How to Shore Up America’s Cybersecurity Deficit

Cybersecurity is one of the foremost concerns in our world today. However, this reality is juxtaposed with a deficit in cybersecurity education. To meet the workforce demands of the modern era in a world that increasingly values and requires cybersecurity expertise, we must make cybersecurity education a priority for K-12 students and a responsibility for the private and public sectors.

Defining the Challenge

Let’s start with a deep dive into the severity of the current shortage of cybersecurity professionals. We’ll also touch on where cybersecurity education stands today, how our approach to these education factors into that shortage, the role of cybersecurity professionals in our world, and the biggest cybersecurity challenges at this moment. Learn more about how cybersecurity education can transform the world.

The shortage of cybersecurity workers poses a significant threat to our nation. It jeopardizes the safety and security of all Americans. Cybersecurity Ventures predicts a global shortage of 3.5 million cybersecurity professionals by 2021–300,000 of those in the U.S. alone.

What threat does this shortfall pose? Businesses and government agencies are vulnerable to data breaches, which can potentially cost hundreds of millions of dollars and impact millions of lives. When thinking about the increasingly widespread use of cloud-based and mobile computing and the Internet of Things, or IoT, it only makes sense that a lack of cybersecurity professionals puts our assets and information at risk of cyberattacks.

But what causes this gap in cybersecurity education? One reason is that strict budgets prevent many schools from investing in cybersecurity like they might want to. There is also a lack of relevant teacher training — and a lack of qualified cybersecurity teachers. Those same teachers are hesitant to apply technology in the classroom to educate students about cybersecurity, and this trend is only worsened by inadequate funding.

Cybersecurity should be embedded in all aspects of our education system. Just as math is part of science, engineering, and even art, and English is part of every course in school, cybersecurity can be integrated into curriculums to prevent the cybersecurity skills gap from growing.

A lack of training presents one of the most significant obstacles to closing the gap in the cybersecurity workforce. Part of this stems from inadequate funding, but it also goes back to a general lack of understanding of what it takes to give students a quality cybersecurity education.

In many schools, cybersecurity courses are electives. Most students go through K-12 without ever taking a single course in cybersecurity. Cybersecurity is often lumped together with other electives — such as music and art — but it should be a common core.

The internet is no longer novel; it’s part of almost everything we do. Just as every student has to take English, math, and history because they will need that knowledge in the future, they also should have to learn about cybersecurity. Arguably, it’s even more applicable, as it’s something we’ll use every day for the rest of our lives.

The challenge now is for schools to rethink their approach to teaching cybersecurity. Equally, it’s time for industry leaders to step up and take an active role in cybersecurity training to help increase the number of professionals entering the sector.

Understanding the Workforce

Who works in cybersecurity? What qualities does the average cybersecurity professional possess? We’re going to discuss why the stereotype of the typical coder or gamer is false, what the consequences are of not having enough cybersecurity professionals and the problems that arise when we fail to change our mindset about these professionals in the first place.

The cybersecurity skills gap is real. There is numerous unfilled cybersecurity jobs in both the public and private sectors — but especially in the former. Why is there a shortage of cybersecurity professionals in government agencies? Because civilian industries can offer employees far more pay. According to the Bureau of Labor Statistics, cybersecurity professionals in the public sector make nearly 27% less than their counterparts at private companies.

Many people think of the “typical coder” when they think of cybersecurity jobs and computer science. This notion of a reclusive coder in a hoodie is so pervasive that it clouds our vision about what the world of cybersecurity. It’s also a stereotype that can be combatted by taking a new approach to teaching cybersecurity.

By moving beyond the traditional way of teaching and switching to a more project-based approach, educators can challenge students to solve real problems that exist in their communities and the world at large. This tactic ensures learning is purposeful and engaging. It also gives students hands-on experience solving real-life problems and working as part of a team.

The shortage of cybersecurity workers has serious consequences for companies in the U.S. Instead of recruiting cybersecurity professionals in the U.S., many companies are hiring outsourced workers from foreign nations. This is unacceptable. We have the necessary knowledge and resources to produce excellent cybersecurity professionals. This lack of skilled local cybersecurity professionals also means companies can’t effectively protect themselves from increasingly skilled hackers.

To combat this shortage, companies should create cybersecurity partnerships with educational institutions. This might involve forming or expanding internship and apprenticeship programs that invite students to experience cybersecurity and different cultures on-site while learning cybersecurity skills in real-time.

Further, workers who teach students these skills on the job should have half of their salaries paid by school districts and the other half paid by their employers. This will save schools money by not having to hire a full-time teacher, and it will save companies money by having a portion of their employees’ salaries paid by schools. The result? An army of trained cyber professionals who are ready to work in the real world.

Numerous factors are influencing this high rate of attrition, but burnout and stress play big roles. Keeping up with constantly evolving security needs and data privacy responsibilities can cause employees to feel burned out. They have to learn and adapt as they go, carrying the bulk of the burden because companies don’t have enough professional help.

In the long term, the shortage of cybersecurity professionals will put companies in a compromised position. A failure to secure the people they need to build, maintain, and protect the data they’re responsible for will eventually have severe consequences.

Creating a Cybersecurity Course Syllabus

Now that we know more about the cybersecurity workforce and how it needs to be strengthened, let’s discuss the current state of cybersecurity education and how that directly impacts and contributes to the existing skills gap.

There is no teaching certification for cybersecurity. Cybersecurity teachers might have STEM licenses, but they don’t usually have any formal training in cybersecurity. As a result, many educators are reluctant to teach these courses. Couple that with the fact that most trained cybersecurity professionals aren’t willing to take a pay cut to work as a teacher, and the result is an inability to make cybersecurity a core part of education.

Most colleges didn’t offer cybersecurity degrees until recent years, which means many educational institutions are still coming to understand the importance of cybersecurity and how it should fit into their curriculum. Only one of the top 36 computer science programs at colleges around the country requires a cybersecurity course, so it’s easy to see why graduates aren’t prepared to work as cybersecurity professionals — even after years in higher education.

We live in a world where children use computers long before they begin school. For that reason, cybersecurity education should begin the moment their schooling does. To survive in a world powered by computers, all people need to be cyber literate. To achieve this goal, schools must offer instruction on cybersecurity literacy from a young age.

Cybersecurity literacy starts with basic online safety skills, but it should also emphasize why it’s so important to protect information. These lessons should start as early as preschool, and this information should be reinforced throughout students’ time in grades K-12. By teaching cyber literacy as soon as children start using computers, we can create a more cyber-secure world.

That said, in-person classes do offer some advantages. Students in these environments can get constructive feedback and work in groups, giving them a level of collaboration and support they might not get working alone.

Students have access to plentiful cybersecurity learning resources, but educators can also tap into these resources. They can use the CyberPatriot website, for example, to build a cybersecurity curriculum and syllabus. Public libraries offer study books — helping students and teachers save money — and there is an abundance of material available for both beginner and high-level classes.

In elementary school, students should take classes introducing them to cyber safety and malware, phishing, password protection, and personal information protection.

As they move into middle school, their courses should be year-round and dive more deeply into computers. For example, these courses might include Introduction to PC Applications, PLTW Computer Science Essentials, and Intro to Coding.

Finally, high school students can build their expertise with classes like Cybersecurity I and II, Computer Science Foundations, and work-based learning programs.

Building Career Pathways

To wrap things up, let’s look at how to create paths to new careers, what cybersecurity resources are available for students and educators, and what the future looks like for cyber-educated students.

Making cybersecurity a core part of our education system requires a bridge in education from elementary to middle to high school. At each level, the bridge should connect the cybersecurity skills students develop to the skills they’ll learn in the future — and those they’ve learned in the past. Continuity is key, and cybersecurity education is no exception.

How can schools and educators achieve this coordination? They should start with the data. Using K-12 education data to build curriculums for cybersecurity will show schools what works and what needs improvement.

This process will be dynamic, and changes will likely be necessary as time goes on. But when schools coordinate at all levels, they ensure the system develops an enduring infrastructure and creates a large pool of skilled students who go on to pursue cybersecurity careers.

Addressing the cybersecurity skills shortage will require government institutions, local colleges, and private companies to come together and build programs like internships, summer camps, competitions, and educational gaming programs. These are only a few of the numerous activities that can help recruit students to cybersecurity career paths.

Without a sufficient number of cybersecurity professionals, our national cybersecurity infrastructure will suffer. Ultimately, our defenses against outside threats will be significantly weaker.

Seemingly endless paths exist for graduates interested in filling the cybersecurity skills gap. High school graduates with a good foundation in cybersecurity training have the ability to go to college and pursue degrees in cybersecurity or computer science, both of which ensure a high probability of finding a job and entering the workforce.

But that’s not the only way to make a difference. For students who didn’t receive a strong cybersecurity education, certifications and experience training still offer a way to become cybersecurity professionals. At some point in their careers, however, they will probably want to get applicable degrees to give them a better chance of excelling in the workforce.

The best way to close the cybersecurity skills gap and end the shortage of cybersecurity professionals is through comprehensive collaboration between cybersecurity companies and educational institutions. These partnerships will prepare students for the workforce, combat the current lack of resources and teachers, and make cybersecurity courses a critical part of our education system. When we commit to making cybersecurity education a priority, we commit to building a secure future for generations to come.

Originally published at on July 17, 2020.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Thomas Holt Russell

Thomas Holt Russell


Humanist, educator, writer, photographer, and modern-day Luddite. My writing is a living organism.