DETROIT – Education provides a funnel where what we really need is a firehose to meet the demand for properly trained and educated cybersecurity workers -.  What do I mean by “Properly trained and Educated”? We need to get up-to-speed on what is necessary to be successful in real cybersecurity careers today.

Every employee in the organization should understand the importance of cybersecurity and how it effects their job and how they can make a difference in their corporation, locally, state-wide and with the security of our nation.  They all need an understanding of the basic cybersecurity principles and the extremely wide range of cybersecurity jobs begging to be filled. In short we need to have a cultural change to ensure that our employees at every level in the organization hit the ground running.

First, we must reach a larger more diverse population of workers. In essence, we need to increase the number of students who enter the interesting and varied career pathway that constitute the profession. We do this by adopting up-to-date approaches to recruiting students into education and the workforce pipeline. These modern approaches should resonate with the groups that are just entering the field.

We can no longer let education and employment recruiting methods become a barrier to entry in the field of Cybersecurity.  We need to turn the funnel over and start developing millions of cyber warriors from our amazing diverse population! While we still need a population of super techies, we also need to appeal to the larger segment of highly relevant and necessary skills and interests required to address the many varied threats in cyberspace.

I cannot tell you the number of professionals and educators that I run into that are still looking for recruits that look and act just like them.  Quite frankly it makes me truly discouraged, to hear folks talk about how we need more coding in the schools and more engineers. Then to top it off, you have the employment recruiters with the same list of credentials we have used for technical jobs for decades, “must have computer science or engineering degree.”

Whereas…  The National Institute for Standards and Technologies workforce framework for Cybersecurity (NICE) https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center, the government agency that has defined what a Cybersecurity workforce looks like,  has actually specified 950 career pathways.

So, there is no one size fits all solution to our talent shortage in cybersecurity.  I am not going to throw a bunch of statistics at you to prove that the bad guys are winning. They are, and they are doing it by dipping into a diverse employee pool.

Therefore, we must take a hard look at the who, how, what and where we are looking for our future cybersecurity workforce.

Who is doing the recruiting and teaching: Using the same old method, or do we have folks that look like and are like the recruits we need in the field? And if not, why not???

How are we casting the net for recruits? Do you use biometrics-what is the model, employee recruitment bonuses, fully automated job posting, or are you physically/virtually investing in our future employees during their education, via internships, co-ops, lending support in the classroom(mentorship}. Encourage your employees to mentor at our local Career & Technical Education(CTE) high schools https://www.michigan.gov/mde/0,4615,7-140-2629—,00.html or as a cybersecurity competition coach or mentor. https://www.micyberpatriot.com

What are we looking for: Are you recruiting using the same lens you used prior the explosion of hackers and malice actors we are facing today? Are you informed about the many different job responsibilities and what academia, industry and government have come together to provide in the creation of the NICE workforce framework? Which lists, 950 different cybersecurity jobs. Does the hiring manager/staff want to hire folks that look and react just like they would to our ever changing threat landscape, or are you looking for a diverse agile workforce?

Where are we looking: Again, are you strongly relying on employee recruitment bonuses and what lens does that employee wear? Do you actively recruit or  simple post your job openings-hoping a correctly trained and educated, diverse population has access to that posting?  Does your HR staff use the NICE workforce framework as a guide?  Do you recruit from the Center’s of Academic Excellence programs that the National Security Agency and Department of Homeland Security have vetted?  We have thirteen in the state of Michigan alone.

https://www.iad.gov/NIETP/reports/cae_designated_institutions.cfm

Do your recruiters visit the local high schools during cyber competitions or summer camps http://www.micyberpatriot.com https://events.esd.org/cyber-summit/ How about the collegiate cyber competitions? National Collegiate Cyber Defense Competition, National Cyber League,  Ec-Council’s Global CyberLympics, US Cyber Challenge, SANS Netwars . . .

Looking for some opportunities to put some skin in the game?  Become a mentor for the fastest growing Middle School and High School cybersecurity competition in the country.  www.uscyberpatriot.org or locally contact Tamara Shoemaker at www.micyberpatriot.com  or [email protected]

Tamara Shoemaker, Director of the Center for Cyber Security and Intelligence Studies at the University of Detroit Mercy, Founder of the Michigan CyberPatriot Program