Enable breadcrumbs token at /includes/pageheader.html.twig

Rethinking Cyber Talent Requirements

Industry and academia are seeking critical thinking and passion to fill the growing cyber talent shortage.

Facing a global shortage in cyber talent, government and industry officials are seeking new ways to widen the aperture on recruitment. Although science, technology, engineering and mathematics (STEM) skills are still essential, some experts claim critical thinking and passion are major assets for a successful career in cybersecurity.

According to a 2024 ISC2 Cybersecurity Workforce Study, 68% of organizations noted having a cybersecurity staff shortage.

With cybercrime on the rise, malicious actors are targeting ‘low-hanging fruit,’ such as higher education entities that cannot afford high-cost security operations. 

For Louisiana State University (LSU)’s chief information officer, Craig Woolley, the challenge led to the idea of combining student education with round-the-clock cybersecurity protection through private-sector partnerships.

Since its LSU launch in 2023, the cybersecurity workforce development program has evolved into a statewide initiative on its way to further expansion.

“When you think about how many people you actually need to hire to fulfill a 24/7/365 [operation], it’s a very expensive proposition,” said Rob Jansen, CEO at TekStream Solutions, a digital solutions consulting firm and partner in the workforce development program.

Crediting Woolley for the idea, Jansen said the initiative brings together students across different colleges for a shared mission: cybersecurity.

“We do have people from liberal arts, we do have people from language majors, we do have people from cyber that actually come from the cybersecurity side, but it’s open to all majors, all students that are able to now get into this program and learn the cybersecurity skills they need,” Jansen stated in a conversation with SIGNAL Media.

The development model, which has been implemented across all LSU System schools, has been adopted by additional out-of-state universities, including New Jersey Institute of Technology, University of Alabama, Kennesaw State University and Georgetown University.

“The idea is, through higher education, attracting students, training them, developing them. They’re obviously graduating. [Then] they can go to work at the government entities. They can work at private sector,” Jansen explained.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Currently in its fourth year, the program’s training curriculum and platform have evolved, Jansen said. Firstly, onboarding time has decreased from three months to six weeks. Additionally, the training model has been optimized for each student’s experience and level of knowledge. 

Through a tiered system, students enter the program operating simpler tasks until technicality and complexity gradually increase. Typically, students enter the two-year program in their junior year and receive a detailed transcript upon completion.

Finally, TekStream provides graduates of the program access to its recruiting team and placement services. “They are working hand-in-hand with the students. In some cases TekStream is hiring them; in other cases, we’re finding jobs for them,” Jansen said. “So far, we’ve had 100% placement rate for the students graduating from the program.”

In Louisiana, half of the applicants to the program have been non-computer-science majors, Jansen said. This diversity of thought is crucial for the industry, he noted.

“From my personal experience, I was a systems engineer from [University of Virginia] and I got a job with Price Waterhouse,” he said. At the time, over 50% of the people hired did not have engineering or computer science backgrounds, Jansen explained. “They wanted a diverse set of thoughts and backgrounds and perspectives for the team to be strong and collaborative. I view this as no different,” he said of the workforce development program.

“If you have a 100% computer science group of people working in a [security operations center], you’re not going to get diverse perspectives or diverse thoughts from that group, and they’re probably going to be all wired a very, very specific way, in a very ordered way,” Jansen continued, “In cybersecurity specifically, many things happen in a non-ordered fashion, so you need people that can think creatively. They can ideate, they need to think of new ways, think like a bad actor, think outside the box for how attacks can happen.”

Currently, Jansen and his team are also working on a partnership with Techbridge, a nonprofit company that uses career-focused training and technology to break the cycles of generational poverty.

The idea, he said, is to expand the program beyond just students in schools or higher education programs. “How do we get less privileged people in the community also access to this training that might have the mindset, that might have the mentality or the ability, but they just didn’t have the opportunity. How do we get them involved?”

Although the partnership is in its early stages, the team is seeking seed partners to get it off the ground.

Jansen’s sentiments were echoed by Eric Scott, chief information security officer at Georgia Tech Research Institute (GTRI). Scott runs a similar program at GTRI, which launched a little over two years ago and began with just three student interns. Today, it has seven.

Image
Industry and academia are partnering to find and grow cyber talent. Credit: Iftikhar alam-stock.adobe.com
Industry and academia are partnering to find and grow cyber talent. Credit: Iftikhar alam-stock.adobe.com

Most recently, the student intern program has expanded to include a governance, risk and compliance component, or GRC.

“They’re more policy [and] process and audit, and if you think about it, I really need more creative writing people that like to write, people that can understand logic, and so the GRC element of things kind of brings out those skill sets that are nontraditional ... they’re nontechnical, but they’re still needed and I still value them,” he told SIGNAL Media.

While the initial program is cyber-centric, there is no requirement for a STEM background for GRC participants.

“The internship program in general is designed for people that don’t have cyber backgrounds; we are going to teach you everything you want to know, whether you have coding experience or not,” Scott explained. “We can take a liberal arts student just as easy as someone that’s a computer science major.”

While the GTRI internship program still favors science majors, Scott values one trait the most: passion.

“You can have strong character, you can have a strong work ethic, but if you have a genuine passion to do what you’re doing, you’re going to give 110%, and you’re going to give it your all,” he said.

“We have a linguist that is working on my team,” Scott added, noting another intern currently in a liberal arts college. “It doesn’t matter [because] at the base of this, I do try to capture that passion if we can.”

A separate but similar program at GTRI, titled Hiring Our Heroes, also offers a 10-week fellowship to transitioning service members coming off active duty, Scott shared.

The program, initiated by the U.S. Chamber of Commerce, offers experience in a variety of fields, including one within the cybersecurity division. Within the division, there is no requirement to have a STEM background, Scott said.

In the defense landscape, leaders are also expanding recruitment requirements.

“The right skill sets that are validated will open and expand the population of folks that we will recruit from,” Defense Information Systems Agency Director Lt. Gen. Paul Stanton said in an April interview with SIGNAL Media.

The Department of War chief information officer’s investment in early assessment tools explores aptitude and cognition more than individual skill sets, he noted. “I certainly want deep thinkers on our team.”

“You’ve heard me say this before, but our asymmetric advantage is free thought,” Stanton continued. “Our ability to apply free thought gives us the opportunity to hire somebody that was a musician or a mathematician or something that’s not necessarily directly aligned to computer science and network engineering or cybersecurity but demonstrates cognitive capabilities and aptitude.”

Comments

The content of this field is kept private and will not be shown publicly.

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Enjoying The Cyber Edge?