Programs Aim to Fill Cybersecurity Skills Gap

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

A shortage of security professionals will likely become more acute in coming years as companies connect more devices to networks to create the Internet of Things, according to Cisco, which puts the shortfall at a million security pros. The International Information Systems Security Certification Consortium does not believe the shortage is quite as severe, estimating a gap of "only" 300,000 cyber-security pros.

Whether the number is 300,000, a million or somewhere in between, enterprises will obviously be challenged to maintain adequate security staffs. These numbers underscore the importance of programs like the Air Force Association's CyberPatriot national youth cyber education program and Symantec's Cyber Career Connection (SC3), both of which seek to raise awareness of cybersecurity careers and swell the ranks of future security pros.

Increasing awareness is important, given the results of recent research from Raytheon that nearly 70 percent of millennials said they did not know what was involved in a cybersecurity career.  "Kids just do not know about these kinds of jobs," said Jennifer Havermann, senior manager, Business Development, for Raytheon.

When asked what would increase their interest in a cybersecurity career, the millennial respondents cited the ability to obtain security classes and training to see if such careers would be a good fit for them. "That was the biggest response as to what would increase their interest, even more so than a high salary," Havermann said.


The centerpiece of the Air Force Association's CyberPatriot program is the annual National Youth Cyber Defense Competition, in which teams of students compete against each other by performing the duties of a cybersecurity professional, namely finding vulnerabilities in virtual images representing operating systems and hardening those systems while maintaining a hypothetical company's critical services.

The AFA in 2008 partnered with the University of Texas at San Antonio's Center for Infrastructure Assurance and Security, which runs a collegiate cyber defense competition, and launched a proof-of-concept contest with eight teams of high school students in 2009. The program has been growing at a rate of 35 percent a year and last year expanded to include middle school students.

The most recent contest drew 2,175 participants from all 50 states, as well as Canada and Europe, "a strong indicator we are doing something useful," said CyberPatriot National Commissioner Bernie Skoch, a retired Air Force brigadier general. 

Though CyberPatriot focuses on raising the profile of cybersecurity among all students, Skoch said a special emphasis is given to attracting females and minorities, both of which are underrepresented in STEM (science, technology, engineering, mathematics) careers. For instance, he noted, entry fees were waived for all-female teams in last year's contest. "We have about 17 percent female representation, and our goal is to get to 30 percent within three years."

The program has expanded to include CyberCamps, which Skoch said are designed to promote interest and participation in cybersecurity outside of the academic school year during which the competition takes place. A 20-hour cybersecurity curriculum developed by the AFA is presented during a weeklong camp that concludes with a mini-competition modeled on the larger one, he said.

Three CyberCamp pilots occurred last summer, at schools in Texas and Virginia. "To label them as successful would be to diminish them," Skoch said, noting that a mother approached him after one of the camps to let him know that her daughter had taken her brother to task for downloading a virus to the family PC and educated him on smart cyber behavior.

The AFA just wrapped a pilot of a cyber education program for elementary schools, that Skoch said teaches basic cybersecurity principles through hands-on activities such as "a Space Invaders kind of game that lets you shoot at viruses" and advance through levels of play by answering cybersecurity questions.

"I don't think there is a time too early for cybersecurity education if it's done right," he said, noting the objective of the elementary program is "not necessarily to shape educational or professional dispositions but to equip students to be safe online."

The AFA plans to roll out the elementary program nationwide in the coming months, he said.

The CyberPatriot program is funded by corporate sponsors like the Northrop Grumman Foundation, AT&T, Cisco and Symantec. AFA promotes the program through outreach efforts to schools, civic leaders and events such as meetings of the National Science Teachers Association. "We have 8,000 members in all 50 states that help us recruit teams" for the contests, Skoch said

While the AFA also contributes financially to the program and students may become interested in government cybersecurity careers through participation, the aim is not to feed the defense sector but to satisfy a larger need for IT professionals, Skoch said. "We need to grow the technical workforce so our economy stays the world's largest and one of the most productive," he said.

Raytheon's Havermann agreed, noting the broad benefit of employing folks with cybersecurity smarts who will be less likely to engage in risky behaviors such as clicking on questionable links. "Cybersecurity touches nearly every career. Whatever career someone decides to pursue, chances are it will contain elements of cybersecurity," she said.

Cyber Career Connection

In June, Symantec introduced a program called Cyber Career Connection (SC3) that promotes cybersecurity careers among young adults ages 18-29, a demographic that is experiencing an unemployment rate of 15.5 percent, according to one recent study, with even higher levels for Hispanics and African-Americans.

The security vendor partnered with Year Up and NPower, two organizations that "have an amazing track record" working with underserved young adults, said Marian Merritt, director, Cyber Education and Online Safety Programs for Symantec. Participants receive classroom training and soft skills development, then will obtain hands-on experience during internships.

Forty-five students are participating in a pilot in three cities, New York, San Francisco and Baltimore. Some are already successfully completing requirements for popular security certifications. They receive stipends and assistance with transportation costs from Symantec. "We want to make sure they have what they need to be successful," Merritt said.

The program is aimed at preparing students for entry-level security jobs that do not require a bachelor's degree. "Once they get their foot in the door, we hope many of these people will be motivated to get additional training and continue in the cybersecurity field," Merritt said.

While the program's initial focus is on recent high school graduates, Merritt said future iterations could include military veterans or older people re-entering the workforce after stints of unemployment.

About a third of the current class of students are women. Like Skoch, Merritt stressed the importance of diversifying the largely white male ranks of cybersecurity professionals.

"Cybersecurity is kind of like solving a puzzle as you try to predict how the bad guy is going to take you down," she said. "So you want people with different perspectives working on these puzzles. The value in having people who come from different life experiences and bring different skills to the table cannot be overstated with this kind of a nascent industry."

Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.