Help Wanted: Combating the Cyber Skills Gap

Reading Time: 4 minutes

Recent news headlines frequently communicate about the massive shortage of cyber skills in the industry so we wanted to dig deeper into this phenomenon to find out why there’s a talent shortage and what can be done about it. Cyberattacks are permeating every commercial and government sector out there yet industry and analyst reports indicate there isn’t a large enough talent pool of defenders to keep pace with evolving threats. When data is compromised and there aren’t enough cyber security staff to secure the front lines, we ALL are at risk of identity theft, monetary losses, reputational damage, fines, and operational disruption. cy

Statistics on the Cyber Skills and Talent Gap

With more than one in four organizations experiencing an advanced persistent threat (APT) attack and when 97 percent of those APT’s are considered a credible threat to national security and economic stability, it’s no wonder the skills shortage is on everyone’s mind.

A report from Frost & Sullivan found that the global cybersecurity workforce will have more than 1.8 million unfilled positions by 2020 (that’s next year!) while some sources report a 3.5 million shortfall by 2021.

It begs several questions:

  • What’s causing the shortage of cybersecurity skills? According to a Deloitte report, the lack of effective training opportunities and risk of attrition may be to blame.
  • Is there really a shortage of talent? Hacker, security evangelist, and cyber security professional Alyssa Miller thinks there is more of a cyber talent disconnect between job seeker’s expectations of what a job entails versus what employer’s demand from a prospective candidate.
  • How do we fill these cyber positions? A study of 2,000 American adults found that nearly 80% of adults never considered cyber security careers. Why? Sheer unawareness. Most had never even heard of specific cyber job roles like a penetration tester and software engineer and others were deterred by their lack of education, interest, and knowledge about how to launch a cyber career.

Strategies to Minimize the Cybersecurity Skills Shortage

Given the pervasive nature of cyber security attacks, businesses can’t afford to wait around for premiere talent to walk through the door. Companies need to take a proactive and non-traditional approach to hiring talent—and, yes, it takes effort.

Miller suggests that recruiters “must learn to engage security professionals through less traditional avenues. The best security recruiters have learned how to connect with the community via social media. They’ve learned how to have meaningful interactions on Twitter and are patient in their approach.”

Whether looking to fill a position in digital forensics or computer programming or network defense or even cyber law, the skills required for those positions can be taught with the right tools. Companies should learn to be flexible with those requirements as many are now filling unopened positions by hiring and then teaching and training professionals on preferred cyber skills and competencies. Recruiters need to adopt a paradigm shift during the talent search and be more comfortable hiring for character and cultural fit first, then, training for skills development.

Fill the talent pipeline

Consider hiring people with different industry backgrounds or skill sets to bring new ideas to the table. Sometimes, getting an “outside” perspective on the challenges firms are facing sheds a new light because they notice nuances and inconsistencies that internal teams, who are in the day-to-day, may not see immediately. Look for passionate candidates with an eagerness to learn.

Companies today are prioritizing skills, knowledge, and willingness to learn over degrees and career fields because they know that some things cannot be taught in a classroom such as: curiosity, passion, problem-solving, and strong ethics.

Look for individuals with real-world experience

If you happen to have candidates in your pipeline that have industry knowledge, ask about their real-world experience. Inquire about the kinds of things they’ve learned in their previous position and get them to share how they remedied attacks. Create a checklist of skills you desire from a candidate that may include identity management, incident response management, system administration, network design and security, and hacking methodologies, to name a few. Learning how they dealt with real situations will reveal a lot about their personality, character, and skill set.

Re-examine job postings

Often a job posting is the only thing compelling a candidate to apply for a position. If the job posting is simply a laundry list of skills requirements and degree preferences, it may deter candidates who have those skills but also seek to work for a company that values innovation, creativity, and strategic vision. Read descriptions carefully to determine if they portray the culture of your organization. If a cultural vibe is lacking, it may be time to inject a sense of corporate personality to attract the right candidates.

Provide continuous professional development opportunities

With advances in technology, professionals need to be on top of the latest trends and tools to succeed in their job. That is why it is vital to re-skill and persistently train cybersecurity professionals so they can prepare for anything that comes their way—and you can retain your top talent. Conferences, webinars and certifications are not for everyone—so it is important to find growth opportunities that employees want to pursue for both their personal as well as their professional benefit.

Create a culture of empowerment for retention

CISOs can set expectations early in the hiring process so candidates understand how their specific role impacts the organization. For example, during the interview process, notify candidates of your expectation that they be “students of the industry” such that they are expected to stay on top of security news and happenings.

Gartner advocates for a “people-centric security” approach where stacks of tools are secondary to the powerful human element of security. Additionally, send out quarterly or bi-monthly roundups of the latest cyber security news and events to keep your team abreast of current affairs. Making it as easy as possible for them to be “students of the industry” increases the likelihood that they will remain current on industry developments and engaged in their role.

Invest in Cyber Training to Cultivate Talent

Executives are demonstrating their support for strong info security programs by increasing hiring budgets, supporting the development of info security operation centers (SOCs) and providing CISOs with the resources they need to build strong teams.

With the right talent, you will have a better chance of successfully defeating attackers, staying aware of current threats, and protecting your team, your company—and your job. These strategies will go a long way in preventing future attacks and preparing staff and systems to respond when things go awry. The cyber security staffing shortage is no longer just a cyber security department issue—it’s a global business risk issue.

 

Cyber Ranges and How They Improve Security Training

Reading Time: 3 minutes

WHAT ARE CYBER RANGES?

Cyber ranges were initially developed for government entities looking to better train their workforce with new skills and techniques. Cyber range providers like us deliver representations of actual networks, systems, and tools for novice and seasoned cyber professionals to safely train in virtual, secure environments without compromising the safety of their own network infrastructure. Today, cyber ranges are used in the cybersecurity industry to effectively train the cyber workforce across companies and organizations for stronger cyber defense against cyber attacks. As technology advances, cyber range training advances in scope and potential.

To learn more about Circadence’s cyber range platform, visit https://www.circadence.com/solutions/topic/cyber-ranges/.

The National Initiative for Cybersecurity Education reports cyber ranges provide:

  • Performance-based learning and assessment
  • A simulated environment where teams can work together to improve teamwork and team capabilities
  • Real-time feedback
  • Simulate on-the-job experience
  • An environment where new ideas can be tested and teams and work to solve complex cyber problems

In order to upskill cybersecurity professionals, commercial, academic, and government institutions have to gracefully fuse the technicalities of the field with the strategic thinking and problem-solving “soft skills” required to defeat sophisticated attacks.

Currently, cyber ranges come in two forms: Bare environments without pre-programmed content; or prescriptive content that may or may not be relevant to a user’s industry. Either cyber range type limits the learner’s ability to develop many skill sets, not just what their work role requires.

UNDERSTANDING CYBER RANGES IN A BOX (OR CYRAAS, as we call it.)

Cyber ranges in a box is a collection of virtual machines hosted on an on-premise or cloud-based environment. Now, don’t let the name “in a box” fool you, at Circadence, you can’t purchase our cyber range solution on its own. To your cyber learning benefit, Circadence offers a cyber-range-as-a-service [CyRaas] solution embedded within the Project Ares cyber learning platform for optimized training and skill building at scale. When you purchase Project Ares, CyRaaS is included. It provides all-encompassing tools and technologies to help professionals achieve the best cybersecurity training available. Our service offers industry-relevant content to help trainees practice offense and defense activities in emulated networks. Cyber ranges also allow learners to use their own tools within emulated network traffic to reflect the real-world feeling of an actual cyberattack. In “training as you would fight,” learners will have a better understanding of how to address cyber threats when the real-life scenario hits.

With advances in Artificial Intelligence (AI), we know cyber ranges can now support such technology. In the case of our own Project Ares, we are able to leverage AI and machine learning to gather user data and activity happening in the platform. As more users play Project Ares, patterns in the data reveal commonalities and anomalies of how missions are completed with minimal human intervention. Those patterns are used to inform the recommendations of an in-game advisor with chat bot functionality so players can receive help on certain cyber range training activities or levels. Further, layering AI and machine learning gives security  professionals better predictive capabilities and, according to Microsoft, even  “improve the efficacy of cybersecurity, the detection of hackers, and even prevent attacks before they occur.”

To learn how cyber ranges are being used to improve cyber learning for students (and how it can be applied to your organization or company,
DOWNLOAD OUR “LEARN BY DOING ON CYBER RANGES” INFOGRAPHIC.

GAMIFIED CYBER RANGES

With many studies touting the benefits of gamification in learning, it only makes sense that cyber ranges come equipped with a gamified element. Project Ares has a series of mini-games, battle rooms, and missions that help engage users in task completion—all while learning new techniques and strategies for defeating modern-day attacks. The mini-games help explain cyber technical and/or operational fundamentals with the goal of providing fun and instructional ways to learn a new concept or stay current on perishable skills. The battle rooms are environments used for training and assessing an individual on a set of specific tasks based on current offensive and defensive tactics, techniques and procedures. The missions are used for training and assessing an individual or team on their practical application of knowledge, skills and abilities in order to solve a given cybersecurity problem set, each with its own unique set of mission orders, rules of engagement and objectives.

CYBER RANGE SECURITY

There is a lot of sensitive data that can be housed in a cyber range, so system security is the final piece to comprising a cyber range. The cloud is quickly recognized as one of the most secure spaces to house network components (and physical infrastructure). To ensure the cyber ranges are operating quickly with the latest updates and to increase visibility of how users are engaging in the cyber ranges across the company, information security in the cloud is the latest and greatest approach for users training in test environments.

We are proud to have pioneered such a state-of-the-art cyber range in many of our platforms including (as mentioned above), Project Ares®, and CyRaaSTM. We hope this post helped you understand the true potential of cyber ranges and how they are evolving today to automate and augment the cyber workforce.

A Dialogue with Keenan Skelly – ISTP magazine

Reading Time: 1 minute

ITSPmagazine’s John Dasher chats with Keenan Skelly, Circadence VP of Global Partnerships & Security Evangelist, for a fascinating conversation on cybersecurity learning, training and assessment through their Ares and Orion products.

A New Perspective: Changing How We Think About Cybersecurity Training

Reading Time: 4 minutes

What if someone told you that there was a new way to commute to work in the morning? A way that was more efficient than taking the highways or backroads to avoid traffic – a way that would allow you to save time, headaches and the dangers of driving altogether…you’d be interested, right? Maybe a little skeptical, certainly, but interested. So would we! Changing the way we think about a process or an act does not happen at the flip of a switch. We know that.  However, the speed at which technology advances and new products and services hit the market with attempts to make our daily lives easier, faster, better requires us to be open to new ways of thinking about traditional approaches. In this blog, it’s about changing how we think about “cybersecurity training.”

While we can’t help you teleport to your office or lend you a flying car, the concept behind the “better way to commute” scenario is exactly what we at Circadence are advocating for—A new way to think about cybersecurity training and skills development. Now, we realize that might not be as “cool” as teleportation but hear us out.

When it comes to cybersecurity, we believe wholeheartedly that there is a better way to train cyber professionals on the latest tactics and techniques. Why? Current ways of developing professionals with “one-and-done” trainings in classroom settings aren’t working. How do we know this? Because businesses are still getting hacked every day. In 2018 alone, we saw a 350% increase in ransomware attacks and 250% in spoofing or business email compromise. If lecture-based, classroom setting, PowerPoint-driven training courses were working, we wouldn’t still be reading about breaches in our local and national news. Something new, something different has to be done.

Talk to your teams

People develop, use and control the technologies we have available to us. People are the mechanisms by which we execute certain security methods and procedures. People are the reason there are actual tools to help us stop threats. Talking to your team can help gain perspective on how they are feeling with their current workloads and where they want to improve professionally.

Without well-trained individuals who persistently learn new skills and find better (more efficient) ways to operationalize cyber processes and techniques, our businesses and our personal information will be exploited—it’s only a matter of time. While you may be thinking “I send my team to an off-site course and they learn new stuff every time” then great! We invite you to take the next step and talk to those teams about how they’re using what they’ve learned in everyday cyber practice. Sometimes the first step in adopting a new way of thinking about a process (in this case, cyber training), we need to talk to the people who actually experienced it (those with boots on the ground).

Talk to your teams about:

  • their experience on-site at the training
  • what their main takeaways were
  • how they are applying learned concepts to daily tasks
  • where they see gaps or “opportunities for improvement”

Listening to teams and asking objective questions like this can shed light on what’s working in your cyber readiness strategy and what’s not.

Reframe negative thoughts

Things that are new and different are disruptive and that can be scary for leaders looking for concrete ROI to tie to cyber readiness solutions. Forbes suggests reframing negative thoughts as well. In thinking about a new way to do cyber training, instead of “gamified cyber learning will never work,” come from a place of inquiry and curiosity instead. Reflect on what feelings or experiences are causing you to think negatively about a new way of doing something.

Ask objective questions like:

Understanding how something works or could work for your specific situation is the foundation for evaluating the merit of any new process or approach presented to you.

Know Today’s Cyber Training Options

How cyber training has been conducted hasn’t changed much in the past several years. Participation in courses require professionals to travel off-site to facilities/classrooms where they gather together to listen to lectures, view PowerPoint presentations and videos, and maybe engage in some online lab work to “bring concepts to life.”

Travel costs incur, time away from the frontlines occurs, and learners often disengage with material that is passively delivered to them (only 5% of information is retained with passive-learning delivery).

One of the biggest gaps in cyber training is that there isn’t a way to effectively measure cyber competencies in this traditional method. The proof is in the performance when professionals return to their desks and attempt to identify incoming threats and stop them. That absolute, black and white, way of measuring performance is too risky for businesses to stake their reputation and assets on.

Leaders who send their teams to these trainings need to know the following:

1) what new skills cyber teams have acquired

2) how their performance compares to their colleagues

3) what current skills they have improved

4) what cyber activities have they completed to demonstrate improvement/progression

Today’s off-site trainings don’t answer those questions until it’s too late and a threat has taken over a network. Professionals can “see” really quick when a learned skill doesn’t translate to real life.

Embrace the journey of learning

There is a better way to train professionals and it can happen with gamification. But don’t let us be your only source of truth. Talk to people. Listen to their experiences training traditionally and hear firsthand what they want out of a skill building opportunity. Read the latest research on gamification in the corporate workplace. Then, make connections based on the intel you’ve gathered to evaluate if gamification is right for your organization’s professional development approach.

We’ll be here when you’re ready to dive deeper into specific solutions.

Photo by sergio souza on Unsplash

Hope for Cybersecurity: Cyber Teaching Challenges & New Horizons for Cyber Learning

Reading Time: 3 minutes

The statistics are dismal. An estimated 3.5 million unfilled cyber positions by 2021 and today, we have over 300,000 openings in the U.S. alone. According to a New York Times article, “filling those jobs would mean increasing the country’s current cybersecurity workforce of 715,000 people by more than 40 percent,” according to data presented at the National Initiative for Cybersecurity Education Conference. If you’re a student in cyber or are just undeclared, there hasn’t been a better time to consider cybersecurity as a professional career. The field has come a long way from the stereotypical hoodie-wearing, Mountain Dew sipping worker in a dark room performing tedious coding tasks.

Cybersecurity is so much more than that—and it’s exciting! Don’t believe us? At Divergence Academy, we are preparing the next generation of cyber professionals to enter the workforce and alleviate the skills gap through gamified learning. If more institutions adopted such an approach, we as educators would be more successful at not just engaging our students in teaching relevant concepts and theory, but successful at helping them build skills needed in today’s workforce.

Cyber Teaching and Learning Challenges

But before we get into the “hopeful” part of this article, we need to understand the challenges in teaching cyber in the first place. The way that cybersecurity has been taught throughout the years often include lectures, PowerPoint presentations or online models that students complete on their own. Inherently there is nothing wrong in teaching new information in this way. However, the opportunity exists to help students learn how to apply this knowledge to a real-world setting. The act of doing and creating the needed experience is the single most important quality job candidates can bring to an employer and this is the gap Divergence Academy is hoping to close.

When students sit in a classroom, information can be presented in a systematic way, where in real life this may not always be the case, especially in the world of cybersecurity.

When you think of teaching someone how to think like a hacker, you are fundamentally teaching them how to be creative in how they approach a situation.

The concept of teaching someone to think like a hacker is easier said than done, which is why diversifying the way students can process information is crucial. Not every student learns in the way same.

There’s Hope for Cybersecurity: Continuous Skills Acquisition and Application

As cyber educators and instructors, we know there is no “one-way” to teach and that’s the good news! While certifications and technical degrees are a starting place for cybersecurity readiness and workforce development, instructors must think of new methods that provide persistent access to cyber education.

This statement can best be described with an analogous story. If an aspiring baseball player was training for the major leagues and went to practice to hone his/her skills, they would certainly learn something. However, if that aspiring baseball player then applied for the major leagues a year or so later, without attending training leading up to that point, he/she would be a little rusty, wouldn’t you say? The same situation can be applied to cybersecurity. You wouldn’t attend a class or even complete a full degree in cybersecurity and then apply for a job and say you were a “seasoned cybersecurity professional,” would you? Of course not. There is no “final inning” in cybersecurity signaling a professional’s peak of learning and skills acquisition.

Threats evolved day by day and if a student graduates thinking about phishing or malware detection one way and ends up in a work environment where that knowledge isn’t applicable anymore, we won’t be able to help the next generation of cyber pros be successful in their jobs. To keep current students and alumni actively engaged in critical learning, persistent access to cybersecurity training must be employed. In this industry, the only constant in cybersecurity is change, and for that reason (in addition to the multitude of attacks businesses every day), educational institutions can be vigilant in putting learning to work for the businesses and workplaces we rely on to support our daily functions.

As technology and interconnectivity evolve with each passing day, steps must be taken immediately to adopt a pedagogy that values and emphasizes continuous learning to best prepare our students for the career they want. With gamified learning at the helm of a new teaching approach for cybersecurity, we can be on our way to minimizing the cyber skills gap and empowering today’s students in a more effective way.

For more information about our gamified learning cyber courses, visit https://divergenceacademy.com/.

 

 

 

Guest Blog: Embracing Immersive, Gamified Cybersecurity Learning, Featuring Divergence Academy

Reading Time: 2 minutes

What is immersive, gamified cybersecurity learning? The term was originally coined in 2002 by a British computer programmer named Nick Pelling. The term hit the mainstream when a location-sharing service called Foursquare emerged in 2009, employing gamification elements like points, badges, and “mayorships” to motivate people to use their mobile app to “check in” to places they visited.  The term hit buzzword fame in 2011 when Gartner officially added it to its “Hype Cycle” list. But gamification is more than a buzz word. Companies have seen gamification work for them in cyber team training—so we thought it wise to take what is working and apply it at the earlier stages of career development—in the classroom.

At Divergence Academy, we are proud to offer a curriculum that embraces blended cyber learning to cultivate students and transitioning professionals who are ready to enter the workforce and stop today’s cyber threats.

We offer data science, cybersecurity, and cloud computing immersive learning programs that enable students to gain the knowledge and skills needed to work in any of those fields. Many of our courses offer a mix of concept-driven learning and application-driven learning so that students understand new knowledge and, in turn, apply that knowledge in skill building, project-based activities. Through working with messy, real-world data and scenarios, students gain experience across the entire technology spectrum.

Studies find when learners engage in active learning, hands-on activities, their information retention rates increase from 5% (with traditional, lecture-based methods) to 75%. The millennial generation presents radically different learning preferences than previous generations. Thus, educational institutions across the country should consider gamification as a pedagogical technique in the classroom. A study from the University of Limerick notes:

Gamified learning activities could become an integral part of flipped teaching environments. Their social, asynchronous nature can be used to prompt students to engage with pre-prepared content, while gamified learning activities can be used in the classroom to prompt student interaction and participation.

In watching our students engage with gamified activities, we see team-building blossom before our eyes. We see instant collaboration and problem-solving and critical thinking emerge. Those kinds of soft skills can’t always be taught in a traditional lecture-based setting and because of that, it is critical that we continue to offer a healthy mix of concept-driven learning with gamified learning opportunities to our students so that they can enter the workforce with a more holistic understanding of the industry.

Cybersecurity has become a captivating and engaging subject matter for students, which is fantastic as those words aren’t typically associated with the technical field.

“Wow, today we were introduced to Project Ares. Captivating is the best description I can think of. It is like ‘Call of Duty’ for cybersecurity.”
~ Divergence Academy Student, 24 years old

Fellow professors and instructors are looking for ways to make cybersecurity more interesting and attractive to students and we believe at Divergence, the gamified learning approach can help. It is an approachable way for students to engage with a field they may be completely unfamiliar with and it supports instructors by offering a course that students WANT to take.

“We notice an increase in student engagement in the classroom with the introduction of Project Ares. Gamification brings an element of intrigue and satisfaction to the learning experience.”
~ Beth Lahaie, Program Director

We hope our adoption and proven success of a blended learning approach is the nudge other institutions around the globe need to consider its power in building the next generation of cybersecurity professionals.

 

 

Inside inCyt: The Benefits of Gamified Cybersecurity Learning (An Interview with Cassie Brubaker)

Reading Time: 4 minutes

Here at Circadence, we are dedicated to taking cybersecurity learning to the next level. We do this through gamification that is accessible to all ages and ranges of knowledge on the subject. Our own Cassie Brubaker, co-creative director on our security awareness mobile app inCyt™, helped us understand the differences between learning and training, and how games can bring value to skill building in the technical world.

Why does cybersecurity really matter in today’s interconnected world?

C: When we don’t understand something, we don’t feel empowered. So, when I think about the importance of cybersecurity and cyber awareness, it’s more a story of empowering people to take back control of their lives. It’s a story about not being scared to live your day-to-day life because you understand [cyber] and you’re in control of it and I think that’s a wonderful thing.

I get that everybody needs to make their companies more secure, but I think it comes at a personal level too. If you feel in control over your personal life, you’re going to be a better contributor to your entire business, you’re going to be a better contributor to your family, you’re going to be a better contributor to yourself.

When we learn more about cybersecurity, we are empowered. Given your expertise with game development, what are the differences between learning versus training?

C: Games provide an inherently clever method to promote learning. There is a place for training, but in my mind, it’s a lot more formal. Learning has a broader application for me. It can happen in all kinds of different moments. You never know when you’re going to learn something new and that’s the magic of it. Training is more like, “let’s get this piece of information across in this specific way.” With our game inCyt, I’ve had so much fun trying to find all the different ways you can learn. You can play it again and again and it’s a little different every time. I can’t guarantee what lesson you’re going to learn when you play today and I don’t know what lesson you’re going to learn when you play tomorrow, BUT you’re going to learn something because you’re engaging with a well-designed product that has been crafted in such a way to give you all kinds of realistic experiences as it pertains to cybersecurity. 

Let’s talk briefly about inCyt and how it uses gamified learning.

C: inCyt is a mobile app that builds cybersecurity awareness. It is designed to educate everyone on fundamental cyber concepts and attack methods. It does this through two learning paths:  a concept learning component and gameplay component for individuals or teams.

The solution is taking the common perception of cybersecurity and flipping it on its head. Cybersecurity, as it exists today, does not conjure up feelings of peace and comfort the way you might expect from a field focused on security and safety. inCyt brings a radically different approach to the existing landscape – one that invites anyone and everyone to step out of the darkness and take their first step towards cyber enlightenment. One of the cool things about this product is that you’re learning organically about cybersecurity as you play, but you’re just having fun battling with your friends. The more and more you play, the more the cyber concepts start to sink in because you’re seeing them applied in real-world scenarios.

Who should play inCyt?

C: inCyt has been designed to reach all ages and experience levels. It’s ultimately designed for people who know very little about cybersecurity, but because we’ve built it to be playful and with a bit of strategy, even people who are cybersecurity professionals could play it and enjoy it. One of the things we found in testing within the company is that people who do this for a living will play it and say, “I think I could actually use this with my family, they don’t understand what I do.”

What is the ultimate value in a game like this?

C: The ultimate value of inCyt as a product for any company is that it is first and foremost fun for your employees to play. They are going to jump in and not going to feel like they’re being put through some mundane training exercise. There are two different ways that were teaching employees about cyber awareness. One of them is what I call “organic lessons” and that’s what happens primarily in the gameplay itself. We give players a bunch of cyber tools and allow them to experiment through gameplay and find what strategies work. In doing this, we’re creating employees that think one level bigger, more strategically about the “whys” and the “what’s” as opposed to a memorized list of rules that need to be followed. Nobody likes that. After learning the basic cyber concepts, players can compete in the gameplay portion of the app.

When working on inCyt, how did you address different learning styles?

C: In terms of different learning styles, that’s really where we’ve gone into playtesting as our method to lean against. Everybody wants something a little bit different when they play – some people want all of the answers up front, they want to know exactly how to use it and they want to know why they’re doing it, while some people want to experiment. Through those playtests, we’re able to make variations of the gameplay that hit the largest range of learning styles. It’s really from a human engagement level, less of a theoretical learning style level. That’s why the playtests have been so helpful for us.

For more information on the benefits of gamified learning, check out the below-recommended reading.

 

Recommended Reading:

The Importance of Gamification in Cybersecurity Training

Why Gamification is the Answer You’ve Been Looking For

Benefits of Gamified Learning

 

Close the Cybersecurity Workforce Gap with Apprenticeships, Internships, and Other Alternative Pathways

Reading Time: 4 minutes

We’ve all heard by now that the cyber workforce gap has reached a level of desperation that puts all of us, and our country, at risk. It’s time we start moving the conversation away from the problem and towards innovative solutions.

To truly narrow this cyber workforce gap, it’s crucial to solicit the collaboration and support of the “golden trifecta” – academia, commercial industries, and government. And while educating and training high school and university students is important, this should not be our only focus; re-skilling and upskilling populations such as Veterans, minorities, career changers, women, persons with disabilities and learning differences, and others, have tremendous potential to both shrink the gap and contribute much needed diversity to the cyber workforce.

Recognizing National Cybersecurity Career Awareness Week (Nov. 12-17), we thought it prudent to share three tools that can help prepare the next generation of cybersecurity professionals to address ever-evolving threats and the aforementioned challenges.

Apprenticeships

Compared to other professions, cybersecurity apprenticeship programs are scarce.  Yet, there is hardly a better way for an organization to fill its pipeline with well-qualified cybersecurity talent than by building an apprenticeship model into existing recruiting strategies. By integrating an “earn while they learn” model, employers can leverage a unique opportunity to grow their own talented pool of cyber professionals who have the highly desired combination of hands-on skills and foundational, academic knowledge.

“This is absolutely fundamental, and a key plan in meeting the workforce needs. Our solution to the gap will be about skills and technical ability,” says Eric Iversen, VP of Learning & Communications, Start Engineering. “And the most successful of apprenticeship programs offer student benefits (e.g., real-world job skills, active income, mentorship, industry-recognized credentials, an inside track to full-time employment, etc.) and employer benefits (i.e., developed talent that matches specific needs and skill sets, reduced hiring costs and a high return on investment, low turnover rates and employee retention, etc.)”

These types of opportunities are especially beneficial for recruiting individuals who may be switching careers, may not have advanced degrees, or are looking to re-enter the field. The U.S. Department of Labor, provides guidance on starting apprenticeship programs.

Internships

The hardest part of being a young professional is finding that first career opportunity. However, that is a particular challenge for aspiring cyber professionals when just about every job posting they find asks for some level of relevant, industry experience. The problem is, not many organizations are willing to give it! For organizations looking to bring fresh ideas, perspectives and talent through the door, internship partnerships with local academic institutions can be a great workforce development tool. Many community colleges, technical colleges, and universities have well-oiled practices of connecting their students with local companies. In fact, it’s not uncommon for most students, both undergraduate and graduate, to be required to complete an internship in their field of study before graduation. Much like a successful apprenticeship program, a strategic internship program enables a situation where everyone involved, wins.

Alternative Pathways

While there are many models to be considered here, the following two are typically the most accessible and well-received for both students and employers.

  • “Stackable” Courses, Credits & Certificates: Simply put, “stackable” learning opportunities allow students to quickly build their knowledgebase and achieve industry-relevant experience that leads directly to employment. The idea here is two-fold.

a). High school students can enroll in college-level coursework and/or earn cybersecurity-focused certificates while completing their high school career.

b). College-level students can leave higher education for a job, and later return with credits that count toward the next certificate or degree.

This approach continues to gain traction as high school counselors and college administrators respond to the rapidly evolving nature of our economy.

  • Cyber Competitions & Hackathons: There is hardly a better vehicle for the practical application of one’s skillset than participating in a cyber competition or hackathon. These types of opportunities are becoming more and more common, and many times, cyber enthusiasts of all proficiency levels view cyber competitions and hackathons as the “latest and greatest” in extra-curricular activities. While numerous studies can be cited to support the significant traction cyber competitions and hackathons have gained, the fact is they’re changing the landscape in important ways. For example, cyber competitions and hackathons are often cited as positively impacting one’s exposure to the industry. Cyber competitions:
    • Support exposure to new and emerging technologies
    • Enable networking opportunities with like-minded folks
    • Offer environments for learners to demonstrate their abilities
    • Provide opportunity for new talent recruitment

Circadence is proud to lend its platform Project Ares® for many local and national cyber competitions including the cyberBUFFS, SoCal Cyber Cup, and Paranoia Challenge so students can engage in healthy competition and skill-building among peers. For more information on cyber competitions and hackathons, check out the Air Force Association’s CyberPatriot, Carnegie Mellon’s picoCTF, Major League Hacking, and the National Cyber League.

Closing the cyber workforce gap will take diversification in all sense of the word.

  • Diversity from supporting organizations, institutions, and companies.
  • Diversity in learning approaches and experiences.
  • Diversity in learners themselves.

Enterprise, government and academic institutions must pursue innovative and engaging ways new to attract underrepresented professionals to apprenticeships, internships and alternative pathways to add diversity to the cybersecurity workforce. And based on the current state of our cyber workforce, this suggestion is not just important, it is essential.

Many desired outcomes become a reality when we emphasize these efforts. It’s the unique perspectives, the inspired teamwork, the widened pool of well-qualified talent, the creativity and the “all-hands-on-desk” (see what we did there?) mentality that will help strengthen the cybersecurity industry not just for students, but for all agencies and businesses. Let’s embrace all of it!