The October 2020 Homeland Threat Assessment Report, prepared by the Department of Homeland Security’ stated cybersecurity is the number one threat facing America. This threat is ranked higher than economic security, terrorist threats, illegal immigration, and natural disasters. The cyber threat comes from Federal, state, local, tribal, territorial governments, and the private sector. Ransomware has doubled in the last two years. Additionally, cybercriminal activity was responsible for over 2.7 billion losses in 2018 and had been growing annually. Some estimates are as high as 400 billion because of the crime victims’ lack of reporting.
As the cyber threat continues to grow, industries and educational instructions have failed to keep up with the demand for well-trained professionals. According to (ISC)2, unfilled positions stands over 4 million professionals worldwide. Over half-a-million of those jobs are located in North America. A survey conducted by California businesses in 2018 stated that a lack of technically trained individuals was the most significant problem when looking for candidates for employment.
A NATIONAL ISSUE
A closer look reveals a subset of the cybersecurity jobs gap: There is an extensive untapped resource of underrepresented groups, that for various reasons, have not entered the workforce. The United States Department of Labor published the Bureau of Labor Statistics (BLS). The publication noted that only 3% of the information security analyst in the U.S. are Black. Women make up only 20% of the cyber workforce. The lack of workplace diversity is a workforce shortage problem and a race and gender problem. By fixing one issue, we can explore fixing the more general problem.
Education is still considered the best way out of poverty. In the book Grasp, by Sanjay Sarma, the domino effect of education is laid out in detail, “…education makes a tempting, unitary point of influence over a whole host of social problems, with potential downstream effects touching everything from childhood poverty to economic malaise to racial inequity, not to mention existential concerns like falling behind rival countries technologically.” Statistics before the pandemic indicated that 18% of African Americans live under the poverty line. That is over 9 million people.
Many people living in low-income areas attend underfunded schools. Important STEM programs do not exist in many schools. The result is that children are not introduced to technology courses until middle or high school. Studies show that early introduction to STEM subjects is the best way to build and maintain students’ interest as they approach middle and high school. The International Journal of Progressive Education claimed that students must be presented with a holistic approach to pursuing a STEM career. That is something that is not happening in schools in low-income areas. Another report, Navarro, Flores, Worthington (2007), shows that a student making a career plan in STEM fields depends on the students’ awareness of their talent and capacity. Students do not get a chance to participate in STEM activities; therefore, the possibility to form an opinion or understanding about it is impossible.
Schools in low-income areas rarely attract the best teachers. And many of the good teachers often leave for less stressful assignments. One of the highest hurdles to overcome is attracting teachers with the proper experience to teach cybersecurity. Educational institutions have a difficult time recruiting and retaining qualified instructors. They are in direct recruiting competition with government and private industries, which offer triple the salary as a beginning teacher. The result in that the best-case scenario is that a teacher who does not have a background in cybersecurity will teach cybersecurity. This lack of quality and experience does not help the student. Also, there is no continuity of instruction from one level of school to the next. More often than not, there will be no teacher at all, and no cybersecurity course is offered.
Richard Wiseman said in his book, Moonshot, “Research shows that creative entrepreneurs tend to network with a diverse group of people and that the diversity of perspectives and knowledge helps them to see the world in a more flexible way.” Not being able to look view problems from a different perspective is a significant disadvantage for cybersecurity professionals. Growing the cyber workforce extends beyond filling vacancies. Training and building a diverse workforce has to be a priority while ensuring enough people join the cyber workforce.
Aa reported by the Center for Cyber Safety and Education; “McKinsey & Company’s study shows that the benefits of a diverse leadership team are multifaceted; thus creating a culture that inspires workers to approach problems and challenges from different perspectives that ultimately help an organization excel. Diversity is not only important for driving company growth and profit; it is vital in the cybersecurity profession that depends on unique approaches to problems and challenges to protect an organization. Moreover, hiring a more diverse workforce is essential to addressing the ever-widening projected workforce gap.”
Through a series of engagements and proper early training, changes can be made to address the jobs gap and ensure that the cybersecurity workforce becomes diversified. To be successful, it will take multiple agencies engaged in numerous interventions towards improving the lives of underrepresented groups.
- Industry Educational Partnerships: Industry has a considerable stake in investing in the future education of marginalized groups. A well trained and diversified workforce is needed for the very survival of the company’s future. Private and government industries can supply training in critical areas. Through binding partnerships, the industry can provide the subject matter experts as instructors. The cybersecurity industry has thousands of people all across the country that are certified in the significant cybersecurity fields such as networking, data security, data analyst, and cybersecurity engineers, to name a few. A two-year commitment between corporations and educational intuitions should be the start. During those two years, an instructor from the industry will teach a single cybersecurity course to a single class during that time. The class should lead to two certifications by the end of two years. Those certifications earned will be security + and Network+. Concurrent to that, those two years of cyber instruction will earn the student’s college credits through articulation with local community colleges. The instructor’s pay would be split by the company providing the training and the school they serve. The school will save money by not hiring a full-time teacher. The students will get first-class instruction and certification in the process. That is something that the school usually could not afford. The company will also save money by paying only half of its employee’s salaries. More importantly, they also benefit from being directly engaged in taking responsibility for their survival and improving their chances of viability well into the future.
- Mentoring: To reach underrepresented groups, mentoring is a great way to build a person’s academic ability, practical experiences, and sustained interest. Culturally Responsive Mentoring means using the students’ interests, videos, hands-on activities, sports, music, and humor to tailor the content specifically to Black or Hispanic or any other group identified by culture. These results align with existing research outcomes about culturally responsive practices and extend those findings to out-of-school STEM programs. The present research indicated that matching mentor and proteges based on shared perspectives and values might be more important than matching based on demographics alone for underrepresented students in STEM disciplines. Part of the mentoring will be participating in the CyberPatriot program. The CyberPatriot program is the largest middle and high school competition in the world. It reaches over 30 thousand students a year. Since its beginnings over 12 years ago, it has done more for introducing students to cybersecurity than any other program. Our industry partners will provide mentors and help start CyberPatriot programs in schools in low-income areas. This will be a two-year commitment, and the industry partner can rotate different people throughout the years. Studies have shown that corporate industry internships have proven to be a viable way for African American students to enter the corporate job market. Informal mentoring has a more positive impact on current job positions than formal mentoring. This means that mentorship means many things. It could be periodic phone calls, training advice, or soft-skills presentation. Mentoring should be organic as opposed to strictly structured. As Allen, Eby, and Lentz (2006) suggested, high quality formal mentoring program should function similarly to informal mentoring. Overall and consistent with social influence and mentoring theories, studies indicated that mentors act as socializing agents, drawing underrepresented proteges into STEM careers through the quality of the mentoring (i.e., providing psychosocial support, instrumental support, coauthoring experiences, and cultivation of relationship satisfaction).
- Shadowing, Internships, and Apprenticeships: In a study conducted by the Journal of Advanced Academics (2020), students from low income and underrepresented groups were allowed to participate in a unique STEM internship program. The group was very successful, demonstrating that students from all cultures can succeed in high-level education programs if given a chance. Without this introduction to STEM and a substantial opportunity, these students would have most likely been left outside of a cybersecurity career.
I seek to develop relationships with government and private industries to build a pathway to the cybersecurity workforce for the most underrepresented groups. The five areas of attention include training, mentoring, shadowing, internships, and apprenticeships. Industry partners do not have to engage schools in all the areas mentioned above. A great way to expand a program like this is for companies to choose which areas of concern they would like to assist with based on their resources and personnel. The most important thing for industry partners to do is participate in at least one area. Based on my research and empirical knowledge, these areas will make the most considerable and most positive impact. Introducing cybersecurity to underrepresented groups and adding them to the future workforce will give America much needed diversity in the cyber workforce. And just as necessary, it will also help close the gap between available jobs and the trained people needed to fill those jobs.
There is evidence that STEM experience before higher education through mentoring, shadowing, internships, and proper training, can nurture and maintain interest in STEM for all groups. Early and constant intervention helps students pursue STEM in high school and into college and eventually into the workforce. The key to solving these problems is not money. The instruction needed to conduct this type of program is mostly in place. The real key to the problem is securing the people and commitment to make this happen. It will take herculean time and effort to make this work, but the benefits returned are tenfold.