119-HR-1034 Investigative Journalist Impact Analysis

Summary

H.R. 1034 would create a voluntary on‑the‑job (OJT) cybersecurity training program inside DHS, directed by CISA’s Director and coordinated with DHS Management. It leans on existing curricula (e.g., CISA’s Federal Cyber Defense Skilling Academy) and the NIST NICE Framework, with seven years of reporting on participation, hiring outcomes, and metrics. Net effects should be incremental skill growth and a clearer pipeline into cyber roles, but real impact depends on data quality, targeted placement, and oversight. No CBO cost estimate exists as of November 22, 2025. Overall stance: neutral. [1]Congress.gov — Text - H.R.1034 (119th): DHS Cybersecurity On-the-Job Training P…[2]CISA (DHS) — Federal Cyber Defense Skilling Academy[3]NIST — NICE Workforce Framework for Cybersecurity[7]Congress.gov — H.R.1034 — Overview and Actions

Economic Effects

What changes for budgets, employment, assets, and markets.

• Vacancy relief potential: DHS reported employing 8,000+ cyber professionals yet carrying ~2,000 cyber vacancies in 2024 testimony. Structured OJT could modestly shrink time‑to‑competency if paired with placements into coded roles. [8]Congress.gov — Senate Report 118-238: Federal Cyber Workforce Training Act of 2…
• Risk‑adjusted loss mitigation: Breach costs averaged $4.88M globally in 2024, and understaffed security teams incurred ~$1.76M higher breach costs—suggesting any reduction in staffing gaps can yield avoided losses. [9]IBM Newsroom — IBM Report: Escalating Data Breach Disruption Pushes Costs to Ne…
• Labor market context: U.S. employers posted ~514,359 cyber job listings over the past 12 months, indicating sustained demand; DHS training may slightly ease agency competition for talent by converting internal staff. [4]NIST — New CyberSeek Updates Reveal 57,000 Increase in Cybersecurity Job Openin…
• Budget clarity: Congress.gov lists no CBO score; near‑term costs likely come from staff time, mentors, and course delivery. Leveraging the 100%‑virtual Skilling Academy may contain delivery costs relative to building new programs. [7]Congress.gov — H.R.1034 — Overview and Actions[2]CISA (DHS) — Federal Cyber Defense Skilling Academy
• Contracting exposure: Agencies lack reliable data on cyber workforce size/cost, especially contractors. Without better measurement, DHS cannot confidently assess whether OJT reduces contractor spend or simply shifts costs. [5]U.S. GAO — Cyber Workforce: Actions Needed to Improve Size and Cost Data (GAO-2…

Social Effects

Implications for DHS employees, communities, and vulnerable groups.

• Workforce mobility and inclusion: The program opens a pathway for non‑cyber DHS staff; CISA’s Skilling Academy already allows full‑time federal employees from any series to apply (priority to FCEB agencies), expanding access beyond traditional degree pipelines. [10]CISA (DHS) — Federal Cyber Defense Skilling Academy Pathways (eligibility & sch…
• Apprenticeship‑style evidence: Growth in registered cybersecurity apprenticeships suggests structured, mentored pathways can scale; DOL/NIST reported a 254% five‑year increase to ~61,000 participants by 2023. [11]Web search · turn 4 #8
• Retention levers and obligations: OPM authorizes continued service agreements (CSAs) up to 3× the training length—useful to protect DHS’s training investment but with repayment obligations that affect worker mobility. [12]U.S. Office of Personnel Management — OPM: Continued Service Agreements (policy)
• Burnout and staffing strain: Two‑thirds of practitioners reported shortages and budget pressure in 2024, linking under‑resourced teams to higher risk of turnover; OJT may relieve strain if placements keep pace with attrition. [13]ISC2 — ISC2 2024 Cybersecurity Workforce Study
• Placement caution: Prior federal reskilling pilots showed skills gains but uneven immediate placement into cyber jobs—underscoring that training must be tightly coupled to hiring authorities and vacancy backfills. [14]Nextgov/FCW — Cyber Reskilling Grads: Skills Gained, Jobs Pending (2019)

Environmental Effects

Sustainability, resource use, and emissions.

• Delivery model: CISA’s Skilling Academy is 100% virtual, limiting travel and facility use for many cohorts—suggesting lower marginal environmental impact for training delivery at DHS. [2]CISA (DHS) — Federal Cyber Defense Skilling Academy
• Evidence base: Studies of distance/online learning often find large per‑student energy and CO2 reductions versus campus‑based formats (≈85–90%), driven mainly by avoided travel and residential energy. [15]Open University (ORO) — Open University (ORO): Energy and Carbon Impacts of Dis…
• Nuance: A 2025 industrial training study found online training produced ~15% higher per‑participant CO2e than in‑person due to HVAC/electricity patterns—i.e., outcomes depend on context, load, and facilities. [16]Chemical Engineering Transactions — Evaluating Carbon Emissions from In-person…

Temporal Analysis

How impacts differ in the short vs. long term.

1. 0–18 months: Standing up cohort cadence, mentor capacity, and selection criteria; expect modest immediate effect on vacancy counts. Past federal reskilling cohorts showed delays converting graduates to cyber billets absent aligned hiring actions. [14]Nextgov/FCW — Cyber Reskilling Grads: Skills Gained, Jobs Pending (2019)
2. 18–60 months: If DHS ties OJT to vacancy pipelines, CSAs, and NICE‑coded roles with clear performance metrics, placements could reduce persistent gaps (e.g., OT competencies) and lower breach‑related disruption costs. [17]U.S. GAO — GAO-24-106576: OT Cybersecurity—Staffing Requirements at CISA (Recom…[9]IBM Newsroom — IBM Report: Escalating Data Breach Disruption Pushes Costs to Ne…
3. Oversight window (7 years): The bill mandates annual reporting on participation, hiring outcomes, and vacancy status, creating a runway to iterate—but results will hinge on fixing data quality gaps first. [1]Congress.gov — Text - H.R.1034 (119th): DHS Cybersecurity On-the-Job Training P…[5]U.S. GAO — Cyber Workforce: Actions Needed to Improve Size and Cost Data (GAO-2…

Unintended Consequences

Risks or side effects visible in the record.

• Train‑and‑drain risk: The bill permits training other federal employees; if participants aren’t bound by CSAs to DHS components, DHS may underwrite skills that later exit to other agencies or the private sector. [1]Congress.gov — Text - H.R.1034 (119th): DHS Cybersecurity On-the-Job Training P…[12]U.S. Office of Personnel Management — OPM: Continued Service Agreements (policy)
• Backfill strain: Moving non‑cyber staff into OJT can widen gaps in originating offices unless workforce plans and backfills are synchronized—an area where DHS has faced recurring strategic‑planning weaknesses. [18]DHS OIG / Oversight.gov — OIG-24-64: Recurring Challenges with DHS Strategic Pl…
• Data/metrics fragility: Agencies lack reliable baselines on cyber workforce size and cost (especially contractors), complicating ROI measurement for OJT. NICE coding helps, but standardization is uneven. [5]U.S. GAO — Cyber Workforce: Actions Needed to Improve Size and Cost Data (GAO-2…
• Capacity constraints: CISA prioritizes FCEB participation and notes funding‑contingent schedules; if demand outstrips slots, cohorts may bottleneck and delay impact. [10]CISA (DHS) — Federal Cyber Defense Skilling Academy Pathways (eligibility & sch…

Assessment

Analytical stance: neutral. The bill is structurally sound—aligning to NICE, leveraging an existing virtual academy, and mandating seven years of metrics—but its benefits will materialize only if DHS couples training with disciplined vacancy targeting, CSA‑backed retention, and rigorous controls addressing known oversight failures and data gaps. [1]Congress.gov — Text - H.R.1034 (119th): DHS Cybersecurity On-the-Job Training P…[2]CISA (DHS) — Federal Cyber Defense Skilling Academy[12]U.S. Office of Personnel Management — OPM: Continued Service Agreements (policy)[6]DHS OIG — CISA Mismanaged Cybersecurity Retention Incentive Program (OIG-25-38)[5]U.S. GAO — Cyber Workforce: Actions Needed to Improve Size and Cost Data (GAO-2…

Key Metrics

Sources: CyberSeek/NIST; House/Senate materials; IBM Cost of a Data Breach 2024; DHS OIG. [4]NIST — New CyberSeek Updates Reveal 57,000 Increase in Cybersecurity Job Openin…[8]Congress.gov — Senate Report 118-238: Federal Cyber Workforce Training Act of 2…[9]IBM Newsroom — IBM Report: Escalating Data Breach Disruption Pushes Costs to Ne…[6]DHS OIG — CISA Mismanaged Cybersecurity Retention Incentive Program (OIG-25-38)

Sourcing

Selected references supporting the analysis.

• Bill text and status (actions, reporting requirements, CBO status). [1]Congress.gov — Text - H.R.1034 (119th): DHS Cybersecurity On-the-Job Training P…[7]Congress.gov — H.R.1034 — Overview and Actions
• Existing curriculum and delivery model (CISA Skilling Academy); eligibility and capacity notes. [2]CISA (DHS) — Federal Cyber Defense Skilling Academy[10]CISA (DHS) — Federal Cyber Defense Skilling Academy Pathways (eligibility & sch…
• NICE Framework role definition and coding. [3]NIST — NICE Workforce Framework for Cybersecurity
• Market demand for cyber talent (CyberSeek). [4]NIST — New CyberSeek Updates Reveal 57,000 Increase in Cybersecurity Job Openin…
• Breach cost and understaffing impact. [9]IBM Newsroom — IBM Report: Escalating Data Breach Disruption Pushes Costs to Ne…
• Federal cyber workforce practices and data-quality gaps (GAO). [19]U.S. GAO — Cybersecurity Workforce: Departments Need to Fully Implement Key Pra…[5]U.S. GAO — Cyber Workforce: Actions Needed to Improve Size and Cost Data (GAO-2…
• DHS cyber vacancies testimony (context). [8]Congress.gov — Senate Report 118-238: Federal Cyber Workforce Training Act of 2…
• OIG findings on CISA incentive mismanagement. [6]DHS OIG — CISA Mismanaged Cybersecurity Retention Incentive Program (OIG-25-38)
• Environmental claims on online vs. in‑person training. [15]Open University (ORO) — Open University (ORO): Energy and Carbon Impacts of Dis…[16]Chemical Engineering Transactions — Evaluating Carbon Emissions from In-person…
• Workforce burnout/shortages context (ISC2). [13]ISC2 — ISC2 2024 Cybersecurity Workforce Study
• Reskilling placement lag evidence. [14]Nextgov/FCW — Cyber Reskilling Grads: Skills Gained, Jobs Pending (2019)
• OT workforce competency needs at CISA (GAO). [17]U.S. GAO — GAO-24-106576: OT Cybersecurity—Staffing Requirements at CISA (Recom…