US pilot programs lay the groundwork for a healthy workforce

Following five successful pilot programs, the US National Institute of Standards and Technology (NIST) has released a roadmap for tackling the cybersecurity workforce shortage using a regional approach.

According to CyberSeek, an interactive tool that provides real-time analysis of the cybersecurity job market in the US, there are currently just under one million people employed in cybersecurity, with a little over half a million vacancies. There are huge regional variations, however.

“For example, in the DC/Maryland/Virginia area, there are over 64,000 open cybersecurity jobs, but in the state of Wyoming, there are just over 500 open jobs,” Danielle Santos, program manager of NIST's National Initiative for Cybersecurity Education (NICE), tells The Daily Swig.

The roadmap, which was published (PDF) in February, aims to improve these regional discrepancies by recruiting more potential talent locally and administering a focus on long-term retention.

It outlines strategies for forming local partnerships between schools, higher education institutions, and employers, specifying four main components: establishing program goals and metrics, developing strategies and tactics, measuring impact and results and, sustaining the effort.

NIST also advises on holding events such as camps, career fairs, and technical exercises in order to source talent and build a relationship with the local community.


One of the pilots, for example, the Cyber Prep Program in Colorado Springs, was a partnership between Pikes Peak Community College, secondary-school districts, and employers.

It involved internships for more than 100 students, apprenticeships, and workshops, career fairs and camps.

Meanwhile, says Santos, the Cin-Day Cyber program in Ohio gave 74 college students paid internships in both private and government organizations. The Virginia-based HR Cyber [non-HTTPS link] has also created an interdisciplinary degree program that has grown from 11 students to more than 100 in just two years.

“Success was shown in each of the pilots, as each was unique to the needs of their region,” Santos says.

“Although the original grant funding for the pilot programs has expired, each of the programs have been able to continue the work that was started under the RAMPS.”

“In some cases, different stakeholders volunteered to carry on the project, and in others additional grant funding was secured to continue to grow the effort,” she adds.

The roadmap includes a comprehensive set of best practices drawn from the results of the pilot projects, with advice for students and job-hunters as well as educational institutions and employers.

The structured process it recommends could provide a solid basis for similar schemes elsewhere, says John McCumber, director of cybersecurity advocacy for North America at security training and certification body (ISC)².

“The initial pilot programs lay the groundwork for future educational efforts that can leverage the success metrics in these pilot programs,” he tells The Daily Swig.

“In this way, we see these programs forming the basis for a series of national initiatives to address the rising demand for cybersecurity professionals.”

In 2016 the National Initiative for Cybersecurity Education awarded funding to five pilot programs based on their approach to developing the cybersecurity workforce.

YOU MIGHT ALSO LIKE Wisconsin university launches online cybersecurity course