A professional sits at a desk, reviewing training program documentation focused on enhancing cybersecurity for water and wastewater utilities. The materials emphasize the importance of addressing cyber threats to protect critical infrastructure, aligning

Key Takeaways

  • Cybersecurity bootcamps can qualify for WFD cybersecurity funding, but eligibility is conditional—most states require programs to appear on an Eligible Training Provider List (ETPL) before WIOA funds can be applied.

  • Workforce development funding (WFD) typically refers to job training support under the Workforce Innovation and Opportunity Act (WIOA) and related state or local initiatives designed to connect learners with in-demand occupations.

  • Key programs supporting cybersecurity workforce development include the State and Local Cybersecurity Grant Program (SLCGP) and NSF-funded initiatives. These grant programs provide funding to eligible entities—such as state, local, and tribal governments, and certain public institutions—to strengthen cybersecurity skills and infrastructure.

  • New York has launched a $2.5 million SECURE grant program to help communities strengthen cyber defenses for critical water infrastructure.

  • New cybersecurity regulations for drinking water and wastewater systems have been announced in New York.

  • Cyber bootcamps are not automatically WIOA-approved nationwide; each state evaluates and approves specific programs based on performance metrics and labor market alignment.

  • Military spouses may access government funded cyber training through MyCAA if the program leads to a qualifying license, certification, or associate degree at a participating institution.

  • Both in-person and online cybersecurity bootcamps can be eligible, provided they meet state, local, or MyCAA documentation and approval requirements.

What Is Workforce Development Funding?

Workforce development funding refers to public dollars used to help individuals build job-ready skills for high-demand occupations. When people talk about WFD cybersecurity funding, they usually mean support channeled through WIOA or similar state and local programs that prioritize sectors facing talent shortages—like cybersecurity. WFD programs are often federally or state-funded through agencies like CISA and DoD, and WFD grants directly increase the number of qualified cyber defenders available to employers by offering free or subsidized education. Grant programs such as the State and Local Cybersecurity Grant Program (SLCGP) provide funding to eligible entities—including state, local, and tribal governments, as well as certain public institutions—to support the nation’s cybersecurity workforce and strengthen critical infrastructure security. The National Cybersecurity Workforce Development Program (CyberSkills2Work), funded by the DoD and the National Security Agency (NSA), has trained thousands of new professionals to support the nation’s cybersecurity workforce. Improved organizational resilience is a benefit of WFD funding, as it allows teams to detect and contain breaches faster, reducing cost impacts.

WIOA was enacted in 2014, reauthorizing earlier workforce legislation to create a more unified system connecting job seekers with employment, education, training, and support services. The law emphasizes performance accountability and consumer choice, requiring states to maintain transparent information about approved training providers. The primary goal of WFD funding is to create a sustainable, diverse, and highly skilled talent pipeline to protect national and economic security.

WIOA funds are administered through state and local workforce development boards and delivered via American Job Centers rather than directly through schools or bootcamps. Participants typically access funding through Individual Training Accounts (ITAs), which they can use to pay for approved programs in high-demand fields.

Each state maintains an Eligible Training Provider List as required under federal regulations (20 CFR Part 680, Subpart C). Inclusion on this ETPL is a common prerequisite for WFD support. Programs not on the list generally cannot receive ITA funds unless rare waivers are granted.

Beyond WIOA, workforce development funding can include state-funded upskilling initiatives, dislocated worker grants, and specialized programs targeting groups like veterans, low-income adults, or individuals impacted by layoffs in critical infrastructure sectors. Public institutions and training providers often include national centers, such as those designated as National Centers of Academic Excellence, which are part of the academic excellence program sponsored by the National Security Agency and Department of Homeland Security. These programs support students—including veterans—in pursuing cybersecurity degrees and careers by aligning academic programs with federally recognized cybersecurity standards and workforce needs. WFD funding also addresses the global shortage of cybersecurity professionals by expanding recruitment to non-traditional candidates and underserved communities.

Who Qualifies for WFD or MyCAA?

Two primary pathways exist for accessing cybersecurity bootcamp funding: WIOA-based workforce development programs and MyCAA military spouse training funding. Each has distinct eligibility criteria and application processes. Eligible entities for cybersecurity funding, such as through the SLCGP program, include state, local, and tribal governments, as well as certain public institutions.

Funding often targets non-traditional students, veterans, military spouses, and underrepresented communities for entry into the cybersecurity field. Funding often supports programs providing hands-on training and covers exam fees for recognized certifications such as CompTIA Security+, Network+, or A+. Tuition and exam reimbursement programs provide full reimbursement for industry-recognized certifications, making training more accessible to government employees and veterans. Free cybersecurity training is also available for government employees through certain federal programs, including initiatives by DHS and NSA.

WIOA Eligibility Groups

Under WIOA Title I-B, eligible participants generally fall into three categories:

Category

Typical Criteria

Adults

Age 18+, often with income thresholds (e.g., 200% federal poverty level) or barriers to employment

Dislocated Workers

Laid off, plant closures, self-employed business failures; typically requires unemployment claims or layoff documentation

Youth

Ages 16–24, with priority for out-of-school youth facing barriers like foster care history or justice system involvement

 

Local workforce boards and American Job Centers determine eligibility, often requiring documentation such as government-issued ID, proof of residence, income verification, layoff notices, or DD-214 for veterans.

For WFD cybersecurity funding specifically, learners must meet both personal eligibility criteria and enroll in an approved cyber program listed on the state ETPL when ITAs are used.

MyCAA Eligibility

MyCAA (My Career Advancement Account) is a Department of Defense program providing military spouse training funding for licenses, certifications, or associate degrees in portable career fields. Per Military OneSource guidance, eligible spouses include those married to service members in pay grades E-1 through E-9, W-1 through W-3, and O-1 through O-3 on qualifying Title 10 orders.

MyCAA provides up to $4,000 in tuition assistance, with an annual cap of $2,000 per fiscal year. Funds must be tied to an approved Education and Training Plan with a participating school.

Important limitations: MyCAA generally does not cover non-tuition items like laptops, exam retakes, or unrelated fees. Applicants should review the official fact sheet before committing to any cybersecurity training program.

How Bootcamps Align With WFD Criteria and Cybersecurity Skills Development

Cybersecurity bootcamps can align with workforce development funding criteria when they function like occupational training programs leading to recognized credentials and employment outcomes. The key is demonstrating value to state workforce systems that prioritize accountability and labor market relevance.

Many bootcamps also align with academic excellence programs, such as those designated as Centers of Academic Excellence academic excellence program, which support workforce development through rigorous curricula and scholarship opportunities like CyberCorps®: SFS.

Hands-on technical assistance is often provided to help learners and organizations implement cybersecurity best practices, including on-site guidance and tailored training.

Hands-on training infrastructure such as cyber ranges allows students to practice incident response without risking real-world systems. Modernizing digital infrastructure is essential for supporting advanced cybersecurity training and ensuring operational resilience in the face of evolving cyber threats.

Organizations can modernize their internal systems because they have trained personnel to manage advanced tools like Managed Detection and Response (MDR).

Factors That Strengthen ETPL Eligibility

States evaluate training providers for ETPL inclusion based on measurable outcomes. Cyber bootcamps are more likely to qualify when they demonstrate:

  • Alignment with in-demand occupations (e.g., SOC analyst, cybersecurity analyst, incident responder)
  • Preparation for industry certifications like CompTIA Security+, CySA+, or Certified Ethical Hacker
  • Delivery by providers capable of meeting state reporting requirements
  • Strong completion rates (often 50–70% minimum, varying by state)
  • Employment placement rates (typically 75%+ within six months of completion)

WFD cybersecurity funding is easier to justify when bootcamp curricula map clearly to National Initiative for Cybersecurity Education (NICE) work roles or equivalent competency frameworks that address cybersecurity threats facing employers.

State-by-State Variation in Critical Infrastructure Programs

Cyber bootcamps are not automatically WIOA-approved nationwide. Each state reviews and approves specific programs, meaning a provider may be on the ETPL in one state but not another. California’s ETPL, for example, favors community colleges, while states like New Jersey and Pennsylvania approve more for-profit providers.

The State and Local Cybersecurity Grant Program (SLCGP) is a local cybersecurity grant program that provides funding to eligible entities to address cybersecurity risks and threats to information systems owned or operated by state, local, or tribal governments. In Fiscal Year 2023, SLCGP funding was $374 million, in 2024 it is $279 million, and in 2025 it will be $91.75 million. The SLCGP is administered by the Federal Emergency Management Agency (FEMA) in partnership with the Cybersecurity and Infrastructure Security Agency (CISA). State, local, and territorial governments, along with public educational institutions, are eligible to receive funding from the SLCGP. SLCGP funding can be used for projects in planning, assessments, monitoring/implementation, and training. 80% of SLCGP grant funds must benefit local governments, and 25% is designated for rural areas specifically. Each state has a designated State Administrative Agency (SAA) that applies for, distributes, and manages SLCGP funding, and utilities can identify their state’s SAA on FEMA’s state-by-state SAA contact list. Collaboration with state agency partners, such as Departments of Environmental Conservation and Health, is essential for implementing these programs and ensuring effective protection of water infrastructure. In an increasingly digital world, water infrastructure faces a growing risk of cyber attacks and dangerous cyber threats that can disrupt services, threaten public health, and require robust cybersecurity measures to keep infrastructure secure.

New York’s water sectors—including drinking water systems, wastewater systems, and public drinking water systems—are supported by coordinated efforts from the New York State Department of Health, the Environmental Facilities Corporation, and other York state departments. These agencies have developed cybersecurity standards and regulations to enhance the resilience of water and wastewater systems against cyber threats. The New York State Environmental Facilities Corporation (EFC) administers the EFC's Secure grant program, a key funding initiative for water and wastewater systems. EFC’s Secure grant program provides up to $50,000 for cybersecurity assessments and up to $100,000 for utilities to implement cybersecurity upgrades. This secure grant program is part of a broader effort to protect critical water infrastructure in New York, and the EFC has created a dedicated cybersecurity hub to assist water utilities. The EFC also offers free consultations and practical tools to help utilities adopt stronger cybersecurity practices. These initiatives are part of a comprehensive sector-by-sector plan that includes wastewater infrastructure initiatives and aims at proactively enhancing cybersecurity across New York's water sectors and York's water sectors.

As digital and operational controls are increasingly integrated into water systems, securing drinking water infrastructure controls and water infrastructure controls is essential to protect critical operations and protect drinking water. These regulations strengthen defenses for the most vital systems and vital systems, helping to prevent incidents that could threaten public health. In addition to cybersecurity, physical security measures are also necessary to keep infrastructure secure and resilient.

New York’s cybersecurity regulations for water systems include mandatory cybersecurity training for certified operators, incident reporting obligations, and risk-based protections for operational systems. The cybersecurity standards developed by the DEC and DOH include risk assessments and technical safeguards to defend against cyberattacks. Larger drinking water systems are often required to have dedicated cybersecurity leads and meet stricter security protocols due to their critical importance. These new regulations reflect a commitment to protecting the health and safety of New Yorkers and are designed to help utilities strengthen defenses against increasingly sophisticated global adversaries and address today’s threat environment. The leadership of the New York State Director has been instrumental in coordinating these cybersecurity initiatives across New York’s water sectors.

Cybersecurity regulations and grant programs in New York’s water sectors are being developed in parallel with those in the financial and healthcare sectors, pairing nation leading standards to ensure all critical infrastructure is protected from cyber threats.

For underrepresented groups—veterans, career changers, individuals displaced from water and wastewater utilities or other critical operations—cyber bootcamps can serve as efficient re-skilling tools when they meet local board priorities. Programs aligned with homeland security workforce needs or those addressing the nation’s cybersecurity workforce gaps often receive favorable consideration.

MyCAA Alignment

For military spouses, cyber bootcamp funding through MyCAA requires that the program be delivered through a MyCAA-registered institution, fit within the spouse’s approved career pathway, and result in a credential recognized as portable between duty stations. Both in-person and online bootcamps can qualify, provided distance education is permitted under program rules and the provider is approved in that delivery mode.

How to Apply

The most important step is starting with the appropriate system—your local workforce office for WFD or the official MyCAA portal for military spouses—not the bootcamp’s enrollment page.

Both the regulatory roadmap and support for local implementation are crucial for ensuring that cybersecurity standards are effectively adopted and that funding is used efficiently. State administrative agencies play a key role in providing technical assistance, guidance, and grants to help local water and wastewater utilities comply with new cybersecurity requirements. These state programs support local implementation by offering no cost technical assistance to water utilities and local governments, making it easier for them to adopt and enforce cybersecurity standards. Pairing strong cybersecurity protections with practical support measures, such as grants and technical assistance, is essential for the effective adoption of cybersecurity standards and for strengthening the resilience of critical water infrastructure.

WIOA Application Process

  1. Locate your American Job Center using CareerOneStop.org’s finder tool
  2. Complete intake and eligibility screening (typically 1–2 weeks)
  3. Provide required documentation (ID, residence, income, layoff verification)
  4. Undergo career counseling and objective assessment
  5. Obtain ITA approval linked to a specific cyber program on the ETPL
  6. Receive written award letter before enrolling

To verify whether a cybersecurity bootcamp appears on your state’s ETPL, use CareerOneStop’s WIOA Eligible Training Program Finder or your state workforce agency’s website. Programs typically must show details including syllabus, duration (often 12–24 weeks), total cost, expected certifications, and career guidance or placement support.

If your chosen bootcamp is not yet on the ETPL, the provider can apply for inclusion, but the process may take weeks or months depending on state submission cycles and documentation requirements.

MyCAA Application Process

  1. Create or log into a MyCAA account via Military OneSource
  2. Confirm spouse eligibility based on sponsor’s paygrade and orders
  3. Work with an education counselor to develop an Education and Training Plan
  4. Verify the cybersecurity program and school are MyCAA-participating
  5. Request financial assistance before enrolling or starting classes

Timelines vary: WIOA decisions depend on available local funds and workforce board meeting schedules, while MyCAA approval depends on plan review speed and school responsiveness.

Critical reminder: Obtain written approval and funding authorization before signing any private enrollment agreement or taking on personal debt for cybersecurity training. Enrolling before approval can void funding eligibility.

The image depicts a group of individuals engaged in a discussion within a career services office, highlighting the importance of enhancing cybersecurity skills for professionals in critical sectors like water and wastewater utilities. This meeting emphasizes collaboration among local governments and state agencies to address cybersecurity threats and improve infrastructure security.

For organizations exploring enterprise training solutions or career services partnerships, workforce development boards may offer incumbent worker programs with different rules and cost-sharing arrangements.

Frequently Asked Questions

Q1. Does online cybersecurity bootcamp training count for WFD or MyCAA funding?

Online delivery can be eligible for WFD cybersecurity funding when the provider is approved in that format and the program appears on the state ETPL. Post-2020 data shows over 40% of ETPL programs now offer virtual options. MyCAA also allows online programs if offered by participating schools aligned with an approved portable career pathway. Confirm both provider approval and delivery mode acceptance with your case manager or MyCAA counselor before enrolling.

Q2. What documentation is usually required for WFD cybersecurity funding applications?

Common documents include government-issued ID, proof of residence, Social Security number verification, income or unemployment records, and DD-214 or layoff notices for dislocated workers. Applicants also need program-specific information: bootcamp name, start date, cost breakdown, duration, delivery mode, and credential outcomes. Requirements differ by state and local board, so follow your American Job Center’s checklist. State and local partners may have additional verification steps.

Q3. Can employers use workforce development funding to sponsor employees into cyber bootcamps?

Some states and local boards operate incumbent worker training or customized training programs that can offset cyber bootcamp funding for current employees. These programs have separate rules from ITAs, often requiring employer cost-sharing (sometimes 50%+) and commitments related to retention or wage gains. HR and L&D leaders should contact their state workforce agency or local board and explore enterprise-focused options for building cybersecurity skills across their workforce.

Q4. Are cybersecurity bootcamps covered for veterans outside of WIOA and MyCAA?

Some cyber bootcamps may be approved for VA education benefits (e.g., GI Bill) or veteran-focused training grants like VET-TEC, but approval is provider- and program-specific. Veterans should check the VA’s WEAMS Institution Search or consult a veterans’ education counselor to verify whether a particular bootcamp qualifies. These veteran pathways are separate from WIOA and MyCAA but can sometimes complement state or employer initiatives supporting cybersecurity professionals entering the field.

Q5. What happens if my chosen cybersecurity bootcamp is not on the ETPL?

WIOA ITA funds generally cannot be used for non-ETPL programs, though some local boards have limited waiver mechanisms for situations where no alternatives exist. A provider can apply for ETPL status through the state administrative agency, but the process requires time, documentation, and demonstrated performance reporting capacity. If your first-choice bootcamp isn’t currently eligible, discuss alternative approved programs or possible approval timelines with your case manager before committing to any training path.