as opposed to apprenticeships and other on-the-job training programs.

A Nov. 15 joint memo from William LaPlante, Undersecretary of Defense for Acquisition and Sustainment, and John Sherman, DOD Chief Information Officer, says that the department “must” consider applicants with “training, industry certifications, on-the-job training or apprenticeship programs.”

LaPlante and Sherman added that DOD will “encourage” the defense industrial base to do the same.

“Removing formal education-rooted barriers, combined with the use of apprenticeships programs, provides a faster pipeline to acquire talent, increases the talent pool and enhances diversity by allowing applicants to enter the workforce throughout nontraditional pathways,” the memo said.

The memo landed just as the Labor and Commerce departments were wrapping up a 120-day cybersecurity apprenticeship sprint that saw 194 programs being or already developed both in and out of government, alongside expansions of existing apprenticeship programs, according to the White House. 

The recent memo also notes that the Federal Acquisition Regulation, the government’s primary purchasing rules, specifies that solicitations and contracts for IT services shouldn’t routinely describe any minimum experience or educational requirements. 

But in practice, “they often do,” said Stephanie Kostro, executive vice president for policy at the Professional Services Council, a trade association for government tech and professional services contractors. 

Kostro said experience and education requirements can be baked into labor categories, for example. “This is an evergreen problem,” she added.

Tech company and government contractor IBM pointed out the issue recently in its response to a request for information on the cyber workforce from the White House Office of the National Cyber Director.

“Currently federal contractors, like IBM, are rarely able to place an individual without a four-year degree on a technology services contract, regardless of their qualifications. Federal agencies tend to require educational degrees despite the reality that many roles can be well staffed by individuals without degrees,” the IBM response said.

IBM partner Timi Hadra — who leads the company's government efforts for its technology skills gap initiative, dubbed New Collar — told FCW via email that traditional degrees for contract cyber staff often remain the preferred requirement on the ground, despite whatever flexibility the FAR may offer agencies.  

"IBM reviews hundreds of federal IT contracts each year. Four-year degree requirements are still the prevalent contracting behavior, despite the section of the FAR which DoD cites," she said. "This impacts the number of apprenticeships we can offer in our federal business because we don't have assurance that they’ll be placed."

The problem extends beyond DOD into other federal agencies, and ultimately impacts the willingness of contractors to front cyber apprenticeship programs, Kostro told FCW.

“There's not a real incentive for companies to create or leverage apprenticeship programs because they wouldn't necessarily be able to apply those employees against the contracts,” she said. “Time will tell, but right now, I think companies are a little bit leery of pivoting completely to apprenticeships when it's not entirely clear that there will be a need for them in solicitations.”

When asked about IBM’s description of the issue, DOD spokesperson Cmdr. Jessica McNulty told FCW in an email that “the Department of Defense supports the Biden Administration's registered apprenticeship program commitment, and are continuing to make changes to accept qualified graduates of these programs."

DOD does sponsor the largest cybersecurity registered apprenticeship program within its United Services Military Apprenticeship Program, which the Labor Department and Pentagon stood up in early 2022.

The Labor Department has also been working with other federal agencies on cyber apprenticeship programs, FCW reported in September. The Department of Veterans Affairs created a new apprenticeship program that will bring on around 10 apprentices in February 2023, the White House says.

The push towards apprenticeships comes as the government and industry alike continue to confront a shortfall of cybersecurity workers. Currently, there are over 769,000 cyber job openings nationally, according to Cyberseek.

“Attracting cybersecurity professionals continues to fall short of demand,” the DOD memo says. “Closing the talent gap in both DOD and the DIB is critical to strengthen and safeguard our nation's cybersecurity.”