Cyber PIVOTT Act reintroduced to address critical cybersecurity workforce gaps

Mark E. Green, a Republican representative from Tennessee and the chairman of the U.S. House Committee on Homeland Security, reintroduced the Cyber PIVOTT Act to address America’s cybersecurity workforce shortage amid increased threats to the government networks and critical infrastructure. Mike Rounds, a Republican Senator from South Dakota will introduce companion legislation in the Senate. 

Titled ‘Providing Individuals Various Opportunities for Technical Training to Build a Skills-Based Cyber Workforce Act of 2025,’ also known as the Cyber PIVOTT Act, the legislation was first introduced by Green during the 118th Congress, aims to address the growing demand for skilled cybersecurity professionals by establishing a full-scholarship program. Modeled after the ROTC (Reserve Officers’ Training Corps)framework, the initiative will provide scholarships for two-year degrees, primarily at community colleges and technical schools, in exchange for a commitment to government service.

The program will be administered by the Cybersecurity and Infrastructure Security Agency (CISA) and will require recipients to serve at the federal, state, local, tribal, or territorial levels upon completion of their degrees. By creating a pipeline of highly trained cybersecurity professionals, the Cyber PIVOTT Act seeks to strengthen the nation’s cyber defenses and build a more resilient, skills-based workforce to meet the challenges of an increasingly digital world.

The Cyber PIVOTT Act comes at a time when roughly 500,000 cybersecurity jobs in the U.S. are vacant, while the average cost of a data breach in the nation amounts to US$9.36 million, almost double that of the global average. Cyberattacks on critical infrastructure globally increased 30 percent in 2023, while cyberattacks on state and local governments increased from 2022 to 2023.

Among workers surveyed, 57 percent say staffing shortages puts them at a ‘moderate or extreme risk of cybersecurity attacks.’ In a national survey, 75 percent of cyber workers said the ‘current threat landscape is the most challenging it has been in the past five years. Federal cyber workers tend to have a longer tenure, with an average length of service of 14 years.

The Cyber PIVOTT Act targets entry-level cyber talent, including those who would like to ‘pivot’ their careers. The program maximizes CISA’s existing resources, relationships with the public and private sectors, and expertise to address the current skills gap between education and work. It also expedites the pathway into government service at any level, including positions that require a security clearance, while providing ample opportunities for upskilling and reskilling after completion of the program.  

The legislation is set to make important service exemptions for military members who would like to build cyber skills but have already served their country. It also provides a pathway to begin training 10,000 cyber professionals per year while seeking to provide additional Department of Homeland Security (DHS) support to the CyberCorps Scholarship for Service Program.  

Cosponsors from the House Committee on Homeland Security include Michael Guest, a Republican from Mississippi; Carlos Gimenez, a Florida Republican; Clay Higgins, a Louisiana Republican; Dale Strong, an Alabama Republican; Sheri Biggs, a South Carolina Republican; and Gabe Evans, a Colorado Republican. John Moolenaar, Select Committee on the Chinese Communist Party Chairman and a Michigan Republican; Hal Rogers, a Kentucky Republican; and Mike Ezell, a Mississippi Republican are also cosponsors.

The Cyber PIVOTT Act is supported by Palo Alto Networks, Business Software Alliance (BSA), the Internet Security Alliance, Foundation for Defense of Democracies, R Street Institute, the International Information System Security Certification Consortium (ISC2), the National Rural Electric Coop Association (NRECA), Forescout Technologies, Peraton, the Cyber Innovation Center and CYBER.ORG, the U.S. Chamber of Commerce, Ivanti, the McCrary Institute, Information Technology Industry Council (ITI), the American Association of Community Colleges (AACC), Advocacy Blueprints, Microsoft, Darktrace, and the Special Competitive Studies Project.

“After numerous alarming intrusions into government networks and critical infrastructure, today’s reintroduction of the Cyber PIVOTT Act alongside Senator Rounds could not come at a more consequential time,” Green said in a Wednesday media statement. “With half a million vacant cybersecurity positions in the country, the threats facing our nation in cyberspace are far too urgent and sophisticated for our current cybersecurity workforce to combat.”

He added that for far too often, cybersecurity can be a daunting industry for students and mid-career professionals to break into, creating a dangerous challenge for businesses, institutions, or agencies that work to protect the digital infrastructure Americans rely on every day.

“My legislation would open doors for professionals who are hoping to ‘pivot’ to the cybersecurity field but might not have access to, or want to pursue, a traditional four-year degree,” according to Green. “By equipping up to 10,000 cyber professionals per year with industry-relevant skills and a foot in the door for valuable government experience, these scholarships will have a return on investment for both the public and private sectors.” 

Green also noted that America’s cyber adversaries are watching. “With bipartisan agreement on the need to secure our networks and essential support from partners in academia and industry, we must build on the momentum of last Congress and get this to the president’s desk.”

Earlier this year, the Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA) said that they were working to amend the Federal Acquisition Regulation (FAR) to incorporate the NICE Workforce Framework for Cybersecurity (NICE Framework), National Institute of Standards and Technology (NIST) Special Publication 800-181 and additional tools. The framework describes cybersecurity workforce knowledge and skill requirements used in contracts for information technology support and cybersecurity support services in line with Executive Order (EO) 13870 to enhance the cybersecurity workforce.