How we can get ‘more of everything’ for the cybersecurity workforce
With a need for 1.5 million more trained professionals in coming years, the federal government, universities, and companies are teaming up to solve the problem.
BALTIMORE — The nation’s largest cybersecurity competition for middle- and high-school students crowned its champions here in Baltimore last week. Teams from Missouri, Florida, and California took home a title that is getting harder and harder to obtain every year: Cyber Patriot champion.
Nearly 3,400 teams competed in this year’s CyberPatriot, up 55 percent against the year prior and doubling in two years. CyberPatriot is the National Youth Cyber Education Program, created by the Air Force Association (AFA) and presented by the Northrop Grumman Foundation.
Globally, these similar competitions are growing as well: in April, we hosted youth cyber defense competitions in the United Kingdom (called CyberCenturion) and in Saudi Arabia (known as CyberArabia) in partnership with AFA.
We expect this growth to continue because we’ve created is a fun way to teach these critical skills and excite students about a career in cybersecurity.
With an estimated workforce gap (the difference between the number of potential jobs and the trained talent able to fill them) of 1.5 million by 2019, cybersecurity has a serious workforce problem.
In the rapid expansion of programs like Cyber Patriot, you can chart the growth of a country recognizing the scale of the challenge ahead and taking that challenge head on.
That doesn’t mean this is going to be easy, however. And it doesn’t mean there aren’t acute shortages today.
On the sidelines of Cyber Patriot, White House CIO Tony Scott discussed the future of the cybersecurity workforce at a CSM Passcode event.
“Cyber is a global problem. We need cultural diversity, people who understand the culture of all kinds of places all over the world,” said Mr. Scott.
“I’m looking for people with great economics backgrounds who understand cybersecurity and cultural anthropologists that understand cybersecurity and people who understand biology and cybersecurity,” he continued. “There’s no area that, when combined with cybersecurity, [I would say] ‘We’re full up and don’t need any more of those.’ We need more of everything.”
More of everything is right.
But how do we get to more of everything?
National commitment. We appreciate the things that are done at the federal level to help set the stage — with the Cybersecurity National Action Plan and the work of the National Initiative for Cybersecurity Education — because those kinds of overarching infrastructures help inform and guide where we go as a nation.
Broader education opportunities. Universities and community colleges are shaping these federal directives by adding their own strengths and unique approaches.
George Mason University in Fairfax, Va. now offers a bachelor of science in cyber engineering, an interdisciplinary engineering degree that is the only one like it in the nation. At the University of Maryland, they’ve taken a cross-disciplinary route to educate students across disciplines with cybersecurity knowledge. And, from a diversity perspective, we’re working with the University of Maryland — Baltimore County to fund the Cyber Scholars initiative, which aims to increase the number of women and underrepresented minorities pursuing cybersecurity careers.
At community colleges, a lot of the enrollment in the cyber arena are not the traditional 18-year olds — they’re people looking for a second career, including an increasing number of veterans. At these institutions, the focus is on crafting programs that build up a quality cybersecurity skill set in less time, creating more marketable cybersecurity professionals quickly.
See diversity as a strategic asset. Diversity is not an afterthought, it is critical. A deeper, more diverse cybersecurity workforce means a better cybersecurity workforce. When you're working on the very complex challenges in cybersecurity, the best solutions require diverse experience, academic backgrounds and problem-solving approaches. Diversity is a strategic, not notional, asset in cybersecurity.
More, if you have to find 1.5 million new employees, you can’t afford to leave out any portion of the potential workforce. That means lowering the barriers to entry (such as dropping fees at STEM competitions and at summer camps, for example) that make the field easier to access for children as far back as elementary school.
Diane Miller is director of Infosec Operations and Cyber Initiatives and Director of Cyber Patriot programs for Northrop Grumman. Follow Northrop Grumman on Twitter @NorthropGrumman and follow Cyber Patriot @CyberPatriot.