The National Security Agency (NSA) and Department of Homeland Security (DHS) have designated Baylor University as a National Center of Academic Excellence in Cyber Defense (CAE-CD).
Developing the Next Generation of Cyber Defenders
The program is designed to address the cybersecurity skills gap, which is estimated at greater than three million job openings in the field and a lack of qualified personnel to fill them. It promotes higher education as one solution to defending the nation’s cyberspace.
The initiative, which is part of the Waco, Texas-based university's cyber research and education program, aims to provide students with cyber-related facilities and capabilities, and includes faculty from Baylor’s engineering, computer science, business, and arts and sciences schools.
There are more than 400 accredited colleges and universities in the U.S. and Puerto Rico designated as CAE-C, according to the CAE in Cybersecurity Community web page. The National Centers of Academic Excellence in Cybersecurity (NCAE-C) program is managed by NSA's National Cryptologic School. Federal partners include the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Institute of Standards and Technology (NIST)/National Initiative on Cybersecurity Education (NICE), the National Science Foundation (NSF), the Department of Defense Office of the Chief Information Officer (DoD-CIO), and U.S. Cyber Command (USCYBERCOM).
Academic institutions must choose between three designations: Cyber Defense (CAE-CD), Cyber Research (CAE-R) or Cyber Operations (CAE-CO). CAE-designated institutions must complete validation of a program of study, which is a series of courses and experiences that a student can reasonably accomplish in the course of attaining a degree or completing a certificate.
The goals of the CAE-CD program are:
- Reduce vulnerability in the national information infrastructure by promoting higher education and research in cyber defense.
- Produce a growing number of professionals with expertise in cyber defense disciplines.
- Proactively increase understanding of robust cyber defense technology, policy and practices that will enable the nation to prevent and respond effectively to a catastrophic cyber event.
- Contribute significantly to the advancement of state-of-the-art cyber defense knowledge and practice.
“Security of our digital infrastructure is essential to individual privacy, our economy and U.S. national security,” said Jeff Donahoo, Ph.D., professor of computer science who leads Baylor’s Cybersecurity Research and Education Initiative and specializes in responsible AI, cybersecurity and networking. “The NSA CAE-CD designation recognizes Baylor as a critical part of the solution through interdisciplinary cybersecurity workforce development, thought leadership and research.”
While higher education is seen as a path to harness cybersecurity talent, other avenues are emerging, such as community colleges, apprenticeship programs, recruitment from other fields, upskilling, trade schools, programs for veterans and outsourcing.
MSSPs Needed More Than Ever
Indeed, managed security service providers (MSSPs) are filling a huge gap in skilled cybersecurity personnel at nearly nine of 10 organizations surveyed in a recent study by the Neustar International Security Council (NISC). Nearly nine-tenths (89%) of security professionals participating in the survey said their organizations had somewhat (45%) or greatly (44%) increased their reliance on external providers due to the ongoing talent shortage. The research was conducted in March, 2022.
Most organizations are looking for individuals with cloud security skills (64%), followed by network operations skills (55%) and risk management and application development security skills (both 51%). Slightly less than 30 percent said they were actively seeking to hire for DevSecOps skills.
In another recent study, the International Information System Security Certification Consortium, commonly known as (ISC)² and widely regarded as the world’s largest IT security organization, estimated that the cybersecurity profession worldwide needs to add 3.4 million people to close the gap between open jobs and qualified workers. Despite the cybersecurity workforce adding nearly 500,000 jobs by mid-2022 to some 4.7 million professionals who work in the field, the gap between available jobs and qualified workers to fill them has spiked by 26% from last year, the association said.
(ISC)² conducted a global study of nearly 12,000 individuals responsible for cybersecurity at their workplaces in May and June, 2022. The survey found that 70% of respondents report their organization does not have enough cybersecurity employees. More than half of organizations with workforce shortages contend that staff deficits put their organization at a “moderate” or “extreme” risk of a cyberattack.