Peter Armstrong, director of cybersecurity at Thales UK and head of the Thales UK cyber graduate training program, believes that both approaches are valid and important. The US National Collegiate Cyber Defense Competition (NCDDC) is at the schools level, while the Cyber Security Challenge (there are UK and US variants) targets existing employees. "It’s important that institutions invest in training up the next generation of cyber security experts, as well as making more of an effort to retrain or re-skill existing employees to ensure the entire workforce is educated about the latest threats and how to deal with them," he told Infosecurity. "The competition by the NCCDC is a positive step in this direction."
Now Raytheon has announced a three-year partnership with the NCDDC to be its lead sponsor. While other programs such as the Cyber Security Challenge UK, and the US Cyber Warrior Scholarship seek to attract and help mature adults move into cyber security, NCCDC takes the argument into schools. More than 180 colleges and universities are expected to take part this year in competitions that lead up to the national championship.
The underlying problem behind the well-documented world-wide shortage of skilled security professionals may, however, lie in pre-university education. A new survey commissioned by Raytheon has looked at the attitudes, behaviors and career aspirations among young American adults. It found that a lack of awareness of cyber security as a potential career seems to stem from the teachers: 82% of the young respondents said that no high school teacher or guidance counselor had ever mentioned the idea of a career in cybersecurity.
Generation Y, or the Millennials, are – according to this survey – most interested in becoming entertainers (that is, a celebrity) at 40%, and entrepreneurs at 39%. App designers and social media professionals are the leading tech aspirations, both at 32%. A cybersecurity professional, however, is way down at 24% – in fact, more young adults see themselves as a college prof (25%) than a security pro.
One clue may be found in young adults' attitudes towards work incentives. Two of the top three incentives include 'interesting work' at 69%, and 'competitive pay' at 65%. Both of these apply to a career in cyber security. However, the third (66%) is 'promotion opportunities;' and this can be somewhat limited in cyber security. There is no clear career path from security professional up to the boardroom – the most likely route is from security to risk management to the Board.
The Raytheon survey may, therefore, indicate that the security skills shortage needs to be tackled from both ends. Schools need to promote the career to students at a younger age, while senior management needs to include security professionals at the highest levels – including the Board. Cyber security needs to be in the boardroom; not merely reporting to the boardroom. Until that happens, however, companies like Raytheon are concentrating on the youngsters.
"Our nation's military, government and commercial sectors are in dire need of cyber talent as we rely ever more on the cyber domain and face ever-increasing threats," said Lynn Dugle, president of Raytheon's Intelligence, Information and Services. "We are committed to increasing awareness of and interest in cyber careers, and have partnered with NCCDC because we believe in its mission to provide hands-on experience needed for the next generation of cyber leaders."