How Educational Institutions Can Help Fill the Cybersecurity Workforce Gap
Worldwide, there are significant gaps in national cybersecurity workforces. The demand for qualified cybersecurity professionals far outpaces countries’ abilities to supply professionals to meet this demand.
Organizations, including ISC2, have projected cybersecurity workforce shortages. More specifically, organizations have revealed a shortage in all seven of the cybersecurity workforce functions identified by the National Institute of Standards and Technology’s (NIST) National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. These include analysis; collecting and operationalizing information; investigations; operating and maintaining systems; overseeing and governing programs; protecting and defending networks; and securely provisioning systems.
Additionally, a 2022 Fortinet report, 2022 Cybersecurity Skills Gap Global Research Report, revealed that organizations worldwide struggle to recruit qualified cybersecurity professionals. The same report revealed cybersecurity skills shortages, challenges in creating a diverse workforce, and employees’ lack of required cybersecurity knowledge.
Bridging the Gap
Educational institutions can help fill the deficit in national cybersecurity capacity. One way this can be accomplished is by bridging the gap between STEM (Science, Technology, Engineering, and Mathematics) and non-STEM disciplines through the creation of educational programs that provide essential technical cybersecurity-related knowledge, skills, and abilities (KSAs) for the workforce.
Students who are interested in cybersecurity education, research, or careers are often guided away from the field because they come from non-STEM disciplines, and they are left with the impression that it is too late for them to gain the KSAs they need for the workforce. In addition to shutting out potential talent, the practice of diverting non-STEM students and professionals away from cybersecurity disciplines and positions diminishes the cybersecurity field because non-STEM KSAs—which are included in the NICE Cybersecurity Workforce Framework—have been identified as vital to the field, including managing and governing programs or advocating for cybersecurity initiatives.
Moreover, students and professionals from non-STEM disciplines and backgrounds can provide valuable alternative lenses through which to view cybersecurity, thereby enriching knowledge and research in this field.
The reality is that the cybersecurity workforce spans a range of roles between purely technical (e.g., software engineer) and purely non-technical (e.g., compliance officer). The NICE Cybersecurity Workforce Framework, which “provides a set of building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work performed by individuals and teams,” identifies this range of technical and non-technical roles.
NICE implemented a Strategic Plan (2021-2025) to “prepare, grow, and sustain a cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity.” One of the goals included in this plan involves “transform[ing] learning to build and sustain a diverse and skilled workforce.” The plan also identified the means with which to accomplish this goal, by, for example, “improv[ing] the quality and availability of credentials (e.g., diplomas, degrees, certificates, certifications, badges)” and “[a]dvocat[ing] for multidisciplinary approaches that integrate cybersecurity across varied curricula that support diverse learners from a variety of backgrounds and experiences.”
Implementing cyber bridge programs at educational institutions is an essential step towards achieving these objectives.
The Role of Educational Cyber Bridge Programs
Cyber bridge programs provide in-depth learning opportunities to students pursuing non-STEM majors to develop cybersecurity related KSAs. Starting at the undergraduate level, cyber bridge programs can be developed that provide students with a sequence of courses they can take, irrespective of their major (e.g., criminal justice, law, psychology, sociology, security management, etc.). These cyber bridge programs can not only cover computer programming, architecture, operating systems, and networks, but also teach essential skills—critical thinking, written and oral communications, team building, and leadership skills—through research projects and individual and group assignments.
In 2021, the National Science Foundation (NSF) funded a project, which was proposed by John Jay College of Criminal Justice at City University of New York, to, among other things, develop a cyber bridge program. The proposed undergraduate cyber bridge program requires students to complete a sequence of courses (taken in place of undergraduate minor and/or undergraduate course electives), including courses on cybercrime and computer programming, architecture, operating systems, and networks, and cybersecurity research methods, and engage in interdisciplinary research with STEM and non-STEM faculty and students.
The sequence of courses equips students with foundational technical KSAs that complement students’ non-STEM KSAs. Students in the program not only gain practical cybersecurity related KSAs, but also research and project management experience and other essential workforce skills (e.g., information literacy, inquiry and analysis, problem solving, etc.).
The proposed bridge program is open to students from any academic discipline, enabling any student from any discipline to complete the program. It can serve as a standalone certificate or be used to enable students from an academic discipline to complete a bachelor’s degree in their own major and a master’s degree in digital forensics and cybersecurity at John Jay College in five years.
Building a Diverse Cybersecurity Workforce
Closing the cybersecurity workforce gap means creating more equitable access to cybersecurity roles and creating a more inclusive cybersecurity workforce. New talent can enhance the field by providing a different lens with which to view cybersecurity threats and cybersecurity practices.
Cyber bridge programs play a critical role in developing, growing, and sustaining a diverse workforce and contributing to the upward socioeconomic mobility of populations. Casting a wider net through cyber bridge programs and complementing students’ non-technical KSAs with technical KSAs achieves the dual objective of creating a multidisciplinary cyber workforce and achieving upward economic mobility for students by preparing them for cybersecurity jobs that command high salaries.
This field can be lucrative, but students may be unaware of it. In 2021, the U.S. Bureau of Labor Statistics identified the median income for an information security analyst as $102,000, and for a digital forensics analyst the median income was $95,000. Ultimately, bridge programs can promote awareness about the field while developing inclusiveness within it and improving the livelihoods and professional trajectories of students.
In this manner, educational institutions can assist in the creation of a more inclusive cyber workforce and improvement of socioeconomic opportunities for students.
Marie-Helen Maras is an associate professor at the department of security, fire, and emergency management at John Jay College of Criminal Justice and the director of the Center for Cybercrime Studies. Her academic background and research cover cybersecurity, cybercrime, and the legal, political, social, cultural, and economic impact of digital technology.
Shweta Jain is a professor of computer science at John Jay College of Criminal Justice. Her areas of research and teaching is broadly related to network and Internet security.
Hunter Johnson is an associate professor of mathematics and computer science at John Jay College of Criminal Justice. His Ph.D is in mathematical logic; currently his research interests include machine learning and human evolution.
Matluba Khodjaeva is an assistant professor in the department of mathematics and computer science at John Jay College of Criminal Justice and doctoral faculty of Computer Science at the Graduate Center of CUNY. Her research interest is in cryptography, mainly in the area of secure outsourcing computations to the cloud.
© 2022, Maras, Marie-Helen