Cybersecurity is one of the foremost concerns in our world today. However, this reality is juxtaposed with a deficit in cybersecurity education. To meet the workforce demands of the modern era in a world that increasingly values and requires cybersecurity expertise, we must make cybersecurity education a priority for K-12 students and a responsibility for the private and public sectors.
Defining the Challenge
Let’s start with a deep dive into the severity of the current shortage of cybersecurity professionals. We’ll also touch on where cybersecurity education stands today, how our approach to this education factors into that shortage, the role of cybersecurity professionals in our world, and the biggest cybersecurity challenges at this moment. Learn more about how cybersecurity education can transform the world.
How Serious Is the Shortage?
The shortage of cybersecurity workers poses a significant threat to our nation. It jeopardizes the safety and security of all Americans. Cybersecurity Ventures predicts a global shortage of 3.5 million cybersecurity professionals by 2021 — 300,000 of those in the U.S. alone.
What threat does this shortfall pose? Businesses and government agencies are vulnerable to data breaches, which can potentially cost hundreds of millions of dollars and impact millions of lives. When thinking about the increasingly widespread use of cloud-based and mobile computing and the Internet of Things, or IoT, it only makes sense that a lack of cybersecurity professionals puts our assets and information at risk of cyberattacks.
To prevent cyberattacks — which have increased globally as more people use online technology in their everyday lives — and protect information and assets, the cybersecurity industry needs trained people with the skills and understanding necessary to fill the gap.
Cybersecurity Education Today
Cybersecurity professionals can’t exist without quality cybersecurity education in their early years. Unfortunately, that education isn’t happening. One global study showed that only 23% of respondents believe education is properly preparing students to go into the field of cybersecurity.
But studies have shown that early engagement with cybersecurity education makes it more likely students will continue to pursue it with genuine interest through middle and high school. Students whose STEM education bridges between elementary school and beyond are more likely to major in STEM courses such as cybersecurity, engineering, or computer science when they attend college or tech school.
But what causes this gap in cybersecurity education? One reason is that strict budgets prevent many schools from investing in cybersecurity like they might want to. There is also a lack of relevant teacher training — and a lack of qualified cybersecurity teachers. Those same teachers are hesitant to apply technology in the classroom to educate students about cybersecurity, and this trend is only worsened by inadequate funding.
Cybersecurity should be embedded in all aspects of our education system. Just as math is part of science, engineering, and even art, and English is part of every course in school, cybersecurity can be integrated into curriculums to prevent the cybersecurity skills gap from growing.
The Biggest Challenges in Cybersecurity
A lack of training presents one of the most significant obstacles to closing the gap in the cybersecurity workforce. Part of this stems from inadequate funding, but it also goes back to a general lack of understanding of what it takes to give students a quality cybersecurity education.
In many schools, cybersecurity courses are electives. Most students go through K-12 without ever taking a single course in cybersecurity. Cybersecurity is often lumped together with other electives — such as music and art — but it should be a common core.
The internet is no longer novel; it’s part of almost everything we do. Just as every student has to take English, math, and history because they will need that knowledge in the future, they also should have to learn about cybersecurity. Arguably, it’s even more applicable, as it’s something we’ll use every day for the rest of our lives.
The challenge now is for schools to rethink their approach to teaching cybersecurity. Equally, it’s time for industry leaders to step up and take an active role in cybersecurity training to help increase the number of professionals entering the sector.
Understanding the Workforce
Who works in cybersecurity? What qualities does the average cybersecurity professional possess? We’re going to discuss why the stereotype of the typical coder or gamer is false, what the consequences are of not having enough cybersecurity professionals, and the problems that arise when we fail to change our mindset about these professionals in the first place.
The Roles of Cybersecurity Professionals
The cybersecurity skills gap is real. There are numerous unfilled cybersecurity jobs in both the public and private sectors — but especially in the former. Why is there a shortage of cybersecurity professionals in government agencies? Because civilian industries can offer employees far more pay. According to the Bureau of Labor Statistics, cybersecurity professionals in the public sector make nearly 27% less than their counterparts at private companies.
Government agencies are at the forefront of our cyber defense, so they have a critical need for expert workers. Many skills are needed for a cybersecurity expert, and many roles are important to cybersecurity work. Engineers, consultants, and analysts are all crucial parts of a well-built cyber defense workforce. Whether these workers are security software developers, malware analysts, or IT engineers, they all play a major role in protecting cyber assets.
Moving Beyond the ‘Typical Coder’
Many people think of the “typical coder” when they think of cybersecurity jobs and computer science. This notion of a reclusive coder in a hoodie is so pervasive that it clouds our vision about what the world of cybersecurity. It’s also a stereotype that can be combatted by taking a new approach to teaching cybersecurity.
By moving beyond the traditional way of teaching and switching to a more project-based approach, educators can challenge students to solve real problems that exist in their communities and the world at large. This tactic ensures learning is purposeful and engaging. It also gives students hands-on experience solving real-life problems and working as part of a team.
Cybersecurity is a field that welcomes people from diverse, nontraditional backgrounds who are curious and ready to learn. Whether it’s through a boot camp, community college, or degree program, cybersecurity training allows a wide array of people to become highly trained professionals.
The Consequences of a Shortage of Skilled Workers
The shortage of cybersecurity workers has serious consequences for companies in the U.S. Instead of recruiting cybersecurity professionals in the U.S., many companies are hiring outsourced workers from foreign nations. This is unacceptable. We have the necessary knowledge and resources to produce excellent cybersecurity professionals. This lack of skilled local cybersecurity professionals also means companies can’t effectively protect themselves from increasingly skilled hackers.
To combat this shortage, companies should create cybersecurity partnerships with educational institutions. This might involve forming or expanding internship and apprenticeship programs that invite students to experience cybersecurity and different cultures on-site while learning cybersecurity skills in real time.
Further, workers who teach students these skills on the job should have half of their salaries paid by school districts and the other half paid by their employers. This will save schools money by not having to hire a full-time teacher, and it will save companies money by having a portion of their employees’ salaries paid by schools. The result? An army of trained cyber professionals who are ready to work in the real world.
The Problem of Failing to Change Mindsets
There is massive attrition among cybersecurity workers as a result of the shortage of skilled professionals. This drives up salaries and leaves companies rushing to find professionals who can add value to their teams, even though some of them may not actually possess the skills to match their requested pay.
Numerous factors are influencing this high rate of attrition, but burnout and stress play big roles. Keeping up with constantly evolving security needs and data privacy responsibilities can cause employees to feel burned out. They have to learn and adapt as they go, carrying the bulk of the burden because companies don’t have enough professional help.
In the long term, the shortage of cybersecurity professionals will put companies in a compromised position. A failure to secure the people they need to build, maintain, and protect the data they’re responsible for will eventually have severe consequences.
Creating a Cybersecurity Course Syllabus
Now that we know more about the cybersecurity workforce and how it needs to be strengthened, let’s discuss the current state of cybersecurity education and how that directly impacts and contributes to the existing skills gap
The majority of K-12 schools lack any sort of cybersecurity lesson plans. Here are a few ways to help build a much-needed cybersecurity curriculum.
Why Schools Lack Cybersecurity Education
There is no teaching certification for cybersecurity. Cybersecurity teachers might have STEM licenses, but they don’t usually have any formal training in cybersecurity. As a result, many educators are reluctant to teach these courses. Couple that with the fact that most trained cybersecurity professionals aren’t willing to take a pay cut to work as a teacher, and the result is an inability to make cybersecurity a core part of education.
Most colleges didn’t offer cybersecurity degrees until recent years, which means many educational institutions are still coming to understand the importance of cybersecurity and how it should fit into their curriculum. Only one of the top 36 computer science programs at colleges around the country requires a cybersecurity course, so it’s easy to see why graduates aren’t prepared to work as cybersecurity professionals — even after years in higher education.
When to Start Cybersecurity Education
We live in a world where children use computers long before they begin school. For that reason, cybersecurity education should begin the moment their schooling does. To survive in a world powered by computers, all people need to be cyber literate. To achieve this goal, schools must offer instruction on cybersecurity literacy from a young age.
Cybersecurity literacy starts with basic online safety skills, but it should also emphasize why it’s so important to protect information. These lessons should start as early as preschool, and this information should be reinforced throughout students’ time in grades K-12. By teaching cyber literacy as soon as children start using computers, we can create a more cyber-secure world.
The Resources Cybersecurity Educators Need
There is no shortage of cybersecurity learning resources. From free online courses offered by colleges to organizations like ours that offer cybersecurity classes and certifications, an array of resources exist to help people gain more knowledge about cybersecurity without a formal classroom setting.
That said, in-person classes do offer some advantages. Students in these environments can get constructive feedback and work in groups, giving them a level of collaboration and support they might not get working alone.
Students have access to plentiful cybersecurity learning resources, but educators can also tap into these resources. They can use the CyberPatriot website, for example, to build a cybersecurity curriculum and syllabus. Public libraries offer study books — helping students and teachers save money — and there is an abundance of material available for both beginner and high-level classes.
A Recommended Cybersecurity Education Path
In elementary school, students should take classes introducing them to cyber safety and malware, phishing, password protection, and personal information protection.
As they move into middle school, their courses should be year-round and dive more deeply into computers. For example, these courses might include Introduction to PC Applications, PLTW Computer Science Essentials, and Intro to Coding.
Finally, high school students can build their expertise with classes like Cybersecurity I and II, Computer Science Foundations, and work-based learning programs.
Building Career Pathways
To wrap things up, let’s look at how to create paths to new careers, what cybersecurity resources are available for students and educators, and what the future looks like for cyber-educated students.
Read more: Laying the Groundwork for Career Pathways in Cybersecurity.
How Cybersecurity Education Creates Infrastructure for New Careers
Making cybersecurity a core part of our education system requires a bridge in education from elementary to middle to high school. At each level, the bridge should connect the cybersecurity skills students develop to the skills they’ll learn in the future — and those they’ve learned in the past. Continuity is key, and cybersecurity education is no exception.
How can schools and educators achieve this coordination? They should start with data. Using K-12 education data to build curriculums for cybersecurity will show schools what works and what needs improvement.
This process will be dynamic, and changes will likely be necessary as time goes on. But when schools coordinate at all levels, they ensure the system develops an enduring infrastructure and creates a large pool of skilled students who go on to pursue cybersecurity careers.
The Need for Adequate Resources in Our Education Infrastructure
Addressing the cybersecurity skills shortage will require government institutions, local colleges, and private companies to come together and build programs like internships, summer camps, competitions, and educational gaming programs. These are only a few of the numerous activities that can help recruit students to cybersecurity career paths.
If schools don’t have the necessary resources to prepare students for cybersecurity education and training, we will struggle to address the severe shortage of cybersecurity professionals. Businesses that lack the adequate number of cybersecurity workers are falling behind in providing enough cybersecurity training, failing to use security tools as effectively as they could, and lacking in security oversight — all of which put their organizations at risk.
Without a sufficient number of cybersecurity professionals, our national cybersecurity infrastructure will suffer. Ultimately, our defenses against outside threats will be significantly weaker.
The Promising Future of Cybersecurity Jobs
Seemingly endless paths exist for graduates interested in filling the cybersecurity skills gap. High school graduates with a good foundation in cybersecurity training have the ability to go to college and pursue degrees in cybersecurity or computer science, both of which ensure a high probability of finding a job and entering the workforce.
But that’s not the only way to make a difference. For students who didn’t receive a strong cybersecurity education, certifications and experience training still offer a way to become cybersecurity professionals. At some point in their careers, however, they will probably want to get applicable degrees to give them a better chance of excelling in the workforce.
As threats to cybersecurity become a higher priority, careers in cybersecurity become more important and offer better compensation. Students interested in pursuing these careers will find the most success when they start learning about cybersecurity tools, threats, and advancements from the beginning of their learning years.
The best way to close the cybersecurity skills gap and end the shortage of cybersecurity professionals is through comprehensive collaboration between cybersecurity companies and educational institutions. These partnerships will prepare students for the workforce, combat the current lack of resources and teachers, and make cybersecurity courses a critical part of our education system. When we commit to making cybersecurity education a priority, we commit to building a secure future for generations to come.