Careers & People
2/17/2017
12:00 PM
Kyle Martin
Kyle Martin
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Closing The Cybersecurity Skills Gap With STEM

As a nation, we should be doing more to promote educational programs that prepare today's students for tomorrow's jobs.

The growing number of cybersecurity threats and attacks expose the importance of engaging students in hands-on learning. Not only are cybersecurity threats increasing, they're also becoming significantly more complicated.

Unfortunately, the number of skilled cybersecurity professionals isn't keeping up. According to a report from Intel Security and the Center for Strategic and International Studies, 209,000 U.S. cybersecurity jobs went unfilled in 2015.

Educational institutions from grade schools to universities can correct this problem by broadening hands-on classroom learning to address the need for well-trained cybersecurity professionals.

Here are five ways we can begin closing the cybersecurity skills gap:

1. Integrate STEM Education in Grade School
Active, hands-on STEM (science, technology, engineering, and math) learning complements traditional learning by offering a way for students to apply textbook concepts to real-life problems. And there's proof that it works: A study released by the Amgen Foundation and Change the Equation shows students want more tangible learning opportunities. Survey respondents said common teaching methods, such as teaching exclusively from a textbook, are less engaging than hands-on methods. The survey also found that hands-on learning, such as experiments and field trips, are the most effective way to engage students.

The survey also found the following:

  • 81% of students are interested in science, with 73% expressing an interest specifically in biology.
  • Students who are interested in biology classes identified their teachers and classes as the most influential to their career decisions.

On a national scale, the U.S. government aims to increase STEM awareness through programs such as the National Initiative for Cybersecurity Education, which lets teachers access a variety of resources to help them develop STEM-related curricula. By introducing and promoting cybersecurity and STEM education early on in the classroom, students learn to address real social, economic, and environmental problems, and seek necessary solutions.

2. Equip College Students with Cybersecurity Skills
The Comprehensive National Cybersecurity Initiative is a government program that identifies goals to create a more comprehensive, updated national cybersecurity strategy. A key component of this initiative is expanding cyber education and placing courses in K-12 schools to create technologically skilled, cyber-savvy students. However, putting this kind of program in place would require another national strategy like the science and math education initiative of the 1950s.

Even though there isn't a nationwide program to promote cybersecurity in K-12 schools, one high school is preparing its students for a lucrative STEM career. King William High School in Virginia offers a four-year track to help students build the fundamental skills necessary for entry-level employment in the cybersecurity field. The program's students can graduate from high school with industry-recognized certifications and valuable cybersecurity skills.

Universities across the country are also starting to take notice of the increasing interest in cybersecurity, and many computer science degree programs are offering cybersecurity as a specific concentration. Students studying computer science often focus on information assurance and computer security, specifically learning about designing systems and strategies that safeguard information. Typical course topics include computer security, digital forensics, and machine learning.

Through partnerships or internships, STEM students have the opportunity to work with industry partners to gain real-world experience. For example, the Department of Homeland Security has a Cyber Student Volunteer Initiative in place for summer internships. This program gives undergraduate and graduate students the opportunity to work alongside leaders in the DHS, gaining valuable experience from work projects, real-life scenarios, and mentoring from DHS cybersecurity professionals.

Many cybersecurity internships look for students enrolled in a cybersecurity-related field, in STEM or computer science. Additionally, any experience students can get (such as working as a teaching assistant) will help set them apart while applying for internship opportunities. If students aren't sure where to find these internship opportunities, they can also consult their college's career center.

3. Drive Awareness of Cybersecurity Jobs
Studies show most millennials aren't aware that jobs in cybersecurity even exist. Government, businesses, and our education systems must collaborate and thoroughly train the future generation of cyber defenders. Because many STEM colleges now offer cybersecurity as a degree concentration, driving awareness of these programs is key to increasing the pool of skilled workers.

But it's not enough to increase the awareness of these jobs; you must be able to attract the talent that you need. Along with attending career fairs, businesses should find ways to attract digitally savvy college graduates. Many recent graduates list flexible scheduling, ongoing education, and continuous feedback as important factors when deciding on a job offer. If companies can tailor their programs to reflect what potential employees are looking for, they could attract and keep top-tier talent.

Technology company CSRA recently opened its Integrated Technology Center in Bossier City, Louisiana, with the goal of helping the federal government fight cyber terrorism. The company boasts an internship program in which about 85% of their interns stay on for a full-time job after graduation.

4. Instruct with Industry Tools and Technology
As new technology emerges, much of cybersecurity remains uncharted territory. However, implementing industry tools and technology into a student's curriculum can be the solution we need to thwart new, unfamiliar threats.

To train students more effectively, many universities now offer cybersecurity labs with cutting-edge equipment like comprehensive risk assessment, incident management services, and encryption simulations.

5. Training the Current Cybersecurity Workforce
Industry, governments, academia, and nonprofits should work together to aggressively address the need for a skilled cybersecurity workforce. The U.S. Bureau of Labor Statistics says the demand for cybersecurity professionals will grow 53% by the end of 2018. To successfully prepare our workforce, we must upgrade our current cybersecurity professionals by providing on-the-job training and improving cybersecurity education programs.

Related Content:

Kyle Martin brings 11 years of storytelling experience to the content coordinator position at Florida Polytechnic University. In this role, Martin develops original content that showcases the university experience as a way to attract new students and faculty. He also lends ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jeffluszcz
50%
50%
jeffluszcz,
User Rank: Apprentice
3/1/2017 | 1:59:37 PM
Cybersecurity is a basic life skill
I really like the point about starting cybersecurity in grade school. This is a basic life skill for people in the 21st century. Even 5 and 6 year olds are making security choices for the entire household.

 
JustinS40501
50%
50%
JustinS40501,
User Rank: Apprentice
2/17/2017 | 3:20:03 PM
Nonprofit Orgainizations are especially in need of consultants and cybersecurity tools.
Orgizations developed primarily for the public good are particularly at risk and devoid of expertise and best practices.  Cybersecurity firms of the future should take special care of these orgainizations as well as the anaylitics that can be gleaned from common interests and public information. 
JustinS40501
50%
50%
JustinS40501,
User Rank: Apprentice
2/17/2017 | 3:19:58 PM
Nonprofit Orgainizations are especially in need of consultants and cybersecurity tools.
Orgizations developed primarily for the public good are particularly at risk and devoid of expertise and best practices.  Cybersecurity firms of the future should take special care of these orgainizations as well as the anaylitics that can be gleaned from common interests and public information. 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.