Making baccalaureates the minimum degree requirement for even entry-level jobs is, in part, feeding the shortage of skilled workers in the cybersecurity industry, a panel of higher education and business and industry leaders told lawmakers at a House joint subcommittee hearing on Tuesday.
The panelists and members of the Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee and the Higher Education and Workforce Subcommittee noted that there are many unfilled jobs in cybersecurity that don’t require advanced degrees, yet many employers — including the federal government — typically require a bachelor’s degree. However, a growing number of companies are focusing on examining job applicants’ skills and problem-solving abilities.
The cybersecurity field, like many industries, is facing a skilled-worker shortage, and recent high-profile data breaches — from the presidential election to the Equifax hack — have brought the issue front and center with Congress. Government, private industry and the academic sectors must align better to develop a pipeline of skilled cybersecurity employees.
Members of the subcommittees were especially interested in tapping apprenticeships — which are rather new in the cybersecurity and informational technology sector — as well as dual-enrollment programs, boot camps, student internships and other nontraditional education programs that result in students earning in-demand credentials and skills.
“It’s a bit of a culture change,” said David Jarvis, security and CIO lead at the IBM Institute for Business Value.
Focused on nontraditional students
One strategy to increase the pool of employees is to focus on diversity. Women comprise about 11 percent of the global cybersecurity workforce, and African-Americans and Hispanics make up about 12 percent of employees, according to industry reports.
“We’re leaving talent at the table,” said Rep. Cedric Richmond (D-Louisiana).
Several panelists acknowledged the shortfall in diversity, but cited various efforts to improve that. R. Scott Ralls, president of Northern Virginia Community College (NVCC), highlighted his college’s efforts to reach into K-12. But he added that community colleges in general must be more aggressive in getting the message out to women and minorities about cybersecurity career opportunities.
“We have to change our marketing materials,” Ralls said, and develop more dual-enrollment opportunities for students, as well as establish academic pathways for students that can serve as “ladders” to careers in the field. Colleges can also hire more women and minority instructors to serve as roles models, as well as foster apprenticeships and other hands-on work experiences with such role models in the workplace, he said.
Ralls highlighted several efforts at NVCC that include partnerships with defense contractor Northrup Grumman and Amazon Web Services, which offers secure cloud services.
Ralls also noted that allowing students to use federal Pell grants to cover certain short-term certificates and credentials could also help students and incumbent employees attain needed skills or upgrades for jobs in cybersecurity and other in-demand industries.
NVCC, which is located in the suburbs of Washington, D.C., also focuses on helping military veterans transition to college and careers.
“It’s such a rich resource,” said Ralls, who noted that his college serves about 7,000 veterans.
NVCC is not waiting for K-12 students and veterans to come to campus, rather the college is pro-active in connecting with various organizations, Ralls said. For example, NVCC connects with military employees before they transition out of the service so they can align credits for work experience and help them select accelerated programs so they can earn credentials quicker.
Employers such as IBM also are exploring innovative ways to encourage students to explore cybersecurity careers. IBM’s Jarvis noted the company’s P-TECH program, which is a dual-enrollment program. He added that the company also plans to hire about 2,000 military veterans over the next few years, citing their invaluable work experience.
“They are an increasingly important source of talent,” Jarvis said of veterans.
Skilled faculty, too
A lack of skilled cybersecurity instructors is also a growing problem, said Stephen Cambrone, associate vice chancellor at Texas A&M University. His university also has started a boot camp for high school teachers to teach them about the basics of the industry and to raise awareness of career opportunities for their students.