Winning the Cyber-Talent war: Strategies to enhance Cybersecurity workforce development

EXAMINING PROGRESS TO DATE IN EFFORTS TO STRENGTHEN THE CYBERSECURITY WORKFORCE

A PARTNERSHIP FOR BUILDING THE FUTURE PUBLIC-SECTOR WORKFORCE—THE SCHOLARSHIP FOR SERVICE PROGRAM
Funded by the National Science Foundation and operated in partnership with DHS, the Cyber Corps of the Scholarship for Service program has demonstrated significant impact in encouraging students to pursue cybersecurity careers and creating a pipeline of talent for the public sector.

NATIONAL CENTERS OF ACADEMIC EXCELLENCE IN CYBER DEFENSE
This program sets criteria and mapping curricula to assist institutions in building effective cybersecurity education and research programs—helping to establish a national framework for cybersecurity education. All four-year baccalaureate, graduate education, and two-year institutions are eligible.

PRESIDENTIAL INNOVATION FELLOWS
The fellows program is designed to engage early career IT professionals and engage them in short stints in government. While not focused exclusively or even predominantly on cybersecurity, the Presidential Innovation Fellows program provides a window on a future where an improved flow of critical cybersecurity talent could be a vital resource for meeting major short-term challenges and raising the overall level of skills in the cyber workforce.

NATIONAL GUARD AND MILITARY RESERVE CYBER OPERATIONS
Regional centers being developed by the National Guard and Reserve are creating a nexus of talent within states and cities that draws on professionals engaged in industry and academia who can be mobilized to support government needs in the case of major incidents.

ENGAGING VETERANS IN CYBERSECURITY CAREERS
A number of promising initiatives have also been launched in the last few years to focus cybersecurity education on veterans. These efforts include specific outreach and degree programs—including those launched by the state of Virginia and boot camp programs launched by companies such as PricewaterhouseCoopers, among others.

INITIAL STEPS TO NURTURE CYBERSECURITY CAREER PATHS FOR YOUNG AMERICANS
As part of the National Initiative for Cybersecurity Education (more often known as NICE), federal agencies collaborate to strengthen K–12 student and teacher engagement. One of the leading examples of this effort is the GenCyber initiative supported by NSF and the NSA. GenCyber supports collaborations with academic institutions to conduct cybersecurity summer camps for students and teachers.

SHAPING AN AGENDA FOR THE NEW ADMINISTRATION: PRINCIPLE BUILDING BLOCKS OF AN EFFECTIVE NATIONAL CYBER WORKFORCE STRATEGY

FOCUS A NATIONAL INITIATIVE ON BUILDING THE TALENT PIPELINE
Attracting students into the federal government must be augmented by an aggressive strategy to build the pipeline of interest in earlier grade levels. This will require a broad range of engagement with K–12 education that includes classroom initiatives, expanded teacher education, and after-school competitions to spark interest.

EMBRACE THE POSITIVE ELEMENTS OF THE HACKER DYNAMIC
Hackers are ultracurious, highly imaginative professionals who are able to spot even the most hidden vulnerabilities in systems. Meeting the nation’s cybersecurity talent needs will require nurturing the natural curiosity and imaginative creativity that defines the hacker experience.

CREATE NEW VEHICLES FOR INDUSTRY, GOVERNMENT, EDUCATION COLLABORATION
While policies to date have focused on the needs of the federal government, the national cybersecurity workforce is a challenge for the private sector as well. Opportunities must be explored to foster closer coordination among government, industry, and the higher-education community as the nature of the cybersecurity challenge evolves.

POLICY RECOMMENDATIONS FOR NEW NATIONAL FEDERAL CYBERSECURITY WORKFORCE

INTENSIFY INITIATIVES TO CREATE A CYBER-AWARE GENERATION
Incorporating basic cybersecurity education into curricula at all education levels and work experiences would enhance this first line of defense. Along with this effort, we need to invest in research and applied development of innovations that continue to make security and privacy easier for consumers.

DEVELOP A CORE CYBERSECURITY CURRICULUM THAT CAN BE ADAPTED AND APPLIED AT ALL EDUCATION LEVELS AND START BUILDING CYBERSECURITY INTO STEM PROGRAMS
Recognizing the importance of cybersecurity as a fundamental element of STEM education will also enhance the growth of programs and stronger student interest.

ENGAGE INDUSTRY AND THE HIGHER-EDUCATION COMMUNITY IN COMMITMENT TO TRAIN ONE HUNDRED THOUSAND HIGH SCHOOL AND MIDDLE-SCHOOL TEACHERS IN BASIC CYBERSECURITY EDUCATION IN THE NEXT FIVE YEARS
This component can tap the development of new online and gamification tools that have the potential to significantly impact the ability
to bring cost-effective education resources to schools throughout the nation. Carnegie Mellon experienced the success with picoCTF, and
nationwide adoption of this model, specifically aimed at educators who can run their own versions of the contest, could have an exponential impact.

USING THE FIRST ROBOTICS LEAGUE AS A MODEL, ADVANCE A NATIONAL STRATEGY FOR MIDDLE-SCHOOL AND HIGH-SCHOOL
HACKING CONTESTS TO EXCITE THE NEXT GENERATION OF CYBERSECURITY PROFESSIONALS
Now in its twenty-fifth year, FIRST reaches seventy-five thousand students around the world each year and provides a broader portal to STEM careers. A national hacking contest initiative can have a similar impact.

EXPAND THE SCHOLARSHIP FOR SERVICE PROGRAM AND FOSTER EVEN DEEPER CROSS-INSTITUTIONAL COLLABORATION
The proposal to increase the number of institutions in the program is a valuable component of a talent initiative. One model for such an effort is the Cyber Stakes program, which has fostered collaborative education and exercises between Carnegie Mellon and service academies.

EXPLORE CREATION OF A CYBERSECURITY ROTC PROGRAM
A cyber-specific ROTC-like initiative would underscore the sense of national mission that is vital to addressing the environment for strengthening the cybersecurity talent pipeline. A key to this effort would be to create a strong network among institutions operating this program to ensure that the development of these students included both deep technical and operational experiences.

Additionally, consideration should be given to development a “2+2” model for this effort, where a student who has a potential interest in cybersecurity can receive a modest financial-aid supplement in their first and second year. At the end of the second year, these students (and any other students in the program) can choose to apply for acceptance into a program fully funding their tuition during the third and fourth year, if they commit to a cybersecurity minor in addition to their computer science or electrical and computer engineering major. In return, the student would be required to sign up for three years of service in a government cybersecurity position.

CREATE NEW MECHANISMS FOR INDUSTRY, GOVERNMENT, HIGHER EDUCATION COLLABORATION
One strategic approach to fostering these new mechanisms would be to support the development of regional test beds for collaboration on the emerging Internet of Things. These test beds could focus both on innovation in cyber applications and advancing opportunities for formal education programs as well as ongoing training initiatives.