The report, “Unlocking Potential: Empowering Reentry through Cybersecurity Training,” released Wednesday, suggests vocational cybersecurity training programs in correctional facilities could help fill critical gaps in the public sector’s cyber workforce.
The cybersecurity field is facing an alarming talent shortfall, with about 265,000 cybersecurity job openings according to the report, but only enough qualified workers to fill around 83 percent of them. If the gap keeps growing, by 2025 this shortage could lead to more than half of all significant cybersecurity incidents.
An estimated 600,000 individuals are released from state and federal prisons each year, and more than 9 million from local jails. Many — particularly those convicted of nonviolent, low-level offenses — struggle to rebuild their lives due to limited education and work experience.
NASCIO’s report explores how targeted cybersecurity training could provide meaningful career paths for those people, reduce recidivism and diversify the cyber talent pipeline, while strengthening state and local governments’ capacity to respond to evolving cyber threats.
“Unique problems like the cybersecurity workforce gap require innovative solutions, and NASCIO champions innovation in technology,” Kalea Young-Gibson, a NASCIO policy analyst, said. “This solution is two-pronged, boosting the cyber workforce while advocating for low-level, nonviolent offenders to take full advantage of their second chance.”
The strategy comes at a crucial moment, especially for state and local leaders grappling with the realities of a shrinking cyber workforce. Over forty percent of state CISOs ranked staffing among their top five challenges in NASCIO's latest study with Deloitte.
Utilizing this often overlooked population could be part of the solution. Young-Gibson pointed to Kentucky as a notable example of how states can harness re-entry initiatives to address workforce shortages and support successful reintegration.
Kentucky Gov. Andy Beshear launched a statewide initiative in April to help incarcerated people re-enter society with access to work opportunities, education and recovery support. With training in fields like plumbing, HVAC repair, commercial driving and construction, the program aims to provide marketable skills that facilitate employment and reduce the likelihood of reoffending.
The NASCIO report encourages policymakers to take a deeper look at the social impact of re-entry programs, including how they can build public trust and improve outcomes.
“The first thing state and local leaders can do is take some time to confront their own potential biases regarding justice-involved people and have meaningful conversations about it with all viable stakeholders,” Young-Gibson said.
As an early step, the report suggests assessing the re-entry programs already in place and using that foundation to create a relevant and effective curriculum. A next step could be building strong partnerships, especially with correctional facilities that can host in-prison training programs. When those are in place, securing funding should be the next priority, to help drive the strategy forward.
From there, the report said, states should focus on providing pre-release training to prepare people before their release; it highlighted the Department of Labor’s LEAP initiative as an example. And the report noted the need for post-release training programs, offering a road map for participants to demonstrate their skills and dependability. The final step in NASCIO’s model emphasized evaluation and follow-up to make sure programs stay effective and evolve.
The report offers clear guidance for implementation but, Young-Gibson said, one of the most crucial elements isn’t a policy or a program — it’s a mindset.
“The top best practice is open-mindedness,” Young-Gibson said. “No program like this can be successful if we continue to give life to the stigma surrounding justice-involved people. Other best practices include mentorship being a part of any cyber vocational program so that people can learn the necessary interpersonal skills, along with the technical cyber skills.”
With the right support, many of those returning from incarceration could potentially join the digital front lines — protecting state systems from growing cyber threats while stabilizing their own lives and communities, according to the NASCIO policy analyst.
“The report lays the foundation for the next steps in this process, and we hope that it starts the conversation about exploring new ways to address the cyber workforce gaps while moving forward as a society,” Young-Gibson said.
