Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Tackling the Cybersecurity Workforce Challenge With Apprentices

One of the announcements out of the National Cyber Workforce and Education Summit on July 19 was the 120-day Cybersecurity Apprenticeship Sprint.

Group of people in suits around a table for what looks like a job interview.
Source: Photoshootings via Pixabay

Despite all the ways people enter the cybersecurity industry -- obtaining industry certifications, going through a bootcamp program, taking courses at a school as part of a degree (or certificate) program, shifting over from related technical fields, or self-study to learn the necessary skills -- hiring managers say they are having difficulty filling open cybersecurity roles.

"With approximately 700,000 cybersecurity positions open, America faces a national security challenge that must be tackled aggressively," the White House said in a press release on Monday, announcing Tuesday's National Cyber Workforce and Education Summit.

Led by National Cyber Director Chris Inglis, the July 19 summit brought together government officials and private-sector executives to brainstorm solutions and educational initiatives to fill open cybersecurity positions across the country.

Will apprenticeships help make a dent in the problem? One of the announcements that came out of the July 19 summit was the Cybersecurity Apprenticeship Sprint. The departments of Labor and Commerce unveiled the 120-day sprint to promote the Registered Apprenticeship model to help develop and train the cybersecurity workforce.

The Registered Apprenticeship model is "an industry-driven, high-quality career pathway where employers can develop and prepare their future workforce, and individuals can obtain paid work experience with a mentor, classroom instruction and a portable, nationally recognized credential," according to a Department of Labor press release. These apprenticeship programs are registered at a state or federal level.

There are currently 714 registered apprenticeship programs and 42,260 apprentices in cybersecurity-related occupations, according to the Labor Department. The goal of this sprint is to recruit employers, industry associations, labor unions, educational providers, community-based organizations, and others to establish more.

Developing the Workforce

Apprenticeships fill a real gap in hiring, says Will Carlson, director of content for Cybrary. People have the opportunity to gain firsthand experience in the field, find mentors, land a job, and validate whether this is the career for them. Employers get a talent pool where they can learn more about the candidate over a period of time before extending any longer-term offers.

"People often mention, 'I can't get an entry-level job to get the experience for an entry-level job.' [Apprenticeships] help remove a significant blocker to growing the capacity and capability gaps in the market," Carson says.

Historically, many professions have relied on apprentices to teach the necessary skills of the trade and develop a workforce. Something similar can work for cybersecurity, says Larry Whiteside, Jr, co-founder and president of Cyversity. Current programs train people on specific tools and skills and then send them out to apply for jobs, hoping the training and skills align to the needs of the hiring organization. The apprenticeship, on the other hand, provides on-the-job training.

"The training and skills that the person acquires directly relates to the organization that needs the skills," Whiteside says.

It’s important to note that apprenticeships are different from internships, as apprenticeships take a more direct approach to skills development, Whiteside says.

"Over the years, internships have gotten a negative connotation due to organizations' lack of programmatic ways to train and utilize cyber interns," he says. Interns have historically been treated as a person who can be assigned to work on tasks that the rest of the team didn’t have time to do.

The apprenticeship model is a "far more well-established, entry-level mechanism that has years of proven teaching and training mechanisms applied to it," Whiteside says.

Key Elements for a Successful Program

An apprenticeship is not a complicated program; all it needs to include is training, mentorship, and a paid job, says Tony Bryan, executive director at CyberUp, noting that training should include both on-the-job and any other related instruction. The point is to create a standard process with clear expectations so that both the apprentice and the manager have "guardrails" on what the first six to 12 months should look like.

Employers should get meaningful tasks accomplished while providing beneficial experience to interns, Carlson says. Instead of increasing the organization’s risk by placing someone new to the field in a high-risk role, the program should be structured so that the apprentices get real-world experience in lower-risk roles.

A program should provide employers with a "step-by-step, competency-based plan to onboard new cyber talent," says Dan Weeks, director of employer partnerships at Fullstack Academy. Many organizations are unclear on what a reasonable timeline is for new hires to take on key cyber tasks. A program like this makes it easier to measure the candidate’s progression in gaining those skills and identifying areas that need extra help.

Setting Up the Program

However, setting up a good apprenticeship program requires planning. Employers need to determine what skills they expect the apprentice to end up with at the end of their apprenticeship period in order to create "a pathway for success," Whiteside says. Organizations should have a defined goal or identify specific skills to develop and align the apprenticeship program accordingly.

The hardest part is creating the organizational culture to enable this process, finding the candidates, and funding the initiative, Whiteside says.

Costs for starting up an apprenticeship can range from $25,000 to $250,000, taking into account multiple factors, such as the size of the organization, the number of staff required to support the program, how training is delivered, and whether there are any existing processes that can be used, says Bryan.

Many organizations partner with third-party intermediaries such as CyberUp to register the program, establish requirements for hiring, bring in candidates to interview, and manage the program. Having a partner can also help shorten hiring cycles because they are proactively recommending future apprentices.

"When constructed well, [apprenticeships] allow organizations the chance to address the broader skill gap in our market by providing skills and opportunities for those wanting to enter the space," says Carlson. "Getting more people in the field to address the capacity and capability needs of the space is a win for all involved."

About the Author(s)

Fahmida Y. Rashid, Managing Editor, Features, Dark Reading

As Dark Reading’s managing editor for features, Fahmida Y Rashid focuses on stories that provide security professionals with the information they need to do their jobs. She has spent over a decade analyzing news events and demystifying security technology for IT professionals and business managers. Prior to specializing in information security, Fahmida wrote about enterprise IT, especially networking, open source, and core internet infrastructure. Before becoming a journalist, she spent over 10 years as an IT professional -- and has experience as a network administrator, software developer, management consultant, and product manager. Her work has appeared in various business and test trade publications, including VentureBeat, CSO Online, InfoWorld, eWEEK, CRN, PC Magazine, and Tom’s Guide.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights