Cyber Work podcast: Fast-tracking the next-gen cybersecurity workforce with Vic Malloy
It’s no secret that the cybersecurity workforce gap continues to grow around the world. According to a study by IT security industry leader (ISC)², the current US workforce shortage is nearly 500,000 positions. To meet the demands of businesses today, the cybersecurity profession needs to grow 62%. Those striking numbers leave many industry experts wondering where to find the next generation of cybersecurity good guys.
Fortunately, educators, governments and numerous organizations are all taking steps to confront the challenge. Many support the idea that one way to confront the cybersecurity workforce shortage is to begin building IT interest during earlier stages of school.
In Infosec’s podcast “Preparing the next generation of cybersecurity professionals,” Victor “Vic” Malloy, the general manager of the CyberTexas Foundation, shares the organization’s success story in getting people of all ages interested in cybersecurity and developing the next generation of the workforce.
In years past, if you asked elementary school students what they wanted to be when they grew up, you would probably hear occupations such as doctor, firefighter and teacher. But many of today’s six-to-11-year-olds have extraordinary access to computers and IT. These digital natives can be the world’s best hope for addressing the cybersecurity workforce and skills gap. What can organizations and educators do to build interest in cybersecurity careers at an earlier age?
From humble beginnings to impactful organization in five years
The CyberTexas Foundation was formally established in 2015. It followed the lead of a group of retired and active-duty military civilians and senior officers who wanted to expand on the success of the Air Force Association’s popular CyberPatriot security competition program. They organized a competition to secure an operating system among ROTC programs in 12 Florida schools.
CyberTexas and other organizations with similar missions quickly built on those humble beginnings and over 8,000 teams participated in competitions globally last year. Based in the cybersecurity hot spot of San Antonio, CyberTexas’ mission is to advance cybersecurity through education, workforce development and preparedness. San Antonio is second in the nation for cybersecurity jobs, with almost 1,000 IT businesses and generating an annual economic impact of $12 billion.
Today, the organization is inspiring high-school-age and younger students and fast tracking them into cybersecurity career paths, with a wide variety of programs and significant help and support from area education institutions, business leaders and organizations.
“In its infancy, our program was focused on the basics of system administration, creating user accounts and looking at permissions,” said Malloy. “Over the years, CyberPatriot matured and started introducing networks, looking at firewalls, looking at traffic and doing PCAP analysis. This year we had several students pursue and attain their Cisco Security Network Certification, all before graduating high school.”
Managing the talent pipeline from “K through gray”
In building a successful workforce development program, Malloy cites what he calls the talent pipeline management process, which usually begins in middle school and in some cases, even in elementary school. Security concepts are introduced at age-appropriate levels to build interest and span ages from kindergarten to the elderly — what he calls “K through gray.”
As an example, beginning in elementary school there is a free, downloadable program available from CyberPatriot that goes into a packet tracing game. A six-year-old child can play a game where they watch their packet traverse through different systems, routers, devices and firewalls. It’s the foundation of putting together a wide area network.
As students progress to middle school, they can learn about Windows operating systems and the actions needed for system administration and looking at server logs, system logs, prohibited files and media. They begin to learn what they need to become an information security professional.
Coaches and mentors to build the village
Doing the work to earn a Network+ or Security+ certification can be an intimidating experience, even for experienced professionals looking to make a jump into a cybersecurity role from another profession. Malloy finds building a large pool of coaches and mentors mandatory — both technical and non-technical — to help guide people of all ages into the field.
“As graybeards, it’s my generation’s responsibility to extend a hand to the digital natives to help them navigate through this space, because the same lessons that we learned growing up apply to this generation,” Malloy said. “Many of them feel they have anonymity online and they are immune to the dangers of oversharing. As digital immigrants, we can share our lessons learned in our culture and our caution as they expand their wings and build the bridge between the K through gray.”
The hand in the glove
A big part of the joy Malloy receives working with the CyberTexas Foundation is its strong emphasis of matching the practical competencies alongside the certifications. He’s witnessed employers interviewing for an entry-level position, and those young professionals who have been part of the program are simply miles ahead of those lacking the experience. CyberTexas and CyberPatriot members can show potential employers they’ve actually worked through a DDoS attack on a team with diverse talents and backgrounds, who overcame obstacles, mitigated the problem and built a solution based on industry standards. Those skills are invaluable to employers and adding the certifications provides the full package.
“I view certifications as the glove and competency is the hand that fits in the glove,” said Malloy. “You aren’t as effective if you have one without the other. And they need to understand the sky’s the limit for good jobs and good careers in cybersecurity.”
Malloy’s not kidding. The Bureau of Labor Statistics reports cybersecurity as one of the top 20 fastest-growing fields in the US. According to the National Initiative for Cybersecurity Careers and Studies (NICCS), after four years of college, today’s cyber pro earns an average starting salary of $116,000. That compares to $120,000 for a starting lawyer and $61,000 for an entry-level business role.
Recognize the current opportunities for change by embracing diversity
Malloy embraces a philosophy of actively reaching out and leaving no stone unturned while seeking the next cyber pro. First and foremost, he recommends simply meeting the people where they are. For example, look for students in communities where the digital divide is impacting the underserved. Go to the community and its leaders on social media platforms to start conversations about their challenges. Talk to essential workers, Uber drivers, postal workers and grocery store employees and ask what their kids are studying. Start a conversation and learn about their interests.
Malloy says not every kid is going to be a surgeon or a nurse or a teacher. Not every kid is going to be a database administrator.
“But just have the conversation and encourage them if this is an area of study they want to pursue,” Malloy said. “And target in a positive way. ‘Hey, look. We want you as a Hispanic young man, a young Latina or African American to come and find out about cybersecurity. We can guide you through the courses of the study available to you. We’ll get mentors for you. We’ll get tutors for you. We’ll get resources for you.’”
What is the key to CyberTexas’ success?
Here are Malloy’s tips for building a Texas-size program sure to build interest in cybersecurity careers for people of all ages:
- Define your talent pipeline management process
- Build a village of committed and enthusiastic coaches and mentors
- Build the skills and urge the pursuit of certifications
- Meet the students where they are in life. Embrace diversity. Learn their interests. Encourage their interest in cybersecurity and making the world a better, safer place
Help is there — all you have to do is reach out
Malloy points to this time as one of unprecedented opportunities for both those mildly curious and others ready to jump into a cybersecurity career path with both feet. He challenges all those digital immigrants and natives to take the leap of faith and know there’s somebody with Infosec, CyberTexas Foundation or any of the thousands of information security professionals to guide you and hold your hand so that you become a success.
If you’d like to see the whole episode and hear all of Vic Malloy’s answers, you can find the entire episode at our YouTube channel.