By Marian Merritt, Lead for Industry Engagement, National Initiative for Cybersecurity Education, National Institute of Standards and Technology, U.S. Department of Commerce
When Khabran Peters, a former member of the Army National Guard was researching his training options to transition into the secure software development field, he discovered the Community Initiative Center of Excellence for Secure Software (CICESS), the first registered cybersecurity apprenticeship program in the United States.
CICESS was created by founder Girish Seshagiri out of his own difficulty in finding trained secure software developers for his engineering firm. The Peoria, Illinois-based program launched in 2015 after Seshagiri formed a coalition of like-minded employers and partnered with Illinois Central College and Carnegie Mellon University/Software Engineering Institute to develop a curriculum for the program.
Peters successfully applied for and completed the program. “As a secure software development apprentice, I learned a disciplined approach to implement quality and security throughout the software development lifecycle,” said Peters. He also praised the program’s “hands-on learning environment” and its one-to-one mentoring.
When someone hears the word “apprentice,” they might naturally first think of skilled tradespeople like electricians and welders. The apprentice method of combining education with on-the-job training to enable people to enter skilled professions has been used for generations in the United States with great success. Yet, for most of us, when we think of a high demand and high-tech field like cybersecurity we do not always consider apprenticeships as a potential career path.
But high-tech apprentice programs like CICESS work just as well as those for highly skilled tradespeople, while also enhancing the nation’s cybersecurity infrastructure. An apprenticeship is like an on-ramp to becoming a fully qualified cybersecurity professional. Without it, an aspiring student may never reach his or her goals.
The cybersecurity field is suffering from a severe shortage in talent, with an estimated 285,681 job openings today according to CyberSeek – an interactive cybersecurity jobs heat map funded by the National Institute of Standards and Technology (NIST) at the U.S. Department of Commerce. The National Initiative for Cybersecurity Education (NICE), led by NIST, is strategically focused to convene a national effort to address this shortage for both the public and private sectors. One strategic goal of NICE is to Accelerate Learning and Skills Development. Apprenticeships in cybersecurity are a welcome approach to help more people gain the knowledge and hands-on skills needed to be successful in cybersecurity roles, even without a formal college or university education.
In May 2017, President Trump signed an Executive Order (EO) “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” On the topic of Workforce Development, the EO included the recommendation to “Assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education.” And in June, the President issued an apprenticeship-specific EO, “Expanding Apprenticeships in America” and included the naming of a special Task Force on Apprenticeship Expansion to explore different options on how this could be accomplished. Cybersecurity was a sector mentioned in the EO for apprenticeship expansion.
The U.S. Department of Labor’s (DOL) Office of Apprenticeship offers information and guidance to those wishing to build an apprenticeship program. The elements of a quality apprenticeship program include business involvement, structured on-the-job training combined with related technical instruction, rewards for skill gains, and upon completion, a DOL National Occupational Credential. This industry-recognized credential is a guarantee to employers that apprentices are fully qualified for the job.
Apprenticeship programs can be customized to meet the needs of the business and the skills of the apprentices. There is flexibility in program design as well as in the training model. The length the program can vary and is driven by industry needs.
Apprentice programs work – not only because they help employers find exactly the trained talent they need but because they help people quickly enter a field, without college debt or an exhausting job search. Apprentices tend to be loyal workers because their employers have invested in them both on the job and through educational assistance to help advance their careers. This has shown to reduce employee turnover rates and increase morale. A 2016 U.S. Department of Commerce report, “The Benefits and Costs of Apprenticeships: A Business Perspective,” captures the employer perspective on the value of the apprenticeship model.
NICE has been diligently working to help drive awareness of cybersecurity apprenticeship programs and encourage experimentation. They held a webinar on the topic during November 2016 for National Apprenticeship Week. A year later, the topic was included in a webinar on entry-level pathways for cybersecurity. NICE produced a one-page document to help people learn more about cybersecurity apprenticeships. At the annual NICE conference in November 2017, a half-day workshop was held to help interested parties learn how to start a cybersecurity apprenticeship program. As of today, there are over ten such programs operating around the country, with many more groups in active discussion to launch their own.
To learn more about cybersecurity apprenticeships and if it’s right for your company, please visit the U.S. Department of Labor’s Office of Apprenticeship www.dol.gov/apprenticeship or by email firstname.lastname@example.org; or contact Marian Merritt, NICE’s lead for industry engagement at email@example.com.