Article Published: January 11, 2016
Article Published: January 11, 2016
Chris May is the Technical Director of the Cyber Workforce Development team within the Software Engineering Institute’s CERT Division. Chris leads a diverse team of professionals on large-scale projects with numerous U.S. government agencies. He is also an adjunct faculty member with Carnegie Mellon University’s Information Networking Institute, teaching courses in applied information assurance and computer forensics.
TEQ: Chris, how bad is the shortfall of talent?
CM:This workforce shortage, which some estimate at over one million positions, hampers industry and government organizations trying to deal effectively with cyberattacks and data breaches. The greatest threat to U.S. national security is not from radicalized jihadists, the resurgence of cold war adversaries, or even weapons of mass destruction. Our greatest threat is the flood of cyberattacks that keeps rising. Americans almost universally depend on the cyber domain for most aspects of their daily lives, yet we do not have the capacity to meet the current or future demands for cybersecurity professionals without making significant changes in our direction and approach.
The next generation of cybersecurity experts are not in the pipeline, and this constitutes a serious risk. We need to train our current and future workforce by leveraging existing efforts, techniques, and approaches, and we must focus on longer-term solutions by reaching out to our young students about cybersecurity early and in compelling ways.
TEQ: What is the root of the problem?
CM:The problem is complex, but at the heart of it is that we are simply not getting the message out about cybersecurity as a career option to students in grades K-12.
By and large, our schools in K-12 typically teach programming but not cybersecurity, so our graduating students do not regard cybersecurity as a potential career choice. We have to change that if we are going to make progress.
TEQ: What can we do to change course?
CM:To get started, we have to raise awareness about cybersecurity and teach it to our students in dynamic ways. Let’s solve these problems by not just training today’s cyber workforce, but also by sharing and leveraging existing cyber training content more widely. By developing STEM initiatives with counselors, educators and students, we can energize the cyber workforce of tomorrow and take some positive steps in the short term.
We also need to provide content that caters to what appeals to kids in this generation—content that’s game based, collaborative, and connected. By leveraging our youth’s obsession with video games, we can build cybersecurity interest, knowledge, and skills. Given proper emphasis by educators, policy makers, and technologists, it’s possible to produce a blockbuster, pedagogically focused cybersecurity video game within a short time. A supporting program of online cybersecurity training and community resources would enhance the appeal and effectiveness of this potentially “game-changing” educational initiative.
We should also encourage our nation’s two-year colleges to build programs that emphasize cybersecurity. A two-year approach would give students a solid technical foundation that’s rich enough to allow new graduates to enter the workforce and succeed in the field of cybersecurity. After all, many cybersecurity jobs don’t require a PhD or other advanced degree.
TEQ: What are CERT’s contribution to this area?
CM:Right now, CERT’s Simulation, Training and Exercise Platform (STEP) provides cybersecurity professionals with a rich resource of training and skill development important to their work. This online cybersecurity education and training system has had over 100,000 U.S. government learners and offers thousands of hours of cybersecurity content that can be scaled to support millions of online learners cost effectively.
Making existing systems and capabilities such as STEP available to our local school districts allows teachers to build their own cyber knowledge and create tailored programs that engage our students. The video-captured classroom instruction in cybersecurity, as well as hands-on practice labs and numerous team exercises in STEP could be an immediate resource for K-12 teachers and STEM-focused high school students.
Working together, we can solve these problems. CMU already has unique online cybersecurity education and training capabilities that can be scaled to reach primary and secondary schools locally and throughout the nation.
TEQ: Why is this a major focus at the CYBURGH, PA event?
CM:Our hope is that the CYBURGH, PA event serves as the catalyst of a national cybersecurity education program focused on improving and broadening the U.S. cybersecurity workforce pipeline.
However, to achieve this goal we need to start here at home. All this activity, centered in Pittsburgh, can create a hotbed for growing cybersecurity talent that can serve as an example for others throughout the U.S. and abroad.