As cyberattacks from hostile nation-states intensify, security leaders argue the United States needs a bold, postwar-style response — a virtual academy to train the next generation of cyber defenders at scale.
A Cyber Crisis Framed as National Defense
The United States faces a challenge that cybersecurity experts now describe in terms of national security rather than just technical aspects. Digital attacks from hostile nations have become constant, sophisticated, and deeply rooted in everyday operations across government agencies, utilities, healthcare systems, financial institutions, and private companies.
According to a leading industry alliance focused on cybersecurity and public policy, the threat environment has reached a breaking point. The group argues that small fixes, such as new tools, higher budgets, and scattered training initiatives, are insufficient. What is needed is a broad response, similar to how the U.S. prepared for new types of warfare in the past.
Their proposal is a federally supported virtual cybersecurity academy aimed at training cyber defenders for government service on a large scale.
The comparison they make is clear and striking. After World War II, the United States recognized that air power had fundamentally changed warfare. The response was decisive: the establishment of dedicated military academies to ensure a steady flow of trained professionals capable of defending the nation in this new arena.
Today, advocates claim that digital conflict marks a similar turning point.
Digital Conflict Has Become a Permanent Condition
Cyber conflict is no longer occasional or limited to espionage. Security analysts describe it as ongoing, industrialized, and well-funded. Adversarial governments invest heavily in offensive cyber capabilities, targeting not only military networks but also civilian infrastructure and private companies.
The concern is real.
Every critical infrastructure sector—energy, transportation, healthcare, communications, water, finance—relies on interconnected digital systems. Even brief disruptions can have serious consequences. Yet defenders are still outnumbered.
Despite years of increased spending on cybersecurity, the workforce gap continues to grow. Estimates indicate that between 500,000 and 750,000 cybersecurity positions remain unfilled nationwide. Within the federal government alone, tens of thousands of jobs are vacant.
Advocates for a national academy argue that this gap is a strategic vulnerability. Technology investments lose value without skilled professionals to deploy, monitor, and defend them.
Why Existing Programs Aren’t Enough
The U.S. government supports several initiatives aimed at building cybersecurity talent. Scholarship-for-service programs, university partnerships, and agency-specific training pipelines contribute to the workforce.
Critics argue that these efforts are scattered, underfunded, and inadequate compared to the scale of the threat.
Most programs only train limited groups each year, often tied to specific institutions or agencies. While valuable, they cannot realistically produce the number of skilled professionals needed across federal, state, and local governments, not to mention the private sector that supports national infrastructure.
Supporters of a virtual academy contend that the country requires a centralized, scalable model—one that standardizes training while remaining flexible enough to serve various roles and agencies.
The Economic Case for a Cyber Academy
Beyond national security, proponents highlight a financial argument.
Under the proposed model, graduates from the academy would commit to a period of government service, earning salaries comparable to those of graduates from traditional military academies during their service commitment. These salaries are significantly lower than what the government often pays external contractors for similar cybersecurity work.
Supporters argue that this difference effectively offsets the cost of training.
In other words, the government would receive years of skilled cybersecurity labor at a fraction of current market rates, making the academy a self-sustaining investment over time.
Once graduates complete their service, many are likely to move into private-sector roles. From there, they would continue to protect systems critical to national security, extending the return on investment well beyond their time in government.
Legislative Momentum and the PIVOTT Proposal
Funding for such an academy could coincide with existing legislative efforts to strengthen the federal cyber workforce.
One proposed law before Congress aims to train thousands of cyber professionals each year for public service positions. Supporters of the academy view this legislation as a potential foundation—a way to implement workforce development on a large scale rather than through isolated programs.
Industry leaders argue that legislation alone is not sufficient. Training must be modern, practical, and aligned with the tools defenders actually use.
New automation, artificial intelligence, and modern detection platforms increasingly shape how cybersecurity teams function. Without exposure to these technologies, new recruits risk starting their careers at a disadvantage.
Technology as a Force Multiplier, Not a Replacement
Experts warn that the goal is not to replace human defenders with automation but to enhance their effectiveness.
AI-driven security tools can reduce alert fatigue, speed up investigations, and reveal patterns that humans might overlook. However, these tools still require skilled operators who understand adversarial behavior, system architecture, and organizational risk.
Supporters of the academy maintain that training programs must adapt alongside technology. Teaching outdated workflows or purely theoretical concepts would diminish the initiative’s credibility and impact.
A modern cyber academy, they assert, should produce professionals capable of working with advanced systems—not competing against them.
Concerns About Fragmentation and Funding
Not all experts are convinced that establishing a new academy is the right approach.
Some caution that adding another federal program could further fragment an already complex training landscape. Existing initiatives grapple with limited funding and coordination. Without careful planning, a new academy could dilute resources instead of improving outcomes.
Critics also emphasize that cybersecurity education often needs in-person components. Certain skills—especially those related to teamwork, crisis response, and coordination—are challenging to teach entirely online.
A purely virtual model, they argue, risks prioritizing convenience over effectiveness.
The Case for a Hybrid Model
Proponents argue that the discussion shouldn’t be about virtual versus physical, but rather about how to combine the strengths of both.
A hybrid academy could eliminate geographic barriers while maintaining hands-on training through virtual labs, simulations, and limited in-person elements. Advances in cloud-based environments allow trainees to practice defending realistic enterprise networks without the need for physical facilities.
Supporters envision an academy structured around:
- Core coursework in network security, incident response, threat intelligence, and secure system design
- Specialization tracks in areas such as cloud security, industrial control systems, offensive security, and AI-driven threats
- Live virtual labs simulating real-world attack scenarios
- Capstone projects conducted with government or critical infrastructure partners
They argue that such a model could scale faster than traditional classroom education while ensuring rigor.
Avoiding the “Certificate Mill” Trap
One of the main critiques of current cybersecurity training programs is the overproduction of credentials without adequate experience.
The industry faces an abundance of entry-level candidates holding certificates but lacking real-world exposure. Many struggle to find jobs, while employers continue to report shortages of experienced professionals.
Any national academy, critics say, must avoid becoming another certificate mill.
Rigor is crucial. This includes demanding assessments, real-world simulations, mentorship from practicing professionals, and clear performance standards. Graduates should emerge clearly capable of defending complex systems—not merely knowledgeable about them.
Do We Need More Entry-Level Workers?
Some industry experts challenge the notion that the problem is solely numerical.
They argue that cybersecurity already has enough junior talent but lacks pathways for developing mid- and senior-level expertise. Advanced tools increasingly automate tasks that used to be assigned to entry-level staff, reducing the value of basic roles.
From this point of view, large-scale training initiatives focused mainly on entry-level education risk misaligning supply and demand.
Critics favor apprenticeship-style models that stress progression, mentorship, and hands-on experience within real organizations.
Training Alone Won’t Solve the Problem
Even supporters of a cyber academy recognize that education is only part of the solution.
Workforce shortages are worsened by burnout, unclear career paths, and the relentless pace of modern cyber defense. Retention is as important as recruitment.
Without ongoing investment in working conditions, tools, and organizational support, newly trained professionals may quickly leave government jobs—undermining the academy’s goals.
Cybersecurity as a Shared Responsibility
A common theme in the debate is the understanding that national cybersecurity cannot be treated as a separate government function.
Private companies operate much of the infrastructure that adversaries target. Therefore, public-private collaboration is essential. Training programs must reflect this reality, preparing professionals to work across organizational boundaries.
Advocates claim that a national academy could help standardize expectations, terminology, and practices—reducing friction between sectors during crises.
A Wake-Up Call for Policymakers
Supporters describe the push for a cyber academy as a warning rather than a guarantee.
Without decisive action, they argue, the gap between attackers and defenders will continue to grow. Nation-state adversaries face no similar workforce constraints and can operate with fewer legal and ethical limits.
Cybersecurity, once viewed as an IT issue, has become a strategic pillar of national power.
The question facing policymakers is whether the United States will respond with small adjustments or with the kind of significant investment made when earlier generations dealt with new forms of warfare.
For proponents of a national cyber academy, the choice is clear. The digital battlefield is already here. The only remaining question is whether the country will train enough defenders to meet it.
