WASHINGTON — The United States will remain vulnerable to cyberattacks unless the nation’s education system is better aligned to produce greater numbers of cybersecurity professionals, a leading industry expert testified Tuesday at a Congressional hearing.
“Simply put, cybersecurity professionals are not produced by the education system in the United States in the quantities or the correct soft skills that are needed,” said David Jarvis, chief information officer at the IBM Institute for Business Value.
“The education system is not aligned to produce a workforce that can defend us from today’s cybersecurity threats,” Jarvis said.
Rep. Brett Guthrie, R-Ky., noted that a recent study by Intel Security and the Center for Strategic and International Studies (CSIS), found that more than 209,000 cybersecurity jobs in the U.S. are unfilled, and job postings in the field are up 74 percent over the past five years.
And the demand for cybersecurity professionals is expected to grow to over 1.8 million by 2022, Guthrie said.
Jarvis said while estimates vary on the size of the skills gap in cybersecurity and how long it may take to close, that the “bigger point is unless we better realign our education system with the core attributes needed in cybersecurity, the nation will continue to be at risk.”
Jarvis made his remarks on Capitol Hill Tuesday during a joint hearing of the House subcommittee on cybersecurity and infrastructure protection, and the subcommittee on higher education and workforce development. The hearing was meant to explore public-private solutions to producing a cyber workforce.
Themes that emerged at the hearing ranged from the need for more apprenticeships and on-the-job training to the benefits of tapping greater swaths of talent from among America’s racial and ethnic minorities, women and veterans.
Jarvis touted IBM’s P-TECH dual enrollment model as one way to get more students prepared to work in cybersecurity. The model gives high school students a chance to earn an associate’s degree while still in high school, pairs them with mentors from a career field — cybersecurity in the case of one Baltimore high school — and top consideration for jobs at IBM.
Scott Ralls, president at Northern Virginia Community College, or NOVA, said one of the fastest growing segments of community college enrollment is dual enrollment students. Ralls said there needs to be a more seamless pathway from high school to community colleges and universities.
Jarvis and other speakers cautioned that four-year degrees are not necessary for all cybersecurity jobs.
“Do all security hires really need four-year university degrees?” Jarvis asked in written testimony submitted at the hearing. “Do not miss a potential star by imposing arbitrary degree requirements before job candidates get a chance to prove themselves — realize that skills and experience can come from a variety of places.”
Dr. Stephen A. Cambone, recently appointed associate vice chancellor for cyber security initiatives at Texas A&M University System, said while the system’s flagship university, Texas A&M, is a land grant institution, circumstances call for Congress to create a “cyber grant program,” just as it has created sea and space grant programs.
“Considering the challenges we face in developing and maintaining the cybersecurity workforce, the creation of a Cyber Grant Program modeled after the three previous grant programs can be established to realize similar benefits,” Cambone said.
Rep. Lisa Blunt Rochester, D-Del., asked what the research shows about what attracts individuals to the cybersecurity profession. She also raised questions about the need to market the profession to make it more well-known.
Parents don’t tell their children to be a cyber technician, but rather an engineer, doctor or a lawyer, Rochester said.
Douglas C. Rapp, president at the Cyber Leadership Alliance, an Indiana-based non-profit that provides “thought leadership” in cybersecurity, said “we need to break down some barriers” when it comes to views of the cybersecurity profession.
Rapp suggested expansion of the CyberCorps Scholarship for Service program to state and local government because the program is vulnerable at the federal level.
Rep. Cedric Richmond, D-La., ranking member of the subcommittee on cybersecurity and infrastructure protection, criticized President Donald Trump for recommending cuts to the CyberCorps Scholarship for Service Program by 27 percent below fiscal 2017 levels.
The program provides scholarships — funded through National Science Foundation grants — that may fully fund the typical costs incurred by full-time students while attending a participating institution, including tuition and education and related fees, according to a federal website.
“Defending our networks from cyber attacks requires strong leadership, sustained funding from Congress and action,” Richmond said.
Jamaal Abdul-Alim can be reached at firstname.lastname@example.org or you can follow him on Twitter @dcwriter360.