Cybersecurity needs more workers. This refrain echoes in every corner of the cybersecurity community, in established corporations and start-ups, the White House and your state and local government. Current estimates place the workforce shortage at 1.8 million by 2022. The National Initiative for Cybersecurity Education has produced useful tools to help address this gap, both creating common language to describe many cybersecurity jobs and providing detailed information on the current state of the job market. But truly filling the range of positions needed in the U.S. (not to mention globally) will take new approaches and changes to the way employers, job seekers, educators, and policymakers think about cybersecurity positions.
In part because a cybersecurity worker can be such a diverse range of individuals, it can be difficult for employers (especially those that don’t specialize in tech or cybersecurity) to know what to look for and how to communicate it. Should the job postings require four-year degrees? Graduate degrees? What about industry certifications? Work backgrounds? What terminology should employers use to describe the position? The answers to those questions can have a profound effect on both the employer- and employee-side of the job market, which is why we are working to identify solutions and partners that will allow employers to connect with a larger and more diverse workforce.
The road to meeting job market needs isn’t much clearer for much of the educational pipeline either. A handful of foresighted universities have identified the opportunity that the cybersecurity workforce shortage presents, and federal grants to universities are funding curriculum developments to support that growth. But change in academia doesn’t happen overnight, and as it stands, the higher education system alone lacks the capacity to train all the workers the industry needs. Furthermore, there is a strong argument that not all cybersecurity positions require a four-year degree.
A range of alternative education and training options stand to fill this gap in the workforce. Community colleges are increasingly getting involved in cybersecurity, recognizing the opportunity to work with both entry-level workers and later career workers looking to change their career path. Cybersecurity bootcamps are also an emerging training solution to address the workforce gap. These accelerated programs—often requiring weeks or months, rather years—can train workers to the specific set of tools and practices they would need in a cybersecurity career.
Here at C2B, we support all these measures—both traditional and alternative—which fill out the ranks of the cybersecurity workforce while creating economic opportunities for new workers. A diversity of such options is critical to a healthy cybersecurity ecosystem. Over the course of the coming months, we’re diving into one alternative in particular: apprenticeships, which combine the benefits of classroom instruction and on-the-job training, and stand to benefit both employers and employees. Depending on how programs are implemented, apprenticeships could make significant strides towards expanding the cybersecurity talent pool to incorporate workers who might not otherwise fit the typical cybersecurity “mold.”
Working with New America’s Center on Education and Skills, we will be exploring the potential pathways available through apprenticeship systems. By examining best practices and interviewing practitioners who have established programs themselves, we will be seeking out information and lessons-learned in designing, implementing, and managing apprenticeships. Our goal is to help pave the road to successful cybersecurity apprenticeship programs for others to follow, building out the workforce, creating economic opportunities, and incorporating greater diversity—in all its guises—into the cybersecurity workforce.