Can cybersecurity boot camps fill the workforce gap?

A startup in Denver and an initiative in Chicago are using cybersecurity boot camps to quickly prepare workers to fend off digital attacks.

 

Attendees at the 2016 Black Hat cybersecurity conference in Las Vegas.

David Becker/Reuters

January 20, 2017

Boot camps aren't just for software development anymore. 

With the US cybersecurity workforce facing severe shortages and data breaches surging, new groups are cropping up to respond with initiatives to quench the exploding demand for digital talent.

Denver-based startup SecureSet Academy is just the latest organization to use a boot camp-style teaching model to quickly prep jobseekers for careers fighting off digital attacks. The academy has graduated 16 aspiring 'white hat' hackers since its launch last February, placing all of them in roles as security engineers, penetration testers and consultants with local firms. And now, another 17 graduates are about to join their ranks.

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

“We need to recognize the rise of a “no-collar” work force in this domain, and realize that we can effectively field this force quickly,” says Adam Sheffield, director of SecureSet Academy's new Tampa campus. “We need to start looking outside existing silos and build accelerated pathways that address the needs of students seeking entry into the field.”

The startup’s early success with its accelerated training program prompted venture capital fund Colorado Impact Fund (CIS) to lead a $4 million investment round this month to fuel SecureSet’s expansion. But SecureSet – which charges $19,500 for its intensive 20-week cybersecurity program – isn't the only firm pushing a boot camp-style approach, with Russia’s suspected involvement in election-related hacks dominating recent headlines. 

Another group doing that is the City Colleges of Chicago (CCC), which this week became the first community college system in the country to partner with the Department of Defense on a new free cybersecurity training program for active military service members and civilians.

The effort is modeled after an intensive six-month cybersecurity boot camp tested with government personnel at Fort McNair in Washington. Chicago's municipal government has put $1 million behind the effort, alongside $500,000 from the Defense Department.

Many of the same cybersecurity experts who provided the training at the Pentagon will train the first batch of 30 students at the inaugural boot camp scheduled to begin this spring at CCC’s Wilbur Wright College. Companies such as Accenture, Allstate and Microsoft will also help with programming and job placement.

Boot camp graduates will take the Offensive Security Certified Professional (OSCP) Certification Test to vet their readiness for jobs in penetration testing and related areas.  “These jobs pay $80,000-a-year — starting,” Chicago Mayor Rahm Emanuel told the Chicago Sun-Times. “Six months of boot-camp training and you get a salary of $80,000, and we have 10,000 jobs coming to Chicago.” Mr. Emanuel is using unclaimed funds from a city property tax rebate to finance the boot camp.

Similar efforts are springing up across the country. With the Trump Administration’s focus on bringing more jobs back to the US, efforts to galvanize domestic job growth such as those in Chicago and Denver are likely going to become even more important in the next few years.

In Georgia, Governor Nathan Deal announced plans earlier this month to promote cybersecurity via a new Cyber Innovation and Training Center that will be developed in collaboration with the Pentagon and NSA.

Indeed.com estimates that US firms on average are currently able to fill less than 7 in 10 of their available cybersecurity jobs. The job search website says that's the fourth worst security skills shortage in the world, despite salaries that often start at over $60,000 and exceed $200,000 for more experienced staff.

In recent years, the federal government has made efforts to address the problem by among other things, setting aside funds for cybersecurity education and training.

The Obama administration’s budget for the last fiscal year makes up to $62 million available in 2017 to support training programs in universities around the country and scholarships to train future cybersecurity workers for careers government. But the results of those efforts may not be felt for years.

“Millions, if not billions, of tax dollars have been spent on bolstering traditional education programs,” says Mr. Sheffield. Students coming out of such programs often have excellent technical skills but lack experience applying those skills to real-world problem sets.

Instead of the federal government’s top-down approach, the place to start building security talent is at the community level and via partnerships across the public and private sector, Fund says.

“There is a massive gap between the demand and supply of cybersecurity professionals [in the US],” says Ryan Kirkpatrick, partner at CIS, the venture capital firm that invested in SecureSet. 

“Current cybersecurity training offerings are not increasing the available supply of cybersecurity professionals since they only focus on retraining the existing cybersecurity workforce,” Mr. Kirkpatrick says. His firm has expressed interest in cybersecurity training companies like SecureSet.

Globally, the skill or position that seems to be most needed is network security specialists says Daniel Culbertson, an economist at Indeed.com. This is the skill set with the highest employer demand in several high profile markets, such as Israel, Ireland, the UK.

In the US the biggest mismatch between supply and demand is for professionals with application and cloud security experience and for those who know how to secure the billions of devices being connected to the so-called Internet of Things, Mr. Culbertson says.

“Jobseekers' interest in cybersecurity positions has grown over the past two years [and] has helped narrow the gap,” between supply and demand, Culbertson says. For instance, one year ago, American firms were able to fill only 6 in 10 of their available security roles compared to nearly 7 in 10 this year.

Part of this can be attributed to the attention the profession has been getting in the news after several high profile breaches in the private sector and the US election, he said. “More likely is that job seekers are seeking these jobs out because they are in demand and pay well.”