Scholarships aimed at closing cybersecurity talent gap

Cisco, others hope to deepen pool of qualified workers through training

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

With the short­age of skilled cyber­se­cu­ri­ty pro­fes­sion­als begin­ning to assume cri­sis pro­por­tions, some orga­ni­za­tions have begun to take mat­ters into their own hands to try and address the problem.

Cis­co Sys­tems has jumped on the band­wag­on in a big way. The net­work­ing equip­ment giant last Thurs­day announced a new $10 mil­lion schol­ar­ship pro­gram under which it hopes to train up to 10,000 indi­vid­u­als for careers in cyber­se­cu­ri­ty operations.

Cisco’s Glob­al Cyber­se­cu­ri­ty Schol­ar­ship pro­gram is open to those 18 years or old­er, who are pro­fi­cient in Eng­lish, have some kind of ear­ly career secu­ri­ty cer­ti­fi­ca­tion under their belt or are mil­i­tary veterans.

The self-paced pro­gram involves some 85 hours of instruc­tion­al study and includes a com­po­nent where men­tors will engage with stu­dents at an indi­vid­ual lev­el to train them. Can­di­dates who qual­i­fy for the pro­gram after a for­mal vet­ting process must com­mit to pur­sue a career in cyber­se­cu­ri­ty and be able to com­plete the train­ing in three months. A col­lege degree is not a require­ment to par­tic­i­pate in the program.

Indi­vid­u­als who grad­u­ate from the pro­gram will receive a Cis­co Cer­ti­fied Net­work Asso­ciate (CCNA) Cyber Ops cer­ti­fi­ca­tion tes­ti­fy­ing to their readi­ness to assume an entry-lev­el secu­ri­ty ana­lyst role. The pro­gram, accord­ing to Cis­co, will pre­pare them to han­dle tasks like mon­i­tor­ing secu­ri­ty sys­tems, detect­ing cyber attacks, gath­er­ing, ana­lyz­ing and cor­re­lat­ing secu­ri­ty data, and coor­di­nat­ing inci­dent response.

Cre­at­ing qual­i­fied workers

The schol­ar­ship ini­tia­tive is a response to the deep­en­ing cyber­se­cu­ri­ty skills short­age, said Tejas Vashi, senior direc­tor at Cis­co Ser­vices. “The whole idea behind this is to broad­en the tal­ent pool for the indus­try so cus­tomers, or any­body, can get their fair share of the avail­able tal­ent.” Vashi said. Cis­co will work with oth­er orga­ni­za­tions to try and place can­di­dates who suc­cess­ful­ly com­plete the course.

Vashi point­ed to a recent study by the Infor­ma­tion Sys­tems Audit and Con­trol Asso­ci­a­tion (ISACA) show­ing grow­ing con­cern with­in enter­pris­es about the skills short­age impact­ing their abil­i­ty to prop­er­ly defend against threats. About 60 per­cent of the respon­dents in a sur­vey of 461 secu­ri­ty man­agers and prac­ti­tion­ers, con­duct­ed by ISACA and secu­ri­ty ven­dor RSA between Novem­ber and Decem­ber 2015, believed their infor­ma­tion secu­ri­ty could only han­dle basic secu­ri­ty incidents.

About 62 per­cent said their infor­ma­tion secu­ri­ty team was under­staffed com­pared to the 56 per­cent who had said the same thing in the pre­vi­ous year’s sur­vey. But rather than bud­get con­straints, respon­dents said their prob­lems stemmed for the dearth of qual­i­fied pro­fes­sion­als for their needs. Fifty-four per­cent of the respon­dents said it took their orga­ni­za­tions at least six months on aver­age to find a qual­i­fied can­di­date while 9 per­cent con­fessed to being unable to fill all avail­able posi­tions because of a lack of avail­able talent.

Can­di­dates lack skills

Dis­turbing­ly, the sur­vey showed that an increas­ing num­ber of indi­vid­u­als apply­ing for open cyber­se­cu­ri­ty posi­tions do not have the required qual­i­fi­ca­tions for the jobs, Vashi said. Near­ly six in 10 of the respon­dents in the ISACA and RSA sur­vey felt that more than half of the peo­ple apply­ing for cyber­se­cu­ri­ty jobs at their orga­ni­za­tions did not have the need­ed skills for the job. That is up 10 per­cent from the 50 per­cent who had felt the same way a year ago.

The trend has put enter­pris­es in a very awk­ward posi­tion, Vashi said. Even as threats are becom­ing more crit­i­cal and the threat land­scape has become much more com­plex, enter­pris­es are com­ing up short in their abil­i­ty to find peo­ple to help, he said.

With its pro­gram, Cis­co has become part of a broad­er ini­tia­tive that is being played out at the nation­al lev­el to bol­ster the avail­abil­i­ty of infor­ma­tion secu­ri­ty talent.

Pub­lic, pri­vate sec­tors seek talent

The Oba­ma administration’s Cyber­se­cu­ri­ty Nation­al Action Plan (CNAP) that was announced ear­li­er this year sets aside $62 mil­lion to pre­pare peo­ple for gov­ern­ment careers in infor­ma­tion secu­ri­ty. A Cyber­Corps Reserve ini­tia­tive estab­lished under CNAP offers schol­ar­ships for U.S. cit­i­zens wish­ing to pur­sue careers in cyber­se­cu­ri­ty with­in the fed­er­al gov­ern­ment. The CNAP pro­gram also has put the U.S. Depart­ment of Home­land Secu­ri­ty in charge of devel­op­ing a Cyber­se­cu­ri­ty Core Cur­ricu­lum to ensure that infor­ma­tion secu­ri­ty pro­fes­sion­als join­ing the fed­er­al gov­ern­ment meet cer­tain base­line requirements.

One exam­ple of how the ini­tia­tive will work is a $4.2 mil­lion schol­ar­ship pro­gram that is being rolled out at the Uni­ver­si­ty of Mass­a­chu­setts Amherst for train­ing up to 28 stu­dents in cyber­se­cu­ri­ty. Stu­dents who qual­i­fy for the pro­gram will receive a schol­ar­ship that cov­ers tuition, fees, books, trav­el and health insur­ance. In addi­tion, grad­u­ate stu­dents under the pro­gram will be eli­gi­ble for stipends of up to $34,000 a year, while under­grad­u­ate stu­dents will be eli­gi­ble for up to $22,500.

The pro­gram requires stu­dents to com­mit to work­ing for at least one year in a fed­er­al, state or local gov­ern­ment orga­ni­za­tion for every full year of schol­ar­ships that they receive.

Anoth­er exam­ple is the Nation­al Insti­tute of Stan­dards and Tech­nol­o­gy (NIST), which has a pro­gram called the Nation­al Ini­tia­tive for Cyber­se­cu­ri­ty Edu­ca­tion (NICE), under which it is work­ing with pri­vate sec­tor orga­ni­za­tions, gov­ern­ment agen­cies and acad­e­mia to devel­op train­ing and work force devel­op­ment pro­grams in cybersecurity.

One exam­ple of an orga­ni­za­tion in the pri­vate sec­tor that has embarked on a mis­sion sim­i­lar to Cisco’s is Hewlett-Packard. The tech­nol­o­gy giant has a pro­gram under which it is offer­ing schol­ar­ships rang­ing from $5,000 to $10,000 to women study­ing for bachelor’s and grad­u­ate degrees in infor­ma­tion secu­ri­ty. Part­ner­ing with HP in Schol­ar­ships for Women Study­ing Infor­ma­tion Secu­ri­ty (SWSIS) pro­gram is Applied Com­put­er Secu­ri­ty Asso­ciates (ACSA) a non­prof­it group of infor­ma­tion secu­ri­ty professionals.

The Nation­al Ini­tia­tive for Cyber­se­cu­ri­ty Careers and Stud­ies main­tains a list of some oth­er schol­ar­ships and train­ing pro­grams avail­able to indi­vid­u­als inter­est­ed in infor­ma­tion secu­ri­ty careers.

More sto­ries relat­ed to cyber­se­cu­ri­ty jobs:
Three steps to fix­ing the cyber­se­cu­ri­ty tal­ent shortage
Brown Uni­ver­si­ty launch­es mile­stone exec­u­tive cyber­se­cu­ri­ty program
Acad­e­mia tries to ease short­age of cyber sleuths

Posted in Cybersecurity, Featured Story