Immediately after I successfully defended my dissertation for my Ph.D. in educational technology, I began to think about all the benefits that came along with that achievement. Aside from being regarded as an expert in my field, I relished the fact that my Ph.D. had earned me the right to be addressed as “Dr. Pruitt-Mentle” ...
That said, I didn’t spend much time resting on my laurels as I was back at work the following day hosting a “Cool Careers in Cybersecurity for Girls” conference for 150 young cyberwarriors-to-be.
And I loved every minute of it.
Pretty much my entire professional life has been dedicated to motivating and preparing students of all ages to pursue STEM (science, technology, engineering and math) careers. These days, as the lead for academic engagement for the National Initiative for Cybersecurity Education, or NICE, I am consumed with working to fulfill our #2 strategic goal: Nurturing a Diverse Learning Community.
I really enjoy my current position because it allows me to draw from my Ph.D. research on workforce development while also acquiring a new understanding of cybersecurity — the job requirements and breadth of opportunities available, and the various pathways one can take to work in the field. One of the things that I have learned, however, is that there is still no one-size-fits-all approach to filling the growing cybersecurity workforce gap. Instead, multiple strategies are needed. At NICE, we believe that an environment where “cybersecurity is everyone’s responsibility” is the foundation of building a knowledgeable and skilled cybersecurity workforce.
Growing that awareness is what National Cybersecurity Awareness Month is all about. To nurture such an environment, there are numerous resources, including Stop.Think.Connect and OnGuardOnline, StaySafeOnline, NetSmartz, iKeepSafe and Common Sense Media, that you can use to help build and spread greater awareness of cybersecurity among your family, friends, co-workers or employees.
But there are distinct differences among “cybersecurity awareness,” “cybersecurity best practices” and “cybersecurity career awareness.” While cybersecurity awareness is the foundation upon which a strong cybersecurity workforce must be built, it is only the first step toward realizing the full potential of our digital economy.
Cybersecurity is a GREAT Career Choice
Our growing dependence on the internet and interconnectedness with technology is not without its challenges. According to an Identity Theft Resource Center and CyberScout report, the number of data breaches in the U.S. tracked through June 30, 2017, hit a six-month record high. These events underscore a desperate need for a knowledgeable and skilled cybersecurity workforce.
Fulfilling that need, however, seems like an overwhelming challenge. The results from the eighth Global Information Security Workforce Study (GISWS) estimates that we will have 1.8 million unfilled cybersecurity jobs globally by 2022. Obviously, cybersecurity careers are a growing segment of the nation’s workforce needs and a great opportunity for both students choosing their future career and adults who are looking for a new career.
While the tech industry struggles to fill jobs with qualified candidates, a second quandary—and a potential solution to the looming shortfall—is how to diversify the cybersecurity workforce now and going forward. For example, the 2017 GISWS Women in Cybersecurity report states that women make up only 11 percent of the information security workforce, and the International Consortium of Minority Cybersecurity Professionals says that African-Americans comprise 7 percent of the cybersecurity industry and Hispanic-Americans only 5 percent.
Clearly, we can do better.
Increasing the STEM workforce has been a priority for the U.S. well before “STEM” became a buzzword. The National Commission on Excellence in Education’s 1983 report, A Nation at Risk, called for a new public commitment to excellence and education reform anchored in higher expectations for all students. This report served as a catalyst for reform and initiatives designed to improve education in mathematics, science, engineering and other technology-related subjects. We must have done something right, as there has been a rise in students seeking STEM degrees. The Higher Education Research Institute freshman survey indicates the percentage of students entering college who say they plan to major in a STEM field has slowly increased and is now hovering at around 31 percent.
But increasing interest in pursuing a STEM degree is only one piece of the workforce puzzle. A National Academy of Sciences report shows that, on average, a little more than half of all STEM undergraduate majors switch to a non-STEM major within the first two years. Research into why students leave the STEM track points to uninspiring content and poor teaching of introductory courses, difficulty with the math required in introductory STEM courses, and an unwelcoming atmosphere from faculty who teach these courses.
Moreover, more than half of those who do graduate with a STEM degree end up not working in STEM occupations. This is because employers know that a STEM education brings with it knowledge, skills and abilities (KSAs) that qualify graduates for a wide range of possible career paths, from research and development to construction, transportation, health care and hospitality.
Thus, increasing the STEM workforce is not just about increasing the number of bachelor’s and advanced degree earners, it’s also about guiding people to, and keeping people in STEM-related careers, as well as improving the way STEM is taught. For those already in the workforce or who are looking for work, seeking associate’s degrees, professional certificates or job training in STEM-related subjects are great ways to get a new job or advance in the one they already have.
One of the ways we’re supporting these goals is through NIST Special Publication 800-181. Also known as the NICE Cybersecurity Workforce Framework, or simply the NICE Framework, the publication is a nationally focused resource that categorizes and describes the different kinds of cybersecurity work done today. It establishes a taxonomy and common vocabulary that educators and employers can use to describe cybersecurity work, irrespective of where or for whom the work is performed. We think that establishing this kind of clarity in terms will help students and others interested in pursuing a cybersecurity career to understand all their options and pursue the right one for them.
There’s also the Cyberseek Jobs Heat Map. Developed by CompTIA and Burning Glass through a grant provided by NIST, the interactive map provides data to help employers, job seekers, policy makers, training providers and guidance counselors meet today’s increasing demand. The map shows cybersecurity career pathways that map opportunities for advancement in the field as well.
In addition to these resources, we have two events coming up in the next couple of months. The annual NICE Conference and Expo will take place Nov. 7 and 8, 2017, in Dayton, Ohio. The event will showcase the work of our community, seek to broaden our audience and impact, and provide a forum for supporters of NICE to get to know one another.
The National K-12 Cybersecurity Education Conference, taking place Dec. 4 and 5, 2017, in Nashville, Tennessee, is an opportunity to increase cybersecurity career awareness among the K-12 community, encourage the inclusion of cybersecurity concepts across the curriculum, and advance teacher professional development.
Besides meetings and conferences, NICE has several other means for building community at the national level. For instance, the NICE Working Group develops concepts, designs strategies and pursues actions that advance cybersecurity education, training and workforce development.
We also publish the quarterly NICE eNewsletter, which, in addition to providing information on our activities, also includes original articles written by members of our community. A monthly webinar series features presentations by experts from our community on new innovations or strategic developments.
And last, but not least, I’m proud to announce that we will be celebrating the first annual National Cybersecurity Career Awareness Week (NCCAW) this November. Held from Nov. 13-18, the week-long campaign will focus on increasing awareness about careers in cybersecurity and building a national cybersecurity workforce as a means of enhancing national security and promoting economic prosperity. We encourage you to visit the NCCAW website to learn more about how you can promote cybersecurity awareness and even pursue a rewarding career in cybersecurity.
The Nation Wants You to Consider a Career in Cybersecurity
Getting more Americans interested in and qualified for cybersecurity-related jobs will require attention to not only growing the traditional pipeline, but also targeting segments of the population that are often overlooked in workforce development discussions: incumbent workers who need upskilling or reskilling, dislocated workers who are trying to find new jobs, and individuals from groups traditionally underrepresented in cybersecurity/STEM fields.
The NICE program has an important role to play in this arena. But creating and maintaining a highly qualified workforce will require a rigorous and multifaceted approach. No single sector of society can respond adequately in isolation from others. Collaboration within and across different levels of government and among government, educational institutions and businesses is needed to strengthen career pathways for students and job seekers. Likewise, no single area of study should be used to supply cybersecurity workers. Drawing from evidence-based best practices from other disciplines, we see that pulling from multiple areas will help us address the shortage of skilled cybersecurity professionals more quickly.
If you are inspired and want to get involved, we invite you to visit our website or email us. There’s a lot of work to be done to fill the growing number of critical cybersecurity jobs. Although we are making progress and experiencing successes, there is much more work to be done, and we invite you to join us in the effort.
Dr. Davina Pruitt-Mentle serves as the Lead for Academic Engagement of the National Initiative for Cybersecurity Education at NIST. Prior to joining NICE, she was a senior researcher and policy analyst for Educational Technology Policy, Research and Outreach, served as a principal investigator for the National Cyberwatch Center, and held a faculty position within the College of Education at the University of Maryland, College Park. She has spent more than 20 years conducting research on student and educator cyber awareness and developing programs to help increase the cybersecurity.