It's time to address cybersecurity education, say policymakers
A leaky pipeline makes filling critical jobs difficult.
Though technology has grown in ubiquity throughout college classrooms, the workforce is still seeing a shortage of graduates who actually have the technical expertise necessary to maintain and secure these networked tools. The gap — with the potential economic and security ramifications — has got policymakers, as well as players in the cybersecurity industry, looking toward higher education officials and asking, “How do we fix this?”
This question was at the center of a joint meeting between the Subcommittee on Higher Education and Workforce Development and Subcommittee on Cybersecurity and Infrastructure Protection last week, which emphasized the urgent need for government, higher education officials and industry professionals to build the cybersecurity workforce talent pipeline, especially given the recent string of costly data breaches — Equifax, Yahoo and OPM Systems, to name a few.
“This an urgent problem that has serious ramifications for our national security,” said Congresswoman Susan Davis (D-CA), the ranking member of the Subcommittee on Higher Education and Workforce Development. “The need for a more secure cyber infrastructure is only going to grow as technology continues to move into even more aspects of our daily lives. By tackling this problem we can secure critical information and create many more high-paying jobs,” said Davis.
Davis and others at the hearing confirm now is the key time to start securing the nation’s cyber framework by building a cyber workforce — and even more critically that targeting the entire education pipeline through policy and industry partnerships is necessary to seeing results.
A leaky pipeline from K-12 to postsecondary makes targeting workforce needs difficult
At the policy level, STEM education, contrary to what many people believe, actually does get a lot of attention from legislators and education advocates — because investing in better teachers, curriculum, and opportunities within science and technical fields is seen as essential in building a globally competitive workforce. But the lip service toward enhancing STEM initiatives and monetary investments don’t transfer over, because most state standards guiding curriculum don’t emphasize these areas of learning.
Before the entirely voluntary Next Generation Science Standards were introduced, K-12 schools have primarily focused on meeting assessment goals in math and reading within Common Core to receive funding under ESSA and the predecessor of No Child Left Behind. With the lack of emphasis on certain STEM subjects — particularly computer science, technology and engineering — students don’t have the right exposure needed before higher education to master technology safety, with Change The Equation reporting in 2015 that 56% of 12th graders have no access to any computer science classes and only 23% having access to advanced placement CS courses.
Hadi Partovi, CEO of education non-profit Code.org, explained in a recent interview that issues with the talent pipeline come from the lack of accessible curriculum at earlier parts of the education spectrum, which also limits diverse students from getting access to the field — another blow to the talent pool.
“In terms of the barriers in the pipeline the biggest issue is that computer science is not tossed in within all schools, and even in the schools that do teach that there's not enough capacity for it. But even if there is capacity, there's not enough diversity in a students taking it. But, the biggest issue is that the majority of public and private schools in the country don't have a single computer science class,” said Partovi.
“The way we grow access to the field by providing curriculum in schools that doesn't need a experienced computer science teachers, curriculum that even a third grade teacher or a even a tenth grade English teacher could teach computer science using the Code.org curriculum...The statistics in our high school courses, 70% of kids say they want to continue studying computer science. ”
Without these key framing courses on how computers work before postsecondary education, students are often left ill-prepared to begin learning about cybersecurity infrastructures. To tackle this, many K-12 schools have already started looking at expanding curriculum in the field. For instance, The Augusta Chronicle reports that Westminster Schools of Augusta in Georgia is seeking to organically build the cyber workforce through integrated STEM curriculum.
“We began introducing students to career and degree opportunities that may not exist today, and solve a demand for a cyber-literate workforce. No matter what industry they’re going into, that’s where the demand lies for cyber,” said Kevin Nolten, NICERC director was quoted. “When we ask them what they want to be when they grow up, we want to make sure they have the best educated response.”
Partnerships across policy, higher education, and industry needed to target workforce gaps
More than 209,000 cybersecurity jobs in the U.S. went unfilled in 2015, and job postings increased 74% over the last half decade, according to a 2015 Intel Security’s Center for Strategic and International Studies report. In this survey of 625 IT professionals around the world, 82% confirmed the existence of a cybersecurity skills shortage within the industry. And at the same time, only 23% of respondents said that education programs were adequately preparing students for these jobs.
As higher education institutions are platforms of academic and technical training for students prior to entering the workforce, the report’s finding that only 7% of the top universities in each of the 8 countries observed offered a major or minor in cybersecurity is troublesome, given that half the companies surveyed prefered a bachelor's degree in a technical subject as a minimum credential for entry into the field and that K12 education already has limited access to computer science training.
This reality has shined a spotlight on the role of higher education institutions in building out the education to career pipeline, especially with increases in costly cybersecurity breaches in industries, including education. As President Trump’s FY18 budget request proposes cutting funding for the CyberCorps Scholarship for Service program by 27 percent from last year, members of the hearing, including Democratic witness President Scott Ralls of Northern Virginia Community College, noted the importance in working across education and with employers to fill the gaps.
“We do so not only because it meets employer needs, but most importantly, it helps our students understand the needs of Northern Virginia employers. ... But to solve this problem requires an even deeper engagement between industry, education and state and federal partners all working toward a common goal of increasing awareness, making cyber pathways clear and easy to navigate and providing work-learn opportunities in greater numbers,” said Ralls.
Many institutions have already ramped up their cybersecurity education frameworks, such as NYU Tandon School of Engineering’s Center for Cybersecurity, which began offering classes in the subject in 1999. Founder and professor, Nasir Memon, told Education Dive that the program provides the necessary hands-on approach to get students the training and expertise needed to get into the field.
“We design in order to protect against random events happening, but in cybersecurity it’s not random events. It’s malicious. The attacker will find the weakest spot, the thing you didn't anticipate, and will exploit that fact to gain control of your system,” Memon said in describing the hands-on approach to the week and the NYU center. “People [need] to get this type of experience. This will give them that training that’s not easy to give in a classroom.”
But as Ralls explained, it’s the partnership that’s really key to getting more workers in the field. For instance, Rhode Island’s Pathways in Technology Early College High School Initiative program helped K-12 school districts to focus on information technology, advanced manufacturing and cybersecurity, while coordinating with community colleges and business leaders to make sure students could get through the entire track— helping them enroll in specialized programs to take college courses that will let them graduate with a diploma and an industry-specific associate degree.
Stefan Pryor, the state’s Secretary of Commerce said the program builds out that organic labor pool.
It's “the integration of otherwise siloed partners; the community college system on the one hand, the employer participants, the high school at the center of the collaboration, that’s a rare approach,” he explained.
“Typically the employer or set of employers have a major presence in the region where the high school is located, so there’s a natural pre-existing familiarity and connection.”
Follow Shalina Chatlani on Twitter