This is discussed at meetings, in reports, and in the media on a regular basis. Many of the service providers that I work with share this concern all the time. It is not uncommon to hear that millions of cybersecurity jobs go unfilled every year. What can be done to solve this problem?
My son will be graduating from high school very soon, so I will share his experience first. When kids go into high school, they are told from almost the first day that they need to decide on and commit to what they want to be so that their counselors can focus them on that area. From there on out, it is all about getting the best GPA so they can get a good score on the SAT and get into a good college. Guess what vocation is not listed as they are deciding all of this? Cybersecurity.
Colleges have been building this curriculum as quickly as they can for the last five years or so to help meet demand. Normally, it falls under some type of Computer Science major. Unfortunately, because most of these students were not aware of cybersecurity in high school, they tend to look at other majors first. Another challenge is that most cybersecurity positions require a bachelor’s degree – what about the kids that don’t follow the traditional path and go to a technical college?
The curriculum in computer science is great for learning about computers and networking, but it typically doesn’t include more than a section or (if they are lucky) a class on cybersecurity. The challenging part about this is that students may know all that conceptual knowledge, but practical experience using this is typically left up to the first company that hires them. Many graduates who take positions in a SOC only last six months or so because they do not have this practical experience.
What is the solution? We need to create more on-ramps into the cybersecurity profession, and we need to create more opportunities for practical experience in our business. A great example is the Stellar Cyber collaboration with Boise State.
Boise State has a cybersecurity program called the Cyberdome. The program was developed by Ed Vasco, who is an industry veteran that built and sold two MSSP companies. His goal was to significantly increase enrollment, but more importantly, he wanted to make sure that graduates from his program have practical experience in a SOC. Ed also knew that there are many small communities in Idaho that cannot afford or find cybersecurity analysts.
Ed decided to build the Cyberdome so Boise State could be part of the solution. First, he secured a grant from the state to begin building the SOC. He chose an Open XDR platform for the SOC and is enabling students who want to participate in the Cyberdome SOC. The students will run the SOC to get practical experience. Then, Ed went out to several communities and state agencies to offer his SOC’s help. Several communities, including Sun Valley, gladly accepted the help.
In the future, we will look for ways to begin educating high school students about careers in cybersecurity. We will also look for ways to connect with technical colleges to help them build curriculum for students who do not want to commit to a four-year university. Now, we just need your help to join us in our journey to help solve the talent shortage. Please reach out to me if you are interested. [email protected]