BUILDING THE CYBERSECURITY PIPELINE
It all starts with awareness
Sandra Leiterman
Managing Director, Trojan Cyber Arena,
U.A. Little Rock
IF YOU’RE IN my field, your required reading will include a website called The Cybersecurity Supply and Demand Heat Map. It’s an up-to-date color-coded interactive map of the United States showing that there are currently 1,053,468 cybersecurity professionals working in the U.S.—and yet, there are still 597,767 job openings for cybersecurity workers from coast to coast.
Beyond the Big Picture, you can move your cursor over any state you’re curious about and see how many unfilled job openings there are. Texas, for example, has 67,439 openings for cybersecurity experts. Georgia has 21,868 openings. Louisiana has 3,494. Arkansas has 1,908, the most per-capita of any state. The top cybersecurity job titles include Cybersecurity Analyst, Cybersecurity Manager, Cybersecurity Consultant, Software Developer, Systems Engineer, Network Engineer, Penetration & Vulnerability Tester, Systems Administrator, and Cybersecurity Specialist.
Nationwide, the supply-to-demand ratio is only at 68 percent right now. So as that gap continues to expand, the supply-to-demand percentage is going to get lower—unless we do something right now, both to start making more people aware and to get more potential cybersecurity workers in the pipeline.
This is the general backdrop to an important program that we at UA Little Rock, in partnership with Arkansas Tech University, have launched just this month: The 2022 Arkansas Computer Science and Computing Educator Academy (CSCEA). The program, which is overseen by the Arkansas Department of Education (ADE) Office of Computer Science, will provide free tuition for up to 60 Arkansas educators to complete a graduate certificate in cybersecurity education at UA Little Rock, as well as advanced computer science training from the ADE. A grant in excess of $800,000 from the ADE will provide tuition and fees for teachers to take 18 graduate-level hours in computer science and cybersecurity. Participants must be Arkansas residents who’re employed by an Arkansas public school district or who intend to teach within an Arkansas public school district.
The CSCEA program is a happy offshoot of UA Little Rock’s having been designated by the National Security Agency (NSA) as one of this nation’s “Academic Centers of Excellence,” offering a graduate certificate in cybersecurity education through the National Cybersecurity Teaching Academy, a collaboration of 10 institutions in nine states. This program is funded by a $750,000 grant from the National Centers of Academic Excellence in Cybersecurity, located within the NSA. As such, we were already working with DePaul University and the
University of Louisville to teach a cohort of 90 high school teachers nationwide, beginning this summer. Thirty-two of them will be taking their virtual classes at UA Little Rock, and the others will do their courses at DePaul and the University of Louisville.
When the people at the Arkansas Department of Education heard about it, they said, “Hey, wait, we like this,” so they had a grant application open and I served as co-principal investigator on the grant. We got another almost $1 million to bring up as many as 60 Arkansas teachers through the same Academy. We currently have 44 who have taken advantage of it. They’re starting their coursework with ADE this summer, for which we’ll give them six graduate credit hours. Their more advanced training will happen through UA Little Rock this fall and next spring, when they take the Foundation of Cybersecurity and Teaching Cybersecurity courses through the National Cybersecurity Teaching Academy. Then next summer they’ll align with the national cohort to do the remaining two classes. All in all, the Arkansas teachers will earn 18 credit hours, which gives them the certifications necessary to teach a college-level Foundations of Cybersecurity class in their high schools.
*
THE TEACHING PROGRAM I’ve just outlined doesn’t exist in a vacuum. It’s part of a strategic plan to make cybersecurity awareness—and expertise—part of the fabric of an Arkansas high school education.
The first thing we did was make sure the teachers we accepted for graduate credit had the basic qualifications to teach cybersecurity. So, for the National Cybersecurity Teaching Academy, we required that they be presently teaching cybersecurity either as a stand-alone course or as an after-school extracurricular, as in a cybersecurity club. Part two of their eligibility was that the teachers and their principals had to agree to create a cybersecurity pathway at their high schools.
Incidentally, the first 44 Arkansas teachers come mostly from Northwest, Northeast, and Central Arkansas. There is some representation in the southeast and southwest parts of the state, but clearly not as much as in the other regions. Part of the reason for that may just be the size of the schools and the fact that they don’t have a dedicated cybersecurity or computer science teacher to go through the program. It doesn’t mean that cybersecurity isn’t being offered to the students; they still have the opportunity to take the course through Virtual Arkansas, another of our programs in partnership with ADE. In any case, this is something we want to work on for the next round—getting that cybersecurity teacher representation in south Arkansas.
Once we’ve made sure the teachers have the foundational knowledge to teach cybersecurity, we will, through their coursework, give them the pedagogy, the content, and the strategies to teach their courses. But when they finish their coursework with the National Cybersecurity Training Academy, we aren’t just going to wish them well and send them home. The next step is to give them some real-world cybersecurity experience.
I’m very excited about this part, because this is the piece of the strategic plan that I’ll be most involved in. Next summer—the summer of 2023—we want all of the teachers who started their coursework this year to participate in a practicum. That will be like a mini-internship, in which they do job shadowing or a special cybersecurity project with a real business. It can be in-person or it can be online. As I write this, my main concern is just getting all of the teachers lined up in their practicum and finding enough business partners.
I recently went to the Women in Cybersecurity Conference and all the businesspeople I talked with there thought it was an amazing idea. With cybersecurity, though, there are always security issues: Do we need a security clearance? Can we even get that? So, even though they may want to participate, their policies may not allow them to. But we’re not giving up. It’s an ambitious plan, and I’m betting we can pull it off.
*
ALL OF THIS elaborate effort finally brings us back to where we began—with the gap between the cybersecurity supply and demand. Only now, we will be preparing new generations of Arkansas high school students to step up and fill that gap, and, in the process, have the opportunity to enjoy a career in the fastest-growing, most in-demand field in technology today. I’ll say it again: It all starts with awareness. High school is where some kids start thinking about their future, and up until now a lot of them didn’t know that this was a career option. Even if they did, most of them were never going to go to school for it, never going to look for additional training.
But there are a couple of things about cybersecurity that makes the field very cool for so many of these kids, and this is the kind of information we want these young people to be aware of. One is, there are a lot of jobs that can be done remotely. Job potential usually isn’t great in rural America, so for those kids who don’t want to leave their small hometown or move far away from their family, cybersecurity can be the perfect answer.
The other cool thing is that they can do great things in cybersecurity without even having a college degree. Of course, we at UA Little Rock want them to get that college degree, but they don’t have to do it right off the bat; they can do a two-year degree, they can do a credential class, they can start with a certification—and they can get a job. And if they’re with a good company, it’s going to keep them on and continue to pay for their education, to make them an even better, more valuable employee. Because the demand is there.
One program I particularly want to mention. If a four-year degree seems daunting or unattainable, Arkansas high school graduates can look to the brand new Cyber Learning Network, CyberLearN. CyberLearN is being developed with a $1.96 million Workforce Development grant and will provide more equitable access to cybersecurity education for Arkansas learners, aligning freshman and sophomore cybersecurity curriculum with ABET, a national accreditation board, and the National Institute of Standards and Technology Standards. The CyberLearN partners include UA Little Rock, UA Pine Bluff, UA—Pulaski Technical College, UA Cossatot, UA Hope-Texarkana, UACC Batesville, and UACC Morrilton. The Forge Institute, the Arkansas Center for Data Sciences, and SmartResume are also collaborating on the initiative. CyberLearN will provide stackable certificates, which are a set of professional credentials that can be stacked into more advanced certificate and degree programs or may be earned by Arkansas workers wishing to upskill or reskill. With college tuition on the rise, stackable certificates are an innovative way for institutions of higher education to serve working students by providing them with distinct skill sets and manageable motivators on their way to a two-year or four-year degree.