Community College Intermediaries in Cybersecurity and Technology

Some colleges have taken innovative approaches to find external partners to fill these gaps.

IT and cybersecurity are among the most exciting and the most complicated sectors for apprenticeship development. The required skills are highly technical; qualified mentors are expensive and rare; and jobs in the field can be very well-paid, attracting abundant interest from prospective apprentices. The allure of cybersecurity apprenticeships has prompted federal legislation as well as a dedicated initiative from the Department of Labor.¹ But there are risks as well. In a program managed by the University of Colorado at Colorado Springs, whose collapse was covered by journalist Greta Anderson last year, excitement among prospective apprentices gave way to deep disappointment when placements failed to materialize.² 

Despite the exciting potential for transforming career preparation and higher education through apprenticeships in IT and cybersecurity, higher education institutions must be careful not to underestimate the challenge of starting and maintaining these programs. Especially in nontraditional apprenticeship occupations typically accessed through college pathways, it is easy for colleges to misjudge the effort required of effective intermediaries. Burgeoning student interest in paid, career-focused pathways like apprenticeship can make miscalculation by would-be community college intermediaries even riskier.

But well-designed IT and cybersecurity apprenticeships can live up to the hype, and colleges and universities can have an important role in growing them. A look at three community colleges with cybersecurity programs in Texas, Colorado, and Maryland provides lessons for schools interested in working as intermediaries to support programs in these and other well-paid nontraditional apprenticeship sectors. Each program approaches the intermediary role and the development of their programming differently, but each has built successful apprenticeships for students in part as a result of their ability to tailor their programming with labor market needs and engage in a timely manner and in meaningful ways with employers. In some cases, they engage via third-party partners, and in others, they conduct widespread and varied outreach in order to work with both large multinational and small local employers.

Claims of “skills gaps“ or “workforce shortages“ have sometimes been used to shift responsibility for workforce training off employers and onto education systems and job seekers themselves.³ In cybersecurity, however, there can be little doubt: there are many more open jobs than qualified applicants to fill them. CyberSeek, a labor market intelligence partnership, estimates that there are over 570,000 open cybersecurity jobs.⁴ According to ISC2, a certification body, there are at least 400,000 more open jobs than there are candidates to fill them.⁵

In response to the shortfall of cybersecurity talent, many new apprenticeship partnerships have included it among their target occupations. IT occupations including cybersecurity are the third most popular targets of states receiving federal apprenticeship grants and USDOL funds seven national organizations to support IT apprenticeships, including one that focuses specifically on cybersecurity and another focused on cybersecurity youth apprenticeships.⁶ 

San Jacinto College, a 30,000-student community college southeast of Houston, is among the recent entrants into the work of cybersecurity and IT apprenticeship intermediaries. The college received $12 million in 2019 to launch Texas Is IT! (TXIT), a four-college consortium aimed at training 5,000 new IT professionals through apprenticeship by summer 2023. San Jacinto’s experience highlights some of the challenges facing colleges working to quickly scale up apprenticeship offerings in cybersecurity, IT, and other nontraditional industries.

The key challenge in developing nontraditional programs returns to the basics of apprenticeship at the individual level: programs must be designed to fit well with a specific job needed by a specific employer. Cybersecurity and IT jobs have in common that they all focus on computers and other networked information systems, but a huge array of subfields exist, each with their own essential tools, technologies, and competencies. Software development requires programming languages that a network administrator will never use, while roles in cybersecurity risk management more closely resemble the jobs of lawyers and accountants than those of cryptographers.

TXIT is about two-thirds of the way to its training target, with its placements spread across 11 IT roles. Tellingly, it has placed only two apprentices as information security analysts, a relatively advanced cybersecurity role focused on monitoring networks for suspicious activity and keeping security systems up to date. Other prospective cybersecurity employers have found it difficult to work mentorship time into their staff members’ schedules, or to provide appropriate training tasks for apprentices. The work of a cybersecurity analyst is both sensitive and highly technical, according to Pilar Martinez, who formerly managed TXIT for San Jacinto. One of the two cyber apprentices had to take extra classes just to meet their job’s initial requirements. And the challenges aren’t just confined to San Jacinto: two of the initial colleges in TXIT dropped out, owing to the costs and challenges of coordinating high-quality apprenticeships in IT fields.

San Jacinto College has excelled in the work of employer engagement, however. Smaller companies are more easily convinced than larger ones to hire apprentices, Martinez finds, unless a larger company already has apprenticeships in place, as IBM and Lockheed did. One small company, Sunbelt Supply Co., agreed to work with San Jacinto to set up an IT apprenticeship at the request of a student who was an incumbent employee. The college has distinguished itself by recruiting a mix of large and small companies to employ apprentices. Big names like Lockheed Martin and IBM—the latter of which has used remote work arrangements to take on over 400 apprentices and 1,300 pre-apprentices—stand alongside small local employers hiring two or three apprentices at a time.

Serving as an intermediary can be a challenging role for community colleges, but there is nothing to say that colleges must go it alone. In some cases, it may make sense for colleges to seek support for their intermediary operations. As ApprenticeshipNH has grown, for example, the team has implemented a new software-as-a-service platform for data and accountability. At Arapahoe Community College (ACC) in the Denver suburb of Littleton, Colorado, the apprenticeship team has gone even further, contracting with an additional intermediary organization to help grow its cybersecurity apprenticeship offerings. 

Arapahoe offers apprenticeships in a variety of fields, including health care, automotive technology, utilities, and even a new program (still in development) in property management. But cybersecurity is not like other fields. “You can’t just do it like you do in other fields, where you talk to HR. You need to talk to their [chief technology officer],” says Eric Dunker, formerly Arapahoe’s vice president for workforce development. Despite their existing offerings in IT occupations, Dunker and his team did not feel they had the right experience with cybersecurity roles to start advertising cybersecurity pathways as an option. So with a 2020 subgrant from the Colorado Community College System, they began working with CyberUp, a nonprofit intermediary based in St. Louis, MO, with a history of work in cybersecurity and IT apprenticeships.⁷ Arapahoe’s partnership with CyberUP is a good example of working with other organizations to meet all of the intermediary role requirements.

“The audience we talk to is heavily pestered,” says Tony Bryan, CyberUp’s executive director, of cybersecurity and tech company leaders beset by consultants and vendors, adding, “there’s a lot of white noise.” To cut through the chatter, Arapahoe and CyberUp make their pitches to employers precise and actionable, bringing occupational templates that can be adjusted to fit employers’ specific needs. Dunker’s team also works with Courtney Loehfelm, executive director of the college’s foundation, to secure start-up funding for initiatives like the cybersecurity apprenticeship. Start-up funding allows ACC to cover the cost RTI for apprentices, sweetening the deal for their employers; once programs are established, the apprenticeship team pursues grants from the state, federal government, and other sources to keep them running.

Transparency is just as important in ACC’s communications with prospective apprentices as it is with employers. “We’re very up-front with our students that their first job may not be in cybersecurity,” says Dunker. “No matter how many degrees you have,” he continues, “you need some experience in tech to move into cyber.”

Before prospective apprentices apply to programs, career navigators at ACC’s Sturm Collaboration Campus “play matchmaker,” helping them to find internships, pre-apprenticeships, co-ops, and job shadowing experiences to build career awareness and workplace experience. Then, once they’ve completed the prerequisite coursework, they can apply for an apprenticeship program that matches their career goals. Lockheed Martin, which has taken seven apprentices, hires accepted students into three-year software development apprenticeships while they concurrently pursue bachelor’s degrees. If prospective apprentices need more time to develop foundational IT skills, they could be hired into an IT help desk role, earning while they learn, on the way to more advanced cybersecurity roles. 

Arapahoe does not claim to have cracked the code for apprenticeship in cybersecurity. Even businesses that are desperate for talent avoid uncertainty when hiring for sensitive roles, and cybersecurity apprenticeships, though expanding, remain uncommon.⁸ And many tech roles, including those in cybersecurity, require employers to sponsor apprentices for security clearances—a costly process that can take 18 months or more. 

Even so, ACC’s partnership with CyberUp has helped it establish credibility as a cybersecurity intermediary, doing right by its students as well as its employer partners. Bryan credits Colorado’s governor, Jared Polis, as well as the state’s Department of Labor and Employment for their leadership and encouragement of nontraditional apprenticeship expansion, including through partnership with higher education institutions. ACC’s leadership, for its part, has decided to commit to apprenticeship expansion as a core institutional strategy as well. In light of his team’s success as a multi-sector apprenticeship intermediary, Dunker says, “our college has seen the [return on investment] and is investing general funds in our positions.” 

ACC’s early successes with cybersecurity apprenticeship show the importance of credible, sector-specific expertise in launching programs in nontraditional sectors. A cyber apprenticeship pilot at Howard Community College (HCC) in Columbia, Maryland also bears the hallmarks of development through industry expertise. One part of a broader apprenticeship strategy, HCC’s cybersecurity program benefits from shared processes that support apprenticeships in traditional as well as nontraditional sectors. The sponsor for HCC’s apprenticeships varies by program. In nontraditional occupations where no established sponsors exist, like IT and surgical technology, HCC serves as the sponsor; for traditional trades apprenticeships, unions and industry associations already do the job well.⁹

HCC launched its IT apprenticeship with AT&T in 2019, with funding under the ECCA initiative managed by the American Association of Community Colleges.¹⁰ Apprenticeships are available in four IT fields: IT field support, network support, Linux system administration, and information systems security, also known as cybersecurity. Since AT&T employs apprentices on government contracts, applicants are pre-screened for security clearance eligibility. For every 50 applicants, program staff say, only about eight make it through the screening and the subsequent interview with AT&T; these apprentices then work part-time on non-sensitive tasks while the clearance process is conducted. A separate subcontractor employs some IT apprentices on projects that do not require a clearance. 

Having an employer champion for apprenticeships in a field like cybersecurity is critical, says Minah Woo, HCC’s vice president of workforce, innovation, and strategic partnerships. Convincing employers to train their own IT workforce instead of hiring based on academic degree is challenging, but not impossible. “In their minds, if they hire people with degrees, they don’t have to do as much training,” Woo says, “but if you talk to them, you realize they’re already doing a lot of training, plus all the resources they’re putting into turnover and headhunters.” Although AT&T is a standout partner, says Jeffrey Richmond, HCC’s director of apprenticeship and workforce innovation, champions don’t have to be big companies. He echoes the sentiment of Pilar Martinez at San Jacinto College: “The big ones are great, but the smaller ones are great, too, even if they’re only bringing in one or two apprentices.”

Once employer partners, whether large or small, are in place, community college intermediaries like HCC can start to refine their program design to deliver more benefits to student apprentices. HCC’s IT apprentices take advantage of the reduced workload of their pre-clearance phase to focus on obtaining key industry certifications that help build job readiness. Apprentices in the AT&T programs also earn college credit, and many continue to take college courses using AT&T’s tuition reimbursement benefit after they complete their programs. While Woo and Richmond are always glad to see that happen, they maintain that the movement towards skills-based hiring informs their apprenticeship strategy. “We want to disassociate degrees from competencies,” Woo says. “The sooner they complete their apprenticeship, the sooner they get their full salary. We don’t want their Psychology 101 class to be the reason they don’t get their full salary.” By front-loading job-essential courses, Woo says, students can complete their programs and get to full pay sooner. 

These three colleges demonstrate the different ways that employer relationships can be built, and how important these relationships, and employer champions, can be to the success of a program. They also demonstrate the challenges of cybersecurity and IT apprenticeships, because they serve an occupation that is highly customized by the employer and role. It can be difficult to find roles for trainees on the job, particularly for the sensitive roles requiring security clearances. The workforce shortage creates a lack of staff to provide mentoring support. It is also very challenging work that only some people are cut out for, narrowing the field of possible apprentices.