Federal Agencies Stand to Gain From a Vocational Approach to Cybersecurity Education


We need to steer students away from assuming they need a four-year degree and toward the option of cybersecurity taught as a vocation.

The field of cybersecurity is constantly evolving, and so is the educational picture for its current and future workforce.

Security professionals join both government and private-sector jobs today via an educational hodgepodge of curricula, certifications and on-the-job training; and instruction models run the gamut from online to in-person coursework, from targeted workshops to multi-year programs. 

This all poses a problem for federal agencies, given that many higher echelons in the GS scale still require a minimum four-year degree. The requirement amounts to a disincentive for an entire swath of highly qualified professionals who may not necessarily pursue—or care about—such a traditional degree. So far, amid this complicated ecosystem for learning, there’s been no overwhelming consensus on what works best. 

It’s time for that to change in one major respect: When it comes to cybersecurity, we need to steer students away from assuming they need a four-year degree and toward the option of cybersecurity taught as a vocation. 

Four Year Programs Struggle with Agility

For a number of reasons, it’s increasingly clear that cybersecurity is something best learned in trade schools, internships and other apprenticeship-style settings. Everyone stands to gain from this approach, but especially the federal government. Let’s take a closer look at why this is the case.

It’s one thing to build bachelor's and graduate programs around disciplines like biology, English or engineering. It's also entirely appropriate to build a four-year degree around computer science and certain fields like data science and computational physics.  But things are different when it comes to cybersecurity.

In trying to stay ahead of rapidly growing digital threats, cybersecurity is essentially the tip of the computer science spear. It’s an environment that is at once ever-changing and mission-critical—defined by agile, continuous learning around the latest malware and cyber defenses. This constantly changing nature of cyber threats and mitigation strategies is simply too mercurial for many established four-year degree programs to keep up with. Curricula would have to be constantly updated, something made more difficult by the fact that full-time professors may not have the time, or clearances, to stay privy to the absolute latest trends and best practices.

Meanwhile, current federal employees hoping to sharpen their skills on the job struggle with continuous education elements in workforce pipeline initiatives—the National Security Agency’s Student Programs, for instance—that emphasize four-year degrees.

Clearly, we need better alternatives than traditional bachelor’s programs. But why is vocational training the best such alternative?

Vocational Training Aligns Best to Industry Needs ... and the Numbers

The power of the vocational or trade school approach to cybersecurity is not just that it’s suited to the nature of the work but also the numbers. This includes a talent gap nearing 3.5 million unfilled positions by 2020, and the salary math for practitioner-educators who may find it hard to reconcile top dollar cybersecurity income with modest salaries in full-time academia

Agile vocational programs get more workers into cybersecurity jobs sooner. And such programs can selectively tap seasoned practitioners—the kind who would never quit their day job to teach full time—for adjunct teaching engagements and mentorships. Furthermore, unlike full-time academic faculty, these working experts are much more likely to have current clearances that keep them on the front lines of cybersecurity, so they can better teach the latest threats and cyber defenses to the federal workforce.

Finally, one of the strongest arguments for structuring cybersecurity training around practical vocational skills is that the National Institute of Standards and Technology has been defining cybersecurity job duties with a very skills and role-based approach in its widely-modeled Cybersecurity Framework. Why wouldn’t we want to match our training to how the jobs today are structured? Indeed that already happening in the federal space: The United Services Military Apprenticeship Program is just one example of programs that skew heavily toward mentorships and on-the-job training. 

Ultimately, both federal agencies and the cybersecurity industry as a whole stand to gain from a more agile and expedited view of cybersecurity education. It’s a model that will serve our workforce—and our country—well. 

Ken Underhill is a master instructor for Cybrary.