It is well known that the cybersecurity industry lacks skilled professionals to fill the available jobs. CyberSeek, an initiative funded by the National Initiative for Cybersecurity Education (NICE), reports that the United States faced a shortfall of almost 314,000 cybersecurity professionals as of January 2019. There are many reasons for this gap.
According to a recent study, only 1 of the top 36 college computer science programs in the country requires a cybersecurity course for graduation. Computer science majors emerge from college without being equipped to enter the cybersecurity field. Most high schools do not offer any cybersecurity classes at all. With the rapidly expanding Internet of Things (IoT), the ubiquity of cloud applications and the rise of hacking attacks, corporations are finding it difficult to find qualified cybersecurity professionals to help protect their assets.
Education and training have always been the main weapon to combat the cybersecurity job gap. Since there is a shortage of cybersecurity professionals to fill high paying jobs, just imagine the shortage of trained cybersecurity professionals that are working in a much lower-paying job: teaching. If there are not enough to fill high paying jobs, the number of professional people in lower-paying jobs has to be minuscule.
Before I retired from teaching, I taught several STEM classes: cybersecurity, technology literacy, computer applications, networking, intro to computing, advanced computing, computer apps, computer forensics, and health and information technology (HIT). I’ve had professional experience in all of the subjects that I taught.
Before becoming a teacher, I worked in the military as a telecommunications chief in the Army Signal Corps and I spent an additional 11 years in the private sector, first as a network analyst at Time Warner Telecom, then as an independent contractor writing contingency plans for a data center. By the time my children were grown and out of the house, I figured that I could fulfill my dream of becoming a teacher, something that I always wanted to do. I walked into teaching with my eyes open, knowing I was going to take a huge hit in my paycheck. I made that decision and to this day I never regretted it.
I knew my school would have difficulty finding someone to teach those classes. The cybersecurity class was the course most important to me because of the relevance it has on our society today and its importance in the future. Most people who have a high level of cyber technical skills are working in the private sector, not in the classroom. There are plenty of people out there to teach those courses. Schools are offering highly skilled people $35,000 a year to teach and the starting salary for a cybersecurity professional is more than double that amount. Young people coming out of college, no matter how starry-eyed or altruistic, would not find teaching a valuable option. Of course, it would be very difficult to turn down almost double a salary. But on a more pragmatic reason, it is difficult to raise a family on a starting teacher’s salary. Many teachers have to get second jobs to support themselves at a reasonable level.
My school did not find anyone to teach the cybersecurity classes and the courses I taught were dropped. Students no longer had the option of taking cybersecurity classes. This problem is not local. This is a problem that is being played out all across America. The tug of war between the cybersecurity industry and educational intuitions is one-sided. Commercial industries are sapping all of the great potential teachers, leaving schools scrambling to figure out how to prepare students for a cyber literate future and how to compete for the best people to teach those students.
However, I have to admit, if I was young and coming out of college with a degree in computer science or cybersecurity at this time, I would not even consider teaching. For one thing, it would be difficult for me to raise a family or buy a decent home with that starting salary. The lure of much more money and fewer hours on the job would be enough for me to ignore a possible career in education.
Of course, there are many excellent teachers in the STEM field. I know many of them and they are doing an incredible job. Almost none of them are younger than 35. Many of these teachers have a background similar to mine. They came not straight out of the school of education, but the technology industry itself. Many of the degrees are for programming, networking, and engineering. Just like myself, they worked in the industry before they started teaching. Their experiences in the technology world bring and an extra layer of education that is extremely valuable to students. Again, these types of teachers are in high demand and there is a shortage of these teachers and the margin is growing wider each year. Older, teachers who have technology experience in the business world are retiring and not being replaced at the same rate they are leaving.
There is no shortage of ideas that combines education institutions and the job sector. And to be frank and honest, many ideas and programs are very good. But many of these programs seem to work on the peripherals of the problem and the schools themselves. If you speak to the folks that run these programs, they can give you good stats and boast about how they are reaching students and doing innovative things by bringing together educational, and workforce entities. These people are not lying, but what they are solving is only a drop in the bucket. Since most of these programs are centered on local collaboration, it is not easy to duplicate in other municipal environments across the state or other cities, as the dynamics in each place is different and getting all of the players to come together and work for a common cause is not easy. The logistics for making this happen varies wildly from place to place and there are no procedures in place to make this a standardized operation. The bottom line; these well-meaning programs do not have the effect that the project managers would lead you to believe.
The real test to see exactly how these programs are working is to visit a public school, any middle or high school, and take a good look at the programs there. How much cybersecurity is being taught? Does this school even have cybersecurity classes? You will find many schools with extraordinary programs, but more times than not, you will see a lack of cybersecurity classes being offered. All of the stats from these programs and community collaborations are not doing much for those schools. If these local programs and collaborations work, for even a small number of students, there is an urgent need to expand those programs to reach a large number of people that would begin to solve the problem of lack of adequate cybersecurity training.
There are a few routes we can take to fix this problem.
The most logical (but least likely) solution is higher pay. We could start paying cybersecurity teachers salaries that would be competitive with industry salaries. There are hundreds, maybe thousands of industry professionals that would love to teach, if only they could have a salary comparative to their industry salaries. This will not happen for many reasons that I am not even going to get into for this piece. Meanwhile, we still have a shortage of cybersecurity curriculum because of a lack of qualified teachers and something needs to be done about it.
While taking the risk of sounding clichéd’, I will say that the entire system needs to be overhauled. However, that could be the answer to many problems. There is at least a little hope because this problem is unique in a good way. This problem has plenty of resources to pull from. There are enough professionally trained people, there are facilities that can be used as an educational venue including the schools themselves, and (surprise) there is enough money to meet our goals of training an army of cyber warriors.
What is lacking is the structure and the bringing in all of these resources in a cohesive way. First, let’s talk about people. There may be a shortage of very knowledgeable technology teachers. But there is not a shortage of knowledgeable technology people in general. Many people that work for huge companies already serve as mentors in some schools and others are registered mentors for CyberPatriot, the organization that runs the largest middle and high school cyber competition in the world.
There are professionals and others like them, that can teach cybersecurity in public schools. The employment sector can supply the people needed to teach cybersecurity in our schools. The salaries of these teachers will be paid by the corporations that they work for. Schools will supplement those salaries by paying the corporations that same $40,000 starting salaries to the corporation that is providing the teacher. The corporation teacher will be making double the money, while teaching the areas of their expertise, without the administrative duties that a teacher has. The school will get the teacher they need without spending additional funds. The corporation will save money on their employee’s salary because of the supplement they are receiving from the schools. In addition to that, the corporations will have the benefit of goodwill spread throughout the community and have the potential of a growing pool of cybersecurity professionals to pull from in the future.
The corporate teacher can rotate and do their regular job each semester or each year if that is the agreement. Students will be taught by an industry professional, instead of a person who has not had any practical experience. This is a great advantage over common core courses, whos teachers only experience in math, science, history, and English is in a classroom setting, as opposed to real-world experience.
National Cybersecurity Center Student Alliance
The last option and the option that I support is to put non-cybersecurity teachers, into the role of teaching cybersecurity. This statement is what many teachers (and parents) already know: You do not need to be an expert to teach a subject. You simply had to know more than your students. Besides, teaching is about much more than content knowledge, I know many brilliant engineers and technicians that could not explain a concept to save their lives or cannot connect to the students at all. Connecting with your students is a big deal. It is a necessity. You have to know how to read them to reach them. This is a teaching skill. Some people have these abilities naturally, and some have to work at it and learn it.
Teachers will first establish credibility. They should never act as if they are a subject matter expert when they are not. Students can sniff that out in a minute and once you lose their trust, it will be difficult to earn that trust back. Teachers should tell of their background and why they are teaching the course. By being honest and confident, you will have the trust and credibility needed to be successful. I can teach someone to play chess. However, I am not a great player, or even a good player if I put it in the context of those that are experts. But I know and have confidence that I can teach it to a class of students who know less than I do. And I know that if I do it right, and use teaching skills to spark interest, those students will be able to go a long way from knowing nothing about chess, to be able to sit at a park table and speak the language of chess by playing well against a formidable opponent.
As a technology teacher, there have been many things I taught in class that I have learned the night before. I always joked that I was just a couple of pages in front of my top students, but that statement was not much of a stretch. When I taught cryptography, for example, I knew only a little about it. I stayed up long nights reading, writing and understanding as best I could about the subject, and when I finally introduced it in class I did it with the confidence of a person who has years of experience with the subject. Another example; I taught robotics. My technical expertise (and my BA degree) is in networking. Many people were surprised that I was never formally trained in programming. However, I taught programming and robotics and also taught programming for microprocessors such as Arduino. Again, I was not formally trained in those subjects, but I learned what I could, gained confidence, practiced and stayed at least a step ahead of my top students, and engaged them in a way that would make them at least proficient in the subject. Any teacher, if willing, can do the same for teaching cybersecurity.
The best option and the option that can be adopted using the least amount of resources and can be set-up the quickest is to provide a curriculum that is designed to combine face-to-face instruction with online self-paced training software. This would allow a teacher to facilitate a course that they are not a subject matter expert in. Schools will be able to use their current staff of teachers, while still providing students with the necessary cybersecurity instruction that would lead to certification.
The National Cybersecurity Center Student Alliance it providing that opportunity to schools that wish to take advantage of the offering. Members of the Student Alliance can take advantage of Cisco courses such as IT Fundamentals, Introduction to Cybersecurity and Introduction to Packet Tracer Software. In late fall of 2019, members of the Student Alliance will have access to additional courses that will lead to certification in A+, Network+ and Security +. The cost of this training is free and teachers will also have the ability to also receive their certification in those same disciplines.
Without the social machinations of local programs, battling policy, history and society’s entrenched stubbornness to pay teachers what they deserve, or an overhaul of the entire educational system, the answer to America’s needs is right under our nose and all that is needed is a few brave teachers to teach topics out of their original disciplines. They will have to move out of their comfort zones. The rewards are great. They will learn as they teach and will be able to receive certifications themselves open up an entire world of opportunities that they would not have other have, had they not taken on this challenge.
As we move on, we have to ensure that students receive practical experience as well as an understanding of the fundamentals of information technology. This will require extensive on the job training for cybersecurity candidates. Another aspect that students need to develop is soft skills, such as teamwork, communicating ideas and problem-solving. The only way to be successful in these areas is a comprehensive partnership with employers. This is the type of skills sets that cannot be learned in a classroom setting. This is a skill set that is best suited for on the job training, shadowing and apprenticeships. Applied learning strategies and methods if the preferred way of learning. Having corporations deeply involved in the education of the cyber workforce is necessary in order to reach the goals of having a cyber literate workforce to close the skill/availability gap.
The National Cybersecurity Center is also training adults to enter into the cybersecurity filed. There is evidence that this is a good method. In the UK, a program called The Cyber Training Academy provides an intensive 10-week program to prepare people with no cybersecurity background for a career in cybersecurity. The curriculum begins with instruction on computer hardware, data structures, networking principles, information system design, and the operation of Linux and Windows-based systems. Even though only two classes have graduated from this program, they have a 100% job placement rate.
Using the available resources that the National Cybersecurity Center Student Alliance offers is a great start to allowing students to begin mastering the fundamentals of cybersecurity. The Student Alliance is a great way to spread cybersecurity courses throughout all schools. The resources needed are already in place. Schools can use the Student Alliance without having to hire additional teachers. This will help our nation reach its goal of having a population of cyber literate students who will help protect America’s vulnerable digital infrastructure well into the future.
Sign-up for the Student Alliance for advisors as well as students can be found at www.cyberctso.org/registration