Teach Cybersecurity with Apprenticeship Instead
Governments, private industry, and tech culture can all benefit from a cyber workforce built on quality apprenticeships
Blog Post
Pixabay, Creative Commons license
April 14, 2017
What do you think of when you think of apprenticeship?
Try to find stock photos for “apprenticeship”, and your search results will abound with safety goggles, bandsaws, and coiled air hoses. Americans imagine apprentices as carpenters, plumbers, and machinists, and for good reason: there is a long and proud tradition of apprenticeship in construction trades, which had about 30 percent of all registered American apprenticeships in 2016.
This apprenticeship tradition helped build the physical infrastructures - highways, ports, and energy grids - that support the American economy. As labor needs expand for new types of digital infrastructure, especially in the field of cybersecurity, we should look to apprenticeship once again to get the job done.
Something we all need: Making cyber better through apprenticeship
Nearly all businesses and government services conduct electronic transactions, handle private information, or have a website. A security lapse in any of these areas can be disastrous, and so there is huge unmet demand for cybersecurity professionals, to the tune of about 40,000 unfilled jobs per year.
Predictably, cybersecurity salaries are very high: one job category, information security analysts, has a median wage of about $45 an hour, according to the Bureau of Labor Statistics. What sets cybersecurity apart from similarly well-paid occupations is that few of its jobs require an advanced degree; though candidates with bachelor’s degrees are more competitive, these too are not always necessary.
Cybersecurity does require attention to detail, quick thinking, and intellectual flexibility - and an industry certification validating these practical and problem-oriented capabilities is highly preferred. But these certifications, including the widely-used CompTIA Security+ and the prized CISSP certification, don’t have specific education requirements themselves, and prioritize work experience instead. CISSP, for example, requires test-takers to have five years of paid, full-time work experience. A four-year degree only gets a waiver for a year’s worth of that.
Why the preference for work experience? Bachelor’s degrees spend a lot of time on topics that aren’t essential to entry- and mid-level cybersecurity jobs, including advanced math and more theoretical computer science courses. More importantly, academic programs aren’t as well-suited as work experience to a field where a threat that wrought havoc two months ago might already be out of style. In apprenticeship, on the other hand, the most important classroom is the office of a team tasked with examining what’s happened and responding to what’s next.
Last month, the cyber workforce featured prominently on the agenda at New America’s Cybersecurity Initiative conference and in its keynote address from Nathaniel Fick. The paid contract and defined learning plan of apprenticeship can help the industry fill talent gaps by allowing more Americans to learn this tough and intricate craft, but cybersecurity has even more to gain from the community-building, employer-focused experience that apprenticeship provides.
Like the IT sector as a whole, cybersecurity has diversity problems. The field is dominated by white men, which according to Fick is a social but also functional concern for cybersecurity pros: “We can’t expect good outcomes if we surround ourselves with the same people.” Workforce diversity and equity, in tech and elsewhere, will be a long project of social change that won’t be accomplished with a few dozen apprenticeships. But by reducing reliance on potentially debt-laden computer science bachelor's programs and lowering financial barriers to cyber education (apprentices get paid to learn, instead of paying to learn as a student), apprenticeship can help bring some desperately needed new faces into cybersecurity. The equity-minded tech apprenticeships of LaunchCode provide an excellent model.
Apprenticeship is also particularly well-suited to helping state and local governments address critical cyber workforce deficits. Subjected to increasingly frequent cyber attacks, state and local governments also struggle to compete for cyber workers since they can’t offer private-sector wages or the mystique of spook work at the Department of Defense (DoD) or CIA. Luckily, state and local authorities can play a more active role in incentivizing cyber apprenticeships, for example through employer subsidies, tax breaks, and public service agreements modeled on the federal Scholarship for Service, which guarantees tuition for a promised period of government work.
Getting to scale: Making cyber apprenticeships a widespread reality
A maxim of the Python programming language goes “There should be one - and preferably only one - obvious way to do it.” But that just doesn’t hold when it comes to workforce development, where employers may do better following one of Perl’s mottoes: “There’s more than one way to do it.” Apprenticeships are one of those ways, and there are already promising cyber projects afoot.
Last September, Governor Terry McAuliffe announced the launch of Virginia’s first cybersecurity apprenticeship program. Started in partnership with Tidewater Community College, the program’s intermediary, Peregrine Technical Solutions, has aligned it with DoD occupational requirements to add further job market value in a defense-heavy region. In Maryland, the TranZed Alliance and University of Maryland University College (UMUC) will soon provide cybersecurity apprenticeships to upskill existing employees at firms across the region. On the other side of the country, the Silicon Valley start-up Transmosis is working to pool cyber workforce needs from multiple employers to build a sustainable apprentice pipeline, handling every aspect of the process from program registration to apprentice recruitment and vetting to on-boarding and job placement services.
America’s essential technological infrastructure needs dedicated, curious, and highly-skilled workers who are comfortable learning on the job. Thousands of Americans fit the bill, but they need to see how well apprenticeship works before they hold it in the same esteem as a college degree. When deployed in collaborative and supportive workplaces, and connected to other higher education opportunities down the line, these and other developing projects in cybersecurity can easily make the case.
This is the fourth installment of our blog series exploring big issues in the world of American apprenticeship ahead of our Apprenticeship Forward Conference in May 2017. We hope you'll join the discussion @NewAmericaEd.