Building Our Cybersecurity Workforce for the Future
posted Jan. 3 by Chad QuillThe quantity and complexity of cyber attacks continues to increase. However until recently, our higher education system did not offer courses in cybersecurity. Thankfully, this is changing with several leading American colleges and universities now adding cybersecurity programs as options for students. The U.S. Naval Academy recently announced that it is updating its curriculum for the first time in ten years, with the addition of two cybersecurity courses. All Service Academies will now have cybersecurity topics integrated into their curriculum. I trust that these are the first in a series of positive steps that the U.S. will take to close the cybersecurity education gap. Moreover, I look forward to the day when cybersecurity rankings are analogous to the science, technology, engineering and mathematics (STEM) rankings used to compare competencies of populations.
We may not have global rankings for cybersecurity capabilities as we do for STEM today, but global cybersecurity competitions provide some interesting insights. One such competition is the TopCoder Open Event. People from all over the world participate in this competition sponsored by the National Security Agency (NSA). The winner showcases his/her expertise in design, development, architecture, algorithm coding and other cybersecurity functional areas. Of the 4,200 participants, approximately 57 percent had bachelor’s degrees, 20 percent had master’s degrees and six percent had doctorates.
With all that brain power and those educational credentials, it’s surprising (or is it?!) that the 2009 winner was an 18-year-old student from China. When you look at the data, it’s not statistically surprising that someone from China won the competition – they had the most participants and finalists.
Take a look at the chart below and compare the U.S. to the other countries that comprise the majority of the contestants:
This competition is hosted by a U.S. company and supported by the NSA, and yet we only provided the fourth-most participants behind China, India and Russia. Our 234 participants accounted for less than six percent of the competitive field, and the statistics don’t get any better when we look at the finalists. Of the 70 finalists, only two were Americans.
OK, enough fire and brimstone! The point I’m trying to make is that the cybersecurity industry can’t sit back and wait for the U.S. government, academic institutions or anyone else to bring us the workforce that we need today and in the future. We can’t keep cyber attacks from evolving, but we can minimize their effectiveness by focusing on cybersecurity workforce modernization.
Workforce modernization involves many types of activities, and I would bet that almost everyone reading this is doing something that is considered part of this category. At BAE Systems, we are constantly evaluating new ways to advance the cybersecurity industry and develop paths to increase the pool of personnel that can meet today’s needs. For those of you who are working so hard to achieve this objective as well, thank you!
Doesn’t it feel like something is still missing though? Couldn’t we do more to address our immediate needs? When it was announced that DHS was going to hire 1,000 cyber analysts every few years – I remember applauding their vision, but I was concerned about where these 1,000 individuals would come from. In my opinion, our nation’s energy is primarily focused on long-term solutions to increase our future workforce. These initiatives are necessary and valuable, and I hope we all give STEM programs for middle school and high school children the necessary support. The government is doing a good job as a lead advocate in this arena, so let’s take a few minutes to think about what industry can do to close the gap for our more near-term needs. Education partnerships of any form are certainly going to help. We can participate in joint technology development efforts – funding research labs and executing collaborative product development efforts. We can lend our expertise in curriculum development – providing inputs to academia on the skill sets we need and offering practical use cases or projects to integrate into coursework. We can give students real-world experience by investing internally in internship programs, and we can ensure our accessibility by attending professional networking events and contributing to communities of practice.
We all know that the resource pool is small and the supply of true cybersecurity experts is not meeting the demand. What’s making it even more complicated is the progression from IT-as-a-stove-pipe to embedded mission enablement. Most of the current workforce needs enhanced training to fill our industry’s current gaps. A cybersecurity expert today needs to be schooled in both theory and best practices as they evolve. We also need to consider that there is value in multi-disciplinary backgrounds in the field of cybersecurity. We don’t necessarily need to convince an additional 1,000 people to get Ph.D.s in computer science – with the right training and work environment, software engineers, mathematicians, intelligence analysts and other professions all have a great deal to contribute to cybersecurity.
Finally, a cybersecurity training program should prepare our workforce for a career, not just for a particular job requisition. If we want the best and brightest migrating to our industry, we need to offer flexibility and a diverse set of opportunities. We believe in this at BAE Systems. Our cybersecurity training program maximizes people’s strengths and gives them multiple types of training to create well-rounded experts. Technical certifications and strategic studies provide the basic building blocks, and we build on those with experiential cross training that recognizes the value of immersion in customer, company and academic environments.
BAE Systems is committed to playing our part in advancing cybersecurity as a profession. Workforce modernization affects all of us, and it ultimately enables us to keep our country safe, create relevant jobs and provide businesses an opportunity for growth.
Learn more about our cybersecurity job opportunities at www.baesystems.com/cyberjobs.