Conventional wisdom says businesses that lack security expertise often hire MSSPs to close the cyber talent gap. But where do MSSPs go to recruit, hire and train their talent? If Microsoft has its way, the answer may increasingly involve community colleges.
Indeed, Microsoft has launched a national initiative to help fill the cybersecurity workforce gap, positioning community colleges as the centerpiece of the training and recruitment effort.
In calling nearly 1,100 U.S. community colleges the “single greatest potential asset” to grow the cybersecurity workforce, Microsoft said it will launch a campaign to help prepare and recruit 250,000 people by 2025 to fill the nearly 500,000 open jobs nationwide that require cybersecurity skills. Microsoft did not offer any details on how much money will go into the program.
Community Colleges and Cybersecurity Training: A Universal Talent Pipeline?
While Microsoft acknowledged that it will employ some of the new entrants, the company said the “vast majority” will work for other employers nationwide. Should the program reach its goals, it would cut in half the nearly 500,000 open cybersecurity jobs in the U.S.
Amid that backdrop, now could be the time for MSSPs to approach community colleges about internship program strategies and first steps to build longer-term talent pipelines.
“The country’s cybersecurity challenges in part reflect a serious workforce shortage,” Microsoft president and vice chair Brad Smith wrote in a blog post. “Until we redress the cybersecurity workforce shortage, we will fall short in strengthening the country’s cybersecurity protection.” In a nod to the bigger picture, Smith said the “constant foreign cybersecurity attacks” threaten not just businesses but also daily life.
Microsoft set the scene with some statistics on the U.S. cybersecurity job market:
- For almost every two cybersecurity jobs in the U.S. today, a third remains unfilled because of a shortage of skilled people.
- Currently, there are 464,200 open jobs in the U.S. that require cybersecurity skills. They account for six percent of all open jobs in the country. That means more than one out of every 20 open jobs in America today is a job that requires cybersecurity skills.
- On average, cybersecurity jobs pay $105,800 per year, and some offer a growth path to the C- suite.
- Many of the open cybersecurity jobs don’t require a four-year college degree. Students can qualify for cybersecurity jobs with an industry-recognized certificate or an associate degree from a community college.
Here’s what Microsoft plans to do:
- Provide every community college in the country (and all higher education institutions) with access to free curriculum, educator training, and tools for teaching. The program will be delivered through Microsoft’s Learn for Educators.
- Partner with the National Cybersecurity Training & Education Center to help 150 community colleges to train and retain cybersecurity faculty. The goal is to set a foundation for cybersecurity training at nearly 15 percent of the community colleges nationwide.
- Provide grants to fund and provide technical assistance to 42 community colleges that are accelerating their cybersecurity programs, in a collaboration with the American Association of Community Colleges (AACC).
- Launch a new national scholarship program to provide scholarships and additional resources that will reach at least 25,000 students during the next four years.
Cybersecurity Training and Community Colleges: Addressing Diversity?
In terms of numbers alone, the pool of potential candidates for cybersecurity jobs is encouraging. Currently, about 82 percent of the country’s cybersecurity jobs are held by men and 80 percent by people who are white. Community college trained cybersecurity people could help to change those figures. Based on AACC figures, of the nearly 12 million people enrolled in one capacity or another, 40 percent are black, African American or Hispanic; 57 percent are women; five percent are veterans; 20 percent are people with disabilities; and 29 percent are first generation.
With technology companies facing justifiable criticism over a lack of diversity among their ranks of cybersecurity professionals, community colleges could present a fertile source to address that issue. Along those lines, Microsoft said it is prepping similar programs to include the nation’s Historically Black Colleges and Universities and Hispanic-Serving Institutions as well as four-year universities.
“We believe the steps we’re taking today can make an important contribution to addressing America’s cybersecurity workforce shortage,” Smith said. “But we also know that much more is needed. That’s why we are thinking about this effort as not just a program, but a campaign.”