By Lisa Depew, Head of Industry and Academic Outreach, McAfee
The “Cyber Scholarship Opportunities Act of 2017,” which is sponsored by Sens. Roger Wicker (R-Miss.) and Tim Kaine (D-Va.) and was recently approved by the Senate Commerce, Science and Transportation Committee, is welcome news for those increasingly worried about the cybersecurity workforce shortage. A report written by the Center for Strategic and International Studies last year, “Hacking the Skills Shortage,” sounded the alarm about this shortage, with 82 percent of respondents reporting a skills shortage in cybersecurity and 71 percent citing direct and measurable damage as a result.
This piece of legislation shows that Congress is addressing the workforce shortage head-on, an issue I testified about earlier this year before Chairman Will Hurd’s U.S. Information Technology Subcommittee of the Committee on Oversight and Government Reform. The issues raised during the hearing closely mirror the provisions of the “Cyber Scholarship Opportunities Act of 2017”; a few key points I stressed in April that we’re pleased to see Congress agreeing with are:
Community College Associate’s Degrees
The provision that would provide scholarships for students at community colleges is one we at McAfee have supported. Many attending community colleges do so from adjacent domains in an effort to pursue skills retraining. Bringing these students into the cybersecurity fold will allow the industry to more quickly benefit from their expertise, faster. Scholarships will also attract talented, younger students who have not yet made a commitment, as well as veterans looking to serve in another way. Not every cybersecurity practitioner needs a Ph.D.; there are a variety of roles requiring a diverse range of expertise whereby professionals can be successful contributors in cybersecurity. Diversity of thought will be crucial to success in cybersecurity through its bringing together of a rich set of experiences, perspectives and means of solving problems together.
The inclusion of language addressing part-time students is encouraging and indicates an understanding of how the roles and circumstances of many in the American workforce have changed. This widening of the aperture will empower working Americans who might be pursuing their next degree and/or a new skill part-time, and is a step in the right direction.
Yet another area of focus for this bill that McAfee sees as crucial is increased cybersecurity advocacy in K-12. Recent data from Microsoft shows that European girls become interested in STEM around age 11, but this starts to wane by the age 15, illustrating a need for us to both engage and inspire young women during this critical time.
We’ve encouraged the National Science Foundation (NSF) to add a compulsory volunteer component for middle and high school students to its Scholarship for Service program. Educating at a young age is important because when we build an entire continuum—each stage of cybersecurity experts uplifting and empowering the generation after it—we will move to a more cybersecure posture. Additionally, the overall Scholarship for Service program must be increased, given the size and scale of the cyber skills deficit. In my testimony, I had recommended funding in the range of $180 million, a significant increase from the $50 million spent in 2016. We estimate that funding the program in the $180 million range could fund between 5,000 to 6,000 scholarships each year. This would make a large dent in the estimated 10,000, yearly gap of cyber security professionals identified in the Federal work force by former Federal CIO, Tony Scott.
While we’re pleased to see this legislation progress, there is still more work to be done. The bill directs the NSF to provide awards to improve cybersecurity education and increase teacher recruitment, but it’s important to remember that cybersecurity is a unique field of study, and thus requires a unique approach to teaching. Industry practitioners have rich and varied experiences that enhance the conversation of how to be an effective cybersecurity professional, and extraordinary insight can be gained from practical, hands-on experience in the field.
Sound educational theory and quality academic instruction are crucial. Understanding real-world, real-time threats is also imperative as our graduating professionals join the workforce and industry’s rapidly changing cybersecurity landscape. We must find ways to maximize the instruction from both academia an industry, to facilitate our students’—and government’s and industry’s—success.
Technology changes rapidly—especially in the field of cybersecurity—making it critical to be timely, open, and collaborative to ensure students in the field are benefiting as much as possible. To make them successful, they need the support of the government, real-time insights from the industry, and expertise from teachers to best-prepare them for the exciting, fast-paced world of cybersecurity. But more than that, we must continue working to ensure talented individuals with diversity of thought can help fill the growing IT and cybersecurity skills shortage.