Cybersecurity Workforce Gaps
How do we increase cybersecurity education in the United States to prepare students for cybersecurity careers?
Do you buy items online using your credit card? Do you buy apps for your phone? Do you pay your bills online through direct pay or an online banking system? Every time you make an electronic payment, you are at risk of falling victim to a cybersecurity breach. But how often do you actually think about cybersecurity?
You have likely heard about cybersecurity breaches in the news or through an email from a company to let you know that your account is one of many that might be impacted by a cybersecurity breach. You also are probably somewhat aware of increasing cybersecurity concerns. But have you ever considered cybersecurity careers or whose job it is to prevent attacks before they even take place?
With ever-advancing technology, the methods and attempts to breach cybersecurity increase every day. To keep breaches from happening skilled talent must be prepared at an earlier age to ensure the field of cybersecurity will have the availability of resources it will need in the future. That’s a tall feat, considering Fredrick Lee (2020) of Gusto found that “3.5 million cybersecurity jobs will be available yet unfilled by 2021, despite ransomware attacks growing 350 percent year-over-year.” If we aren’t prepared for the current cybersecurity needs, how can we ensure we are ready in the future?
According to Joanne Cheng (2021) of Rethink Education, the recent pandemic increased the world’s technology use and thus increased exposure to cyber threats. Barriers to enter and advance in the cybersecurity industry need to be taken down and all students, regardless of where they come from or what they look like, need to be prepared to fill cybersecurity positions both now and in the future. Preparing the future cybersecurity workforce isn’t only a mission for K-12 education. It should be a concern for the industry as well since that is where cybersecurity threats will cause the most financial harm.
Cheng (2021) found that “cybercrime damages will cost the world an estimated $10.5 trillion annually by 2025, and spending on cybersecurity is expected to exceed $170 billion by 2022.” Some of those costs include purchasing the technology required to defend against cybersecurity threats, but there also needs to be a workforce prepared to use that technology successfully. Cybersecurity is a topic that has been gaining interest among investors of technology and financial companies as well as the government. This growing interest will hopefully lend to increasing support behind introducing cybersecurity education to students at younger ages, but cybersecurity education has significant room for improvement.
One current way for school districts to get support to provide cybersecurity education to their students is through WorkED’s Cybersecurity Virtual Externship.
Why do so many cybersecurity positions remain unfilled?
As with many technology careers, technological advancements have increased far faster than education can keep up with. Many of the technology careers that exist today, especially cybersecurity careers, weren’t included in career projections twenty years ago. It’s difficult for K-12 schools and universities to prepare students for careers that aren’t even on their radar. For this reason, it is crucial to plan for the future by teaching students about technology changes as soon as they occur.
However, Lee (2020) feels that lack of education and prepared cybersecurity talent isn’t the only reason cybersecurity positions remain unfilled. Hiring committees tend to look for degrees from specific universities and overlook skills that are crucial to cybersecurity positions that may differ from those they themselves possess. Many of the hiring boards are made up of individuals from similar schools and similar backgrounds who have similar experiences and similar skill sets. When the demographic of the group selecting candidates to fill positions is not diverse, they tend to look for those just like them. This limited viewpoint reduces the chances of candidates whose gender, race, or education differs from that of the selection committee.
Cheng (2021), believes the language used to describe cybersecurity roles is one factor that keeps potential cybersecurity professionals from applying for and/or being accepted for existing positions. If an applicant uses different terminology when applying for a position than what is listed in the job posting, the systems used to screen applications may rule out qualified candidates before the hiring committee even has a chance to review their skills.
Another factor making it difficult for those interested in cybersecurity professions from entering the industry is the various certifications, skills, and experience required. Trying to know what you need and where to start is overwhelming and becomes the first major barrier to success. (Cheng, 2021)
Unfortunately, educators can neither change company hiring practices nor the skills and certifications required to perform in cybersecurity careers, but they can prepare students for those future careers and help them navigate the education and certification pathways. Hopefully, by the time the future generation is ready to enter the cybersecurity field, the selection committees will be more diverse.
Don’t schools already teach about cybersecurity?
Every school has a responsibility to prepare students to meet the state’s education standards and/or the Common Core State Standards. Unfortunately, cybersecurity isn’t part of those standards and there are no federal requirements to include it in K-12 education. Schools with more resources often offer additional courses and curricula beyond the required standards, so these are where you may find cybersecurity offerings. Also, schools near organizations or companies that employ cybersecurity professionals are more likely to offer exposure to cybersecurity careers.
EdWeek Research Center (2020) conducted a national study to explore K-12 cybersecurity education. By surveying more than 900 educators, they found limited knowledge of cybersecurity among both students and educators with cybersecurity education being offered in fewer than half the districts or schools. The study found that students in private schools are more likely to know more about cybersecurity education as are districts with fewer low-income students and districts with cybersecurity resources in their communities. Similarly, more educators in private schools and districts with cybersecurity resources in their community are more knowledgeable about cybersecurity education. But what about schools that neither have the resources nor are in proximity to cybersecurity careers?
Even in schools where cybersecurity-related topics are offered, they only scratch the surface of the cybersecurity field. Of the 900 educators surveyed by EdWeek Research Center (2020), the majority who offer cybersecurity-related topics offer cyberbullying and/or cyber terrorism, some as early as elementary school. Other topics include data privacy, data security, cyber ethics, hacking, and cyber law. These subjects are a great place to start by introducing cyberbullying because they affect any technology user. By starting with these topics, students who do not go on to pursue cybersecurity careers will still learn how to protect themselves as well as their future employers from basic cybersecurity threats. But, that’s a small sampling of the topics that could be taught about cybersecurity.
If the general cybersecurity topics are introduced in earlier grades, schools could offer more in-depth topics in higher grades. However, without incentives and additional resources districts not already offering cybersecurity are unlikely to do so. To provide resources to school districts, organizations and companies should invest in cybersecurity education to ensure they have the workforce they need when cybersecurity threats start to impact their business.
The EdWeek Research Center (2020) study found that they tend to know more (62 percent of educations know a lot or some) than their students (40 percent know a lot or some). The study also found that of the educators who know a lot about cybersecurity “66 percent of their students know a lot or some about the subject.” The educators who know nothing of the subject have no students who know a lot or some about cybersecurity education.
Not only do school districts need resources to teach students about cybersecurity, but they also need informed teachers. Before teachers can educate their students about a topic, they themselves need to be educated. The first step to increasing cybersecurity education in K-12 is to increase cybersecurity knowledge and awareness among the educators. This can be accomplished through professional development offerings. Another way to equip teachers to deliver cybersecurity education is to provide them with curriculum and supports, such as what they get when they work with WorkED.
In addition to embedding cybersecurity into the school curriculum, nonprofit groups like Girls Who Code can serve as examples of how to expose younger students to cybersecurity and other technology fields in all areas of the country. “Other nonprofits like the Baltimore-based Digital Harbor Foundation and the Cyber Peace Corps are also working to educate and elevate the cyber abilities of the next generation with a focus on equity.” (Weingarten, 2020)
How can schools increase awareness of cybersecurity careers in order to increase interest?
According to the EdWeek Research Center (2020) study of 900 school leaders and teachers, the way to increase interest in the field is to increase awareness of cybersecurity careers and pathways into those careers. There are multiple ways to increase awareness of cybersecurity in education. First, schools can start embedding cybersecurity into the existing curriculum to give students exposure and help them explore the many career options in the field. Second, schools can add entire cybersecurity courses to their list of offerings. Third, at the very least, schools can incorporate extracurricular opportunities, such as clubs, camps, or competitions, to provide students with the chance to explore cybersecurity topics. Optimally, schools would use all of these methods together. The biggest challenge is finding the resources to do so. WorkED programs meet requirements for the district- or school-level career-technical education funds as well as federal and state education funding.
Regardless of how schools expose students to cybersecurity careers, it is sure to increase student interest. After all, how can students be interested in something they don’t know anything about?
If a school is limited in its resources and doesn’t know where to start, it may be more beneficial to introduce students to topics they probably are more aware of, such as robotics and artificial intelligence. The EdWeek Resource Center (2020) study found that “robotics is the cybersecurity subject that educators are most likely to say greatly interests their students. At the elementary level, 43 percent of teachers and principals say their students would like to learn more about it. Artificial intelligence is the top interest at the middle and high school levels. Seventy percent of high school teachers and principals and 55 percent of their middle school peers say their students would be very interested in learning more about this topic.”
Exposing students to cybersecurity topics will pique their interest to learn more. This can be a positive learning-interest cycle to grow and expand cybersecurity offerings across school districts, and hopefully, the country.
Another way to increase interest in cybersecurity careers, as well as other technology careers, is to provide students with work-based learning opportunities like the ones offered by WorkED. According to the EdWeek Research Center (2020) national study, the majority of school districts that provide cybersecurity education do so by infusing into the curriculum rather than offering a stand-alone course, a competition, or a camp.
However, cybersecurity competitions do have their advantages. Cybersecurity competitions are one of the methods that employers use to evaluate the skills of cybersecurity professionals they are considering for open positions. By exposing students to competitions in middle and/or high school, they’ll be seasoned competitors with an advantage when they are ready to enter the cybersecurity workforce. Perhaps in the future, competitors will be scouted like athletes.
How can we encourage students to consider cybersecurity careers over other careers?
Cybersecurity CEO Robert Herjavec (2018) told Cybercrime Magazine that one way to get students interested in cybersecurity careers is to make them sound more exciting and to explain to students how these careers help and protect people. Most children say they want to be a soldier, police officer, teacher, or doctor because they want to protect or help people. If they understand that cybersecurity is the modern technological way to protect and help people, they may see it as a noble option and a way to “fight the bad guys.” (Herjavec, 2018)
Also, as with many careers that have been viewed as requiring high-level math skills, students may shy away. Unless your math skills are on par with the world’s greatest mathematicians, you probably question your math abilities. Students feel the same way. Either they feel that they are really good at math or they don’t think they are good enough. This feeling of being inferior in subjects can keep students from exploring careers that they think to require skills they believe they don’t have. Exposing students to the exciting challenges of cybersecurity careers without requiring them to complete math problems will allow students to determine their interests without worrying about whether they have the math skills they think are necessary.
Another factor when exploring careers is the earning potential in a career field. For some students, and their families, this may be the primary factor when selecting career options. As an industry with pathways for advancement, job stability, and an average salary of almost 90,000 dollars (US), cybersecurity should be a field to pique their interest. (Cheng, 2021)
Where can I learn more about cybersecurity careers and training?
In the United States, the Department of Homeland Security created the National Initiative for Cybersecurity Careers and Studies (NICCS) to prepare students for the cybersecurity careers of tomorrow. One initiative of the NICCS is the Cyber Career Pathways Tool that provides a roadmap to anyone interested in learning about the many careers in cybersecurity as well as the pathways to get there. This tool can help you and your students explore the many possible careers and paths to cybersecurity careers. NICCS also created an Education and Training Catalog that provides information for thousands of training available, some of which are offered online. For those not offered online, there is a search feature that allows users to find trainings that are closer to their location.
Learning about the variety of cybersecurity careers that exist as well as pathways to reach them, is one thing. However, more importantly, work-based learning experiences can help prepare students for success as cybersecurity professionals and help them determine which careers or pathways might best suit them. This is the benefit of WorkED’s Cybersecurity Virtual Externship. With this program, students will get firsthand experience and insight into the world of cybersecurity by exploring the fundamentals as well as real-world scenarios of cyber threats. Students will also interact with cybersecurity industry professionals.
Not only do students benefit from WorkED’s Cybersecurity Virtual Externship, but so do teachers and future employers. WorkED provides industry with the opportunity to interact with students and even help design challenges that allow students to test their knowledge and skills. Educators benefit by receiving materials and support as well as having industry at the table to help advance their career-technical education pathways and engage students with workplace learning. Check out WorkED’s Cybersecurity Virtual Externship today!
Cheng, J. (2021, January 14). Can edtech close the talent and workforce gap in cybersecurity? EdSurge. https://www.edsurge.com/news/2021-01-14-can-edtech-close-the-talent-and-workforce-gap-in-cybersecurity
Cyber Innovation Center. (2020). Cyber Career Exploration. CYBER.ORG. https://cyber.org/career-exploration
EdWeek Research Center. (2020, June 23).The state of cybersecurity education in K-12 schools: Results of a national survey. Cyber.org. https://cyber.org/sites/default/files/2020-06/The%20State%20of%20Cybersecurity%20Education%20in%20K-12%20Schools.pdf
Herjavec, R. (2018, August 16). Cybersecurity CEO: Let’s get young people excited about fighting cybercrime. Cybercrime Magazine. https://cybersecurityventures.com/cybersecurity-ceo-lets-get-young-people-excited-about-our-field
Lee, F. (2020, February 2). Calling BS on the security skills shortage. VentureBeat. https://venturebeat.com/2020/02/02/calling-bs-on-the-security-skills-shortage
National Initiative for Cybersecurity Careers and Studies. (2020). Cyber Career Pathways Tool. NICCS. https://niccs.cisa.gov/workforce-development/cyber-career-pathways
Weingarten, D. (2020, August 11). Federal cyber workforce: A search for solutions. Technical Education Post. https://www.techedmagazine.com/federal-cyber-workforce-a-search-for-solutions