Students in the U.S. aren’t being exposed to cybersecurity training on a large scale, primarily because schools face significant financial and personnel roadblocks when it comes to kick-starting these programs. According to a survey from the EdWeek Research Center, less than half of surveyed K-12 schools currently offer any form of cybersecurity training. Despite the clear need for computer and tech education in these schools, the standards for cybersecurity education don’t provide the necessary guidance to create strong programs. The remaining K-12 schools with access to the proper resources now rely on one of four primary curriculums for cyber training.
Schools often use existing programs such as computer science and Science, Technology, Engineering, and Mathematics (STEM) programs to incorporate cybersecurity topics into the curriculum. Using elements of programming, robotics, and tech allows schools to use the materials they already have to introduce cybersecurity to students alongside related computer skills. Alternatively, schools can offer cybersecurity as singular classes for concentrated semesters of cyber training. While these methods generally don’t provide students with industry certifications, they are effective in inspiring students to pursue cybersecurity at a college or tech school level in the future.
Many secondary institutions are still focused on creating college-bound students, which has led to the underdevelopment of vocational programs such as cybersecurity education. A 2016 CSIS survey indicated that only 23 percent of IT employers thought the current educational programs across the country were preparing students to enter the cybersecurity profession. Another 2018 study by the Information Systems Audit and Control Association (ISACA) found that 61% of employers felt less than half of their IT/Cyber applicants were qualified for the job they were applying for.
These studies show an obvious need for structured cybersecurity education programs that prepare students for vocational and college-related education opportunities within the field, but it has to begin in K-12 schools to be effective. Using an IT/Cyber Career and Technical Education (CTE) model to introduce cybersecurity topics allows students the opportunity to gain those relevant certifications and skill sets early on so they are prepared to succeed in the cybersecurity field after graduation.
While less than 30% of community colleges across the country currently offer a cybersecurity degree program, there have been both academic and continuing educations implemented to keep up with the rising demand for cybersecurity jobs. However, post-secondary institutions are simply not graduating enough candidates to keep pace with the increasing demand of the workforce shortages in the cybersecurity field. On average there are less than 60,000 computer science students in any given year within the United States and over 1,000,000 job vacancies. The job vacancies are climbing annually, and the current estimate is that 32%-45% of all tech job openings are in cybersecurity positions. While expanding educational programs at the university level is important, it will also be necessary to re-tool and train candidates from backgrounds other than IT/Cyber fields to meet demand.
This phenomenon is already happening within the government sector, where veterans recently separated from the military who have much sought-after security clearances are being retrained for cybersecurity work. Our military’s training model is an excellent example of how students with little to no IT/cyber background can be trained up quickly for a cybersecurity position. Every day the military takes 18–19-year-old recruits and sends them to a training course to perform entry-level IT/Cyber jobs vital to the nation’s security. These recruits do not require college degrees and in many cases do not even have industry certifications, but they are receiving hands-on experience and skills training. A similar model could be implemented nationally to train individuals from various backgrounds to serve cybersecurity job vacancies.
This military training model would be best formatted as a short-term certification course, but a successful program would require several changes to the current system. For example, the guidelines for federally-funded financial assistance require students to enroll in long-term educational programs or they lose the financial assistance option. This means that career-seeking students who only need a 150-hour program to obtain an industry certification may be required to enroll in a two-year degree program just to avoid losing funding. This requirement is not conducive to quickly training up the cybersecurity workforce and filling badly needed jobs.
Government agencies are assisting in expanding cybersecurity programs in both the K-12 and post-secondary sectors. Both the National Security Agency (NSA) and the Department of Homeland Security (DHS) have created the Centers for Academic Excellence in Cybersecurity (CAE-C) program to further expand academic programs in cybersecurity within our nation’s university system. DHS also manages the Cybersecurity and Training Assistance Program (CETAP) and the CyberCorps Scholarship for Service program to stimulate K-12 interest in cybersecurity and increase recruitment with three-year scholarships and stipends for college cybersecurity programs.
With over 300 academic institutions across the country participating in these cybersecurity development programs, there is a clear demand for in-depth cybersecurity training and education. By investing in structured cybersecurity programs throughout the educational system and using government resources to raise awareness, these degree programs and cybersecurity certifications could dramatically change the future of cybersecurity with a generation of skilled and prepared cyber professionals.