Cybersecurity workers protect crucial information across the industry spectrum, from health records to bank accounts to sensitive military communications. A massive shortage of skilled technical employees in the U.S. has put the nation’s digital privacy and infrastructure at risk, observers say, leading more community colleges to include cyber-related programming as an important facet of their workforce development training.
However, the always-changing cybersecurity landscape is challenging two-year institutions to keep their curriculum current and relevant, an issue exacerbated by a limited faculty pool that requires extra incentive to join the community college ranks when lucrative university positions await.
“It’s difficult across the board to find this kind of talent,” says Corrinne Sande, who develops programming for the Cybersecurity Center at Whatcom Community College in Washington. “There has to be a driving force to come here aside from money. It’s like asking a doctor to teach an introduction to nursing class.”
This excerpt comes from the current issue of AACC’s Community College Journal. Read the entire issue online.
Community colleges staying abreast of cybersecurity trends are turning to government and industry resources for financial and programming support. The National Security Agency offers special Centers of Academic Excellence (CAE) designations to colleges and universities based on their degree programs and alignment to specific cybersecurity requirements as validated by top subject matter experts.
Institutions wanting to pursue a CAE designation for associate-level cybersecurity degree programs must be accredited two-year community colleges or technical schools and undergo periodic re-application to the NSA to confirm their curriculum aligns to the newest standards. Nearly 80 community colleges nationwide have met the CAE designation criteria, many receiving grant funding or support for mentorship from the NSA as well as the National Science Foundation (NSF).
Colleges like Whatcom function as regional resource centers, providing best practices to would-be CAEs in preparing young participants for sought after technical positions, says Kathy Hutson, NSA’s senior strategist for academic engagement.
“We’ve renewed our focus on community colleges, because the competition for STEM talent is just incredible these days,” Hutson says. “Everyone needs cybersecurity specialists to secure their programs, whether you’re on Wall Street or a dairy farm. Community colleges are providing an extension into a pipeline that all of us are looking to build.”
While universities can become CAEs through the NSA program, the “high-touch” technical curriculum available at two-year colleges allows graduates to plug immediately into entry-level coding or analyst jobs reporting earnings significantly higher than the national average.
“Community colleges are developing a group of citizens who understand the importance of good cyber hygiene, and that can’t be emphasized enough,” Hutson says. “We need people to know they have a role to play in cybersecurity, and that’s what’s happening on the community college level.”
According to the National Initiative for Cybersecurity Careers and Studies (NICCS), a degree from a CAE-designated institution gives potential employers confidence in hiring a graduate. As “cybersecurity” itself is a broad term, the NSA recognizes 50 optional focus areas — including forensics and data privacy — that could blossom into a career in any number of industries.
For example, data scientists build AI tools that automate certain company processes, a task needed not just for the prototypical big-name tech corporation, but for any number of nonprofits and small businesses as well.
The NSA regularly updates its online knowledge units for member schools, keeping them apprised of shifting industry desires and ensuring community colleges retain their CAE title.
“Schools have to be re-designated as CAEs every five years, and not every school does so,” says NSA Director of Academic Engagement Mark Wolkow. “We keep raising the bar, and they have to keep raising the bar, too. That includes changing curriculum to be consistent with the knowledge units. Community colleges must stay relevant or they won’t be competitive in getting the students they’re trying to recruit.”
The work is out there
Moraine Valley Community College in Illinois launched its cybersecurity programming in 2002, equipping 300 cyber warriors annually to fight phishing, ransomware attacks and other Internet threats now impacting countless systems and organizations. Stackable certifications and an available associate degree upgrade the skill set of both new students and enrollees desiring a change in career, says John Sands, chair of Moraine Valley’s information technology department.
A CAE school, Moraine Valley has incorporated cybersecurity into its automotive and healthcare programs. Students are taught information assurance—referring to the protection of digital data as accessed by authorized users— alongside proficiencies for up to 54 cybersecurity roles identified by the National Institute of Cyber Education (NICE).
Moraine Valley places most of its graduates into plentiful entry-level tech positions, not only building an army of skilled workers, but erasing a stereotype that two-year candidates can’t—quite literally—hack it when it comes to the cyber industry. Today, two-year cybersecurity students are even getting hired on as consultants for governmental organizations and other entities that traditionally favor university-based talent.
“There used to be a stigma in the early days, but that’s gone away with the track record of what community colleges have been able to produce,” Sande says. “Part of it is need: Companies don’t have a lot of options these days and depend on us to fill the gaps.”