The government should encourage more hands-on education and incident-based testing at the colleges and universities that help fill the pipeline of cyber talent.
Nearly 200 colleges and universities that offer degrees in computer science, electrical engineering and other fields have been certified by the National Security Agency as “centers of academic excellence” for their cybersecurity coursework.
But the Pentagon needs to do a better job tracking how many graduates of these NSA-vetted schools actually go on to work for Uncle Sam.
A separate scholarship program used to refresh the federal government’s ranks of cyber personnel should be opened up to state and local governments.
Those are two recommendations presented in a new report from the National Academy of Public Administration on the federal government’s role in cybersecurity education. Broadly, report recommends the encouragement of more hands-on education and incident-based training at the colleges and universities that help fill the pipeline of cyber talent for the federal government.
Tweaking the two programs would make it easier for college-age students to plot out career moves, according to Karen Evans, the former administrator of the White House Office of E-Government and Information Technology and a member of the report’s study team.
"There's a lot of confusion out there with the students,” said Evans, the national director of U.S. Cyber Challenge, during a Capitol Hill briefing Oct. 8 at which the report was unveiled.
Skeptics often say the government can’t attract top cyber talent.
“And that's not really true,” Evans said. “They are really jazzed by the mission. . . They just don't know how to traverse through the resources."
The study examined two longstanding programs operated by the government to boost the ranks of the cyber workforce.
One of those programs, run by NSA and the Department of Homeland, essentially gives select colleges and universities a “seal of approval” for their cybersecurity curriculum, deeming them National Centers of Academic Excellence in Information Assurance and Cyber Defense. The Pentagon launched the program in 1998 to highlight cybersecurity education and increase the number of students and faculty working in the field.
As of July, the program included 199 colleges and universities.
However, in recent years, the program has come under criticism for a perceived lack of “prestige,” according to a 2010 George Washington University study. Former officials say the program has languished in recent years, especially after funding for a DOD-specific scholarship program was defunded.
The report said policymakers should re-emphasize to Pentagon leadership “the importance of the CAE program for growing the federal cybersecurity workforce.”
Another program, the CyberCorps Scholarship for Service, since 2001 has offered scholarships to students studying computer science and other cyber fields as long as they commit to working for the federal government after graduation.
As of fiscal 2010, the most recent year for which data were available, 93 percent of students in the program found work with the feds. The report recommends expanding the scholarship down program down to the state and local level.
“We need to open the pipelines with academia, with industry, with the not-for-profit sector, with government,” said Jane Holl Lute, the CEO of the Center for Internet Security and former deputy DHS secretary. “We need to open the pipelines and give people opportunities in careers so that they can move agilely across these different sectors. There's no one who has the corner on the market on the need for cybersecurity talent.”
The report also recommended emphasizing more hands-on and scenario-based training in the curriculum of schools that participate in the federal government’s programs.
“Classroom (training) is really important, but hands-on learning -- to actually know what you learned and test it out, and try it and become confident in your ability to do it once you leave school -- is hugely important,” said Dave Wennergren, a former DOD executive and senior vice president for technology at the Professional Services Council trade group.
In addition, the report recommended mapping school curriculum to the seven key cyber skillsets devised by the National Initiative for Cybersecurity Education. That would help bring some much-needed standardization to the field.
“We wouldn't get on to an airplane without having some confidence that the pilot is actually capable of flying that plane under the vast majority of circumstances we're likely to encounter,” Lute said. “You wouldn't accept an operation from a doctor or any other professional service without having some confidence that they've demonstrated to somebody along the way that they have the skills to do what we're asking them to do. We need that here. We need to be able to hire, test and train to standards.”