Careers & People
2/17/2017
12:00 PM
Kyle Martin
Kyle Martin
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Closing The Cybersecurity Skills Gap With STEM

As a nation, we should be doing more to promote educational programs that prepare today's students for tomorrow's jobs.

The growing number of cybersecurity threats and attacks expose the importance of engaging students in hands-on learning. Not only are cybersecurity threats increasing, they're also becoming significantly more complicated.

Unfortunately, the number of skilled cybersecurity professionals isn't keeping up. According to a report from Intel Security and the Center for Strategic and International Studies, 209,000 U.S. cybersecurity jobs went unfilled in 2015.

Educational institutions from grade schools to universities can correct this problem by broadening hands-on classroom learning to address the need for well-trained cybersecurity professionals.

Here are five ways we can begin closing the cybersecurity skills gap:

1. Integrate STEM Education in Grade School
Active, hands-on STEM (science, technology, engineering, and math) learning complements traditional learning by offering a way for students to apply textbook concepts to real-life problems. And there's proof that it works: A study released by the Amgen Foundation and Change the Equation shows students want more tangible learning opportunities. Survey respondents said common teaching methods, such as teaching exclusively from a textbook, are less engaging than hands-on methods. The survey also found that hands-on learning, such as experiments and field trips, are the most effective way to engage students.

The survey also found the following:

  • 81% of students are interested in science, with 73% expressing an interest specifically in biology.
  • Students who are interested in biology classes identified their teachers and classes as the most influential to their career decisions.

On a national scale, the U.S. government aims to increase STEM awareness through programs such as the National Initiative for Cybersecurity Education, which lets teachers access a variety of resources to help them develop STEM-related curricula. By introducing and promoting cybersecurity and STEM education early on in the classroom, students learn to address real social, economic, and environmental problems, and seek necessary solutions.

2. Equip College Students with Cybersecurity Skills
The Comprehensive National Cybersecurity Initiative is a government program that identifies goals to create a more comprehensive, updated national cybersecurity strategy. A key component of this initiative is expanding cyber education and placing courses in K-12 schools to create technologically skilled, cyber-savvy students. However, putting this kind of program in place would require another national strategy like the science and math education initiative of the 1950s.

Even though there isn't a nationwide program to promote cybersecurity in K-12 schools, one high school is preparing its students for a lucrative STEM career. King William High School in Virginia offers a four-year track to help students build the fundamental skills necessary for entry-level employment in the cybersecurity field. The program's students can graduate from high school with industry-recognized certifications and valuable cybersecurity skills.

Universities across the country are also starting to take notice of the increasing interest in cybersecurity, and many computer science degree programs are offering cybersecurity as a specific concentration. Students studying computer science often focus on information assurance and computer security, specifically learning about designing systems and strategies that safeguard information. Typical course topics include computer security, digital forensics, and machine learning.

Through partnerships or internships, STEM students have the opportunity to work with industry partners to gain real-world experience. For example, the Department of Homeland Security has a Cyber Student Volunteer Initiative in place for summer internships. This program gives undergraduate and graduate students the opportunity to work alongside leaders in the DHS, gaining valuable experience from work projects, real-life scenarios, and mentoring from DHS cybersecurity professionals.

Many cybersecurity internships look for students enrolled in a cybersecurity-related field, in STEM or computer science. Additionally, any experience students can get (such as working as a teaching assistant) will help set them apart while applying for internship opportunities. If students aren't sure where to find these internship opportunities, they can also consult their college's career center.

3. Drive Awareness of Cybersecurity Jobs
Studies show most millennials aren't aware that jobs in cybersecurity even exist. Government, businesses, and our education systems must collaborate and thoroughly train the future generation of cyber defenders. Because many STEM colleges now offer cybersecurity as a degree concentration, driving awareness of these programs is key to increasing the pool of skilled workers.

But it's not enough to increase the awareness of these jobs; you must be able to attract the talent that you need. Along with attending career fairs, businesses should find ways to attract digitally savvy college graduates. Many recent graduates list flexible scheduling, ongoing education, and continuous feedback as important factors when deciding on a job offer. If companies can tailor their programs to reflect what potential employees are looking for, they could attract and keep top-tier talent.

Technology company CSRA recently opened its Integrated Technology Center in Bossier City, Louisiana, with the goal of helping the federal government fight cyber terrorism. The company boasts an internship program in which about 85% of their interns stay on for a full-time job after graduation.

4. Instruct with Industry Tools and Technology
As new technology emerges, much of cybersecurity remains uncharted territory. However, implementing industry tools and technology into a student's curriculum can be the solution we need to thwart new, unfamiliar threats.

To train students more effectively, many universities now offer cybersecurity labs with cutting-edge equipment like comprehensive risk assessment, incident management services, and encryption simulations.

5. Training the Current Cybersecurity Workforce
Industry, governments, academia, and nonprofits should work together to aggressively address the need for a skilled cybersecurity workforce. The U.S. Bureau of Labor Statistics says the demand for cybersecurity professionals will grow 53% by the end of 2018. To successfully prepare our workforce, we must upgrade our current cybersecurity professionals by providing on-the-job training and improving cybersecurity education programs.

Related Content:

Kyle Martin brings 11 years of storytelling experience to the content coordinator position at Florida Polytechnic University. In this role, Martin develops original content that showcases the university experience as a way to attract new students and faculty. He also lends ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jeffluszcz
50%
50%
jeffluszcz,
User Rank: Apprentice
3/1/2017 | 1:59:37 PM
Cybersecurity is a basic life skill
I really like the point about starting cybersecurity in grade school. This is a basic life skill for people in the 21st century. Even 5 and 6 year olds are making security choices for the entire household.

 
JustinS40501
50%
50%
JustinS40501,
User Rank: Apprentice
2/17/2017 | 3:20:03 PM
Nonprofit Orgainizations are especially in need of consultants and cybersecurity tools.
Orgizations developed primarily for the public good are particularly at risk and devoid of expertise and best practices.  Cybersecurity firms of the future should take special care of these orgainizations as well as the anaylitics that can be gleaned from common interests and public information. 
JustinS40501
50%
50%
JustinS40501,
User Rank: Apprentice
2/17/2017 | 3:19:58 PM
Nonprofit Orgainizations are especially in need of consultants and cybersecurity tools.
Orgizations developed primarily for the public good are particularly at risk and devoid of expertise and best practices.  Cybersecurity firms of the future should take special care of these orgainizations as well as the anaylitics that can be gleaned from common interests and public information. 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.