ISA Workforce Development Specific Recommendations and the Presidential Commission on Enhancing National Cybersecurity

June 7, 2017

ISA Workforce Development Recommendations

Source: Chapter 9 of The Cybersecurity Social Contract: Implementing a Market-Based Model for Cybersecurity

Presidential Commission on Enhancing National Cybersecurity

Focus A National Initiative On Building the Talent Pipeline

“Attracting students into the federal government must be augmented by an aggressive strategy to build the pipeline of interest in earlier grade levels. This will require a broad range of engagement with K–12 education that includes classroom initiatives, expanded teacher education, and after-school competitions to spark interest.”                 Commission Action Item 4.1.3: To better prepare students as individuals and future employees, federal programs supporting education at all levels should incorporate cybersecurity awareness for students as they are introduced to and provided with Internet-based devices. (SHORT TERM)

Commission text: Cybersecurity awareness messages should be developed and focused on children as early as preschool and throughout elementary school. This early cybersecurity education must include programs to train and better prepare teachers in order to succeed at scale. … This effort would also stimulate exploration of cybersecurity careers in middle school and enable preparedness for cybersecurity careers in high school. In addition, the process of exposing young people to technology and the associated safety, security, ethical, and legal issues will introduce them to a broad range of academic and career pathways that can sustain lifelong employment.

“Launch a comprehensive initiative to build the talent pipeline.” Action Item 4.1.1: The next President should initiate a national cybersecurity workforce program to train 100,000 new cybersecurity practitioners by 2020. (SHORT TERM)

Commission text: A national cybersecurity workforce program would help our nation develop cybersecurity talent pipelines. Such a program—with a specific focus on local and regional partnerships of employers, educational institutions, and community organizations—will help develop the skilled workforce necessary to meet the cybersecurity needs of local and regional industry.


Create New Vehicles for Industry, Government, And Education Collaboration

“Opportunities must be explored to foster closer coordination among government, industry, and the higher-education community as the nature of the cybersecurity challenge evolves.” Action Item 4.1.1: The next President should initiate a national cybersecurity workforce program to train 100,000 new cybersecurity practitioners by 2020. (SHORT TERM)

Commission text: The federal government and private-sector partners should also jointly sponsor a nationwide network of cybersecurity boot camps. Aimed at providing knowledge and skills in a condensed time frame, these training initiatives will increase the supply of practitioners and allow the redeployment of individuals who are currently underemployed or unemployed.

Intensify Initiatives to Create a Cyber-Aware Generation

“Along with this effort, we need to invest in research and applied development of innovations that continue to make security and privacy easier for consumers. Security and privacy actions must be less of an obstruction and more frictionless.” Commission Foundational Principle 6: Effective cybersecurity depends on consumer and workforce awareness, education, and engagement in protecting their digital experience. This effort must be a continuous process and advance individuals’ understanding and capabilities as vital participants in shaping their own—and the nation’s—cybersecurity. Nevertheless, to the maximum extent possible,

the burden for cybersecurity must ultimately be moved away from the end user—consumers, businesses, critical infrastructure, and others—to higher-level solutions that include greater threat deterrence, more secure products and protocols, and a safer Internet ecosystem.

Commission Recommendation 3.2: The federal government should establish, strengthen, and broaden investments in research programs to improve the cybersecurity and usability of consumer products and digital technologies through greater understanding of human behaviors and their interactions with the Internet of Things (IoT) and other connected technologies.

Action Item 3.2.1: The next Administration and Congress should prioritize research on human behavior and cybersecurity, on the basis of the 2016 Federal Cybersecurity Research and Development Strategic Plan. (SHORT TERM)

Expand the Scholarship for Service Program and Foster Even Deeper Cross-Institutional Collaboration

“The proposal to increase the number of institutions in the program is a valuable component of a talent initiative. This effort would be further enhanced by supporting and incentivizing collaboration among institutions on course delivery, professional development, and best practices.” Action Item 4.1.7: NIST, the National Science Foundation (NSF), the National Security Agency (NSA), and the Department of Education should work with private-sector organizations, universities, and professional societies to develop standardized interdisciplinary cybersecurity curricula that integrate with and expand existing efforts and programs. (MEDIUM TERM)

Commission text: Many efforts are now underway to develop curricular guidance for cybersecurity … Despite these nascent endeavors, including similar initiatives at the high school level, no common body of knowledge or core curriculum has yet been agreed on or widely adopted. We need a concerted national effort to inventory existing curricula and initiatives, identify gaps, and develop and disseminate a standardized set of guidelines and resources to guide teachers and administrators. This effort should also pursue collaborations with organizations that accredit college and university programs in scientific, engineering, and computing disciplines, such as the Accreditation Board for Engineering and Technology (ABET).


Explore Creation of a Cybersecurity ROTC Program

“The proposal to increase the number of institutions in the program is a valuable component of a talent initiative. … A cyber-specific ROTC-like initiative would underscore the sense of national mission that is vital to addressing the environment for strengthening the cybersecurity talent pipeline. A key to this effort would be to create a strong network among institutions operating this program to ensure that the development of these students included both deep technical and operational experiences.” Action Item 4.1.2: The next President should initiate a national cybersecurity apprenticeship program to train 50,000 new cybersecurity practitioners by 2020. (MEDIUM TERM)

Commission text: The program should have pathways for students in traditional four-year university programs and two-year community college programs with a specific focus on developing the skills necessary to begin a career in cybersecurity. The program should also have a specific focus on developing, outside of traditional academic settings, the skills necessary to begin a career in cybersecurity. The initiative should promote the development of entry-level and mid-level skills—including in students graduating with engineering, computing, or IT degrees with excellent technical skills but little actual cybersecurity training—followed by hands on apprenticeships both in government and in the private sector.