The demand for cybersecurity professionals is growing faster than higher education institutions can meet it. As community colleges aim to do their part in filling this critical workforce gap, they face a key stumbling block: convincing employers of the value of an associate degree in this field.
Editor’s note: This article is the second of two in a series on cybersecurity training at community colleges. Read the first one.
Many community colleges have added or expanded cybersecurity degree and certification programs in response to this escalating need. While campus leaders note that their students have successfully landed cybersecurity jobs after completing these programs, community colleges are limited in how effectively they can fill cybersecurity workforce needs by employers’ expectations.
Burning Glass Technologies, which provides real-time data on labor market trends, reports that 86% of cybersecurity job postings in the private sector require at least a bachelor’s degree. Most public-sector jobs require the same.
Corrinne Sande, director of computer sciences and information systems at Whatcom Community College in Washington, said the biggest challenge community colleges face in bridging the cybersecurity workforce gap boils down to one word: branding.
“There is a lack of understanding about what community college graduates can do,” said Sande, who leads the National Cybersecurity Training & Education (NCyTE) Center at Whatcom.
Graduates are well prepared
Sande and John Sands, chair of the computer integrated technologies department at Moraine Valley Community College in Illinois, co-authored a 2019 study examining the types of jobs filled by graduates from a dozen of the leading cybersecurity programs at community colleges.
They found that community college graduates were employed within all seven of the top-level cybersecurity domains identified in the National Initiative for Cybersecurity Education (NICE) Workforce Framework — securely provision, operate and maintain, oversee and govern, protect and defend, analyze, collect and operate, and investigate — and 48 of the 52 specific job roles.
What’s more, 84% of graduates agreed that their community college education prepared them well for their current cybersecurity job — and 65% strongly agreed. About three out of four graduates said they earned at least one industry certification as part of their associate degree program.
The study confirmed that community colleges are doing a good job in preparing students for all types of cybersecurity roles, said Sands, who heads the Center for Systems Security and Information Assurance (CSSIA) at Moraine Valley.
Employers must be willing to hire community college graduates and invest in their career development, Sands said. If employers do this, they will be richly rewarded.
“I know former students who are now full-blown security analysts,” he said.
Outreach is key
Talking regularly with local employers is important in helping them understand the value of a cybersecurity associate degree.
Like most community colleges, the College of Southern Maryland (CSM) has program advisory committees comprising local business representatives who advise the college on its career and technical education programs. CSM uses these forums to educate employers about the skills that cybersecurity students are learning and the jobs they’re qualified for when they graduate.
Lakisha Ferebee, acting department chair of technology, said the college’s AAS in cybersecurity degree prepares students for careers in networking, IT support, digital forensics, incident response and systems administration, among other roles. The college works closely not only with local businesses but with partners such as U.S. Cyber Command and the National Security Agency (NSA) to ensure that students are workforce-ready when they graduate.
“We’ve had very good success with having our graduates placed in jobs,” Ferebee said. Cybersecurity graduates from the college have found jobs with NSA and Southern Maryland Electric Cooperative, among other organizations.
Still, Ferebee acknowledged that many cybersecurity positions remain unavailable to graduates with an associate degree.
“Reach out to your business community and build relationships,” she advised. Community colleges “are a key workforce pipeline, and our communities need to know they can turn to us for help in ongoing skill-building.”
Employers are ‘hurting themselves’
Aside from community outreach, taking part in local and national IT security challenges also helps community colleges show employers what their students are capable of.
“Many community colleges compete in the National Collegiate Cyber Defense Competition,” Sands noted. “When businesses see community college students in action, competing with students from four-year institutions and doing well, this helps change perceptions about the value of a two-year degree.”
At the end of the day, Whatcom’s Sande said, the only thing that should matter to employers is: What tasks should cybersecurity professionals be able to perform — and can job applicants handle these responsibilities?
By not considering candidates with a two-year degree, even as they struggle to hire cybersecurity professionals, “employers are actually hurting themselves,” she said.