Seemingly every day a new data breach is reported, a new cybercrime effort is launched, fraud and extortion attempts are made, and organizations are attacked from threat actors from script kiddies to nation-states. The FBI has done a remarkable job of working with other government partners, international agencies, and tremendous security professionals from the private sector to counter the persistent challenge of cybercrime. But the Bureau and most American companies don’t have enough resources today to do what is needed, and that resource gap is not anticipated to be closed anytime soon. That reality poses a serious threat to our national security and needs to be addressed.
Everyone involved in security is well aware of this. But identifying threats only gets us so far. We need to take action to mitigate those threats and the abundant risks they pose. One way to potentially close that gap is to incentivize our youth (or their parents) to pursue careers in information security and to serve a period of time in law enforcement to counter this enduring threat. A way to do that could be through a public-private partnership to award scholarships and develop career paths in information security akin to the Reserve Officer Training Corps (ROTC) programs.
- The United States has an identified challenge in developing enough security talent to keep up with our ever-increasingly connected world.
- The private sector has an identified cybersecurity skills gap that poses serious challenges for the future.
- Many parents and children today have a challenge in being able to pay for a college education.
- The opportunity to earn a useful degree, develop important skills, and serve one’s nation is a win for all involved.
- The time has come for a program to provide scholarship opportunities to recruit, train, and develop the cybercrime fighters of the future.
- The program should be government-supported but could be (should be) conducted in partnership with industry.
“The nonprofit group ISACA predicts that by 2019, there will be a global shortage of 2 million cybersecurity experts. That is a skills gap crisis of epic proportions, and few organizations or companies have any clue what to do about it,” wrote Brian Ahern, @brian_ahern26, in Venture Beat on Sept. 16.
“As hackers ramp up attacks with increasingly sophisticated methods and tools that are readily available for purchase on the dark web, the ‘white hats’ need all the help they can get. According to recent estimates, there will be as many as 3.5 million unfilled positions in the industry by 2021,” Brian NeSmith wrote in Forbes on Aug. 9.
One of the challenges we often hear about is the “cybersecurity skills gap” – a shortage of enough capable individuals to properly secure and protect the devices and equipment, networks and critical infrastructure we increasingly use and depend upon. While there are actions organizations can try to take now to address the issue in the near-term, there also needs to be a longer-term strategy to ensure enough skilled personnel will be available in the future (or, maybe we just turn things over to SkyNet…). A number of ideas have been proposed to address this long-term need, including recent articles similar to what is suggested below:
- “Building a cyber ROTC” by Michèle A. Flournoy (@micheleflournoy) and Amy Schafer in the Boston Globe, July 13, 2017
- “Training Future Cyber Officers: An Analysis of the US Army ROTC’s Efforts to Produce Quality Junior Cyber Officers” by Andrew Schoka in Small Wars Journal (@smallwars)
- “Three Ideas for Solving the Cybersecurity Skills Gap” by Janaki Chadha (@JanakiChadha) in the Wall Street Journal, Sept. 18
Jump back to Northern Virginia and the early ’90s with me. The days of good grunge and East Coast-West Coast rap rivalries, Sonic vs. Mario, 21 Jump Street was just wrapping up and Seinfeld was still getting popular, Jurassic Park was a movie – not an endless series – and this post’s author remembers sitting at his kitchen table wide-eyed scanning through the persistent flood of college information flyers I would find in my mailbox. Sitting across the kitchen table from my mother one afternoon, holding one such mailer – for East Carolina or Elon, if I recall – I remember my mother informing me that the dollars and cents weren’t there for me to go away to school. My parents, who somehow never left me wanting growing up despite considerable adversity, were not able to afford to send me away to college. It was said rather bluntly and received very matter-of-factly, and from there, I applied to, was accepted at, and later attended George Mason University (GMU).
As I began my second semester at GMU, I became involved in the Army Reserve Officer Training Corps (ROTC) program. After heeding my father’s plea and not enlisting in the Marines after high school, I still had a brain inspired by reading books on the Korean and Vietnam wars and the adventures of Army Rangers and wanted to see if maybe I could go to college and still get to be a soldier for a little while. Turned out I could, and the Army would even consider paying for my education. Completing the application process and doing well in school and in ROTC, sometime before starting my junior year I was awarded a two-year scholarship paying for the rest of college (and all I had to do was serve four years on active duty, which I already wanted to do – suckers!). It meant a lot to me to help alleviate the burden of college tuition from my parents’ shoulders, and it was with great pride and enthusiasm that this immigrant looked forward to serving his adopted country – one I knew I loved then and still love today. I finished college, I served over a nine-year period, and thank the Army for all it did to help, shape, and develop me – despite some great frustrations and banged-up parts here and there.
“Whether you agree the industry is facing a severe predicament or not, getting children interested in security is critical,” Mark Stone wrote for IBM Security Intelligence on May 22.
2018. The military is great, but it’s not for every kid, and it’s not necessarily for every parent. But, as the father of two soon-to-be-college students, I can appreciate the joyful excitement my wife and I now have at the thought of paying for college – and it occurs to me how much I would love to be able to tell my sons about the Federal Bureau of Investigation scholarship program! Complete your college degree, for free, earn an acceptable degree while also completing some FBI-mandated training programs, complete your follow-on training, and serve four years helping the Bureau fight cybercrime. From there, your debt is paid, and you can continue to serve or go seek fame and fortune in the private sector. It’s an awesome opportunity for kids, parents, the FBI and American industry! But, there is a slight problem: The program doesn’t exist.
I think it is time that it did.
Addressing the skills gap now…
- John Oltsik offers some ideas to address this gap in the near-term here: Research suggests cybersecurity skills shortage is getting worse, CSO Online, Jan. 11
- Brian Ahern offers shares additional ideas here: How to solve your cybersecurity skills shortage, Venture Beat, Sept. 16
And there is more potential goodness in this idea! A real challenge many veterans face is the transition to the civilian workforce and translating military experience and skills into useful and fulfilling employment. That’s a real issue and one we still need to do better in addressing. Graduates of the proposed FBI scholarship program wouldn’t face that challenge. In fact, I’d bet they’d be very appealing candidates to many companies and, after serving the obligatory period, many graduates of the program would likely find abundant opportunities from all corners for their skills and experience. Reasonably, many graduates would probably take those opportunities, thanking the FBI for its time and contribution and moving on to new excitement and new challenges.
As such, I think Congress could very possibly work with some of America’s biggest and best companies to help fund such a program, one that would certainly be of benefit to both the government and industry, both while the graduates are serving in the FBI and after many transition to civilian employment. I’m confident many of our technology companies, our security companies, and our technology-based industries would be willing to reinvest in America and help support the development of tomorrow’s information security champions, both with funding and program design and perhaps further in establishing transition programs to bring on program graduates into their organizations.
How great would a public-private partnership be to develop and fund an ROTC-like program for the FBI to help recruit, train, and cultivate the cybercrime fighters of the future?! This part of the information security workforce pipeline can start being built now and can be one component of building the nation’s long-term cybersecurity skills and the workforce of the future. Simple idea: one I think it’s time for our nation – and our greatest companies – to invest in. And if possible, maybe before my sons start college.
The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email [email protected] Our editorial guidelines can be found here.