The Cybersecurity and Infrastructure Security Agency, part of Homeland Security, has awarded a $1 million grant to a non-profit. CISA wants the CyberWarrior Foundation to create a training program to make more cybersecurity practitioners. It’s called the Cybersecurity Workforce Development and Training Pilot for Underserved Communities. Foundation Chief Operating Officer Jonathan Edwards joined Federal Drive with Tom Temin to talk details.
Tom Temin: Mr. Edwards, good to have you on.
Insight by Sonatype: Stephan Mitchev, acting CTO at USPTO, discusses how USPTO is looking at supply chain issues to address cybersecurity concerns. Dr. Stephen Magill, VP of product innovation at Sonatype, provides an industry perspective.
Jonathan Edwards: Great to talk with you, Tom. How are you today?
Tom Temin: All right. Let’s start with the foundation itself. What does the CyberWarrior Foundation do?
Jonathan Edwards: The CyberWarrior Foundation was founded to fill to the extent possible the talent gap in cybersecurity with underserved populations, specifically women, persons of color, and veterans. They have historically been left on the economic sidelines, especially the cybersecurity sidelines, and it is our goal to train them so that they not only get the job, but they’re good at the job once they get it. So that’s our singular focus.
Tom Temin: And cybersecurity jobs take a hundred different forms. Do you pretty much focus on the technical side — people that can be operators in a say, security operations center — or maybe also on the policy and development side?
Jonathan Edwards: What we do is we train for entry level jobs. So typically, that’s going to be an analyst I job, a junior engineer position. Then once the student, now professional, gets an understanding of the literally thousands of different pathways in cybersecurity, then with those fundamental skills, they can determine which pathway they want to take. But until they get the fundamental skills, and until they get that first job, it’s very difficult for them to understand I want to go into management, I want to go into policy, I want to go into whatever direction they want. So this is analyst and junior engineer positions.
Tom Temin: And is there corporate backing from some of the cyber companies to help the foundation?
Jonathan Edwards: Not yet, but that’s what our plan is. We were founded so that we could help those companies that desperately need talent. And we hope that this CISA grant will provide some ability to amplify what we do to the corporations that desperately need that talent and the corporations that want to and should diversify their professional ranks.
Tom Temin: And that would also include federal agencies and their own staffing?
Jonathan Edwards: Absolutely it does. We had a great presentation by someone from CISA recently, and he was all about making sure that we understood that the DoD or DHS, or CISA specifically or any number of different federal agencies, they need the talent, they want the talent, and they want to diversify, but not at the expense of the skill set, obviously.
Tom Temin: Alright, so then what specifically are you called to do with this grant then?
Jonathan Edwards: Specifically, we are targeting two regions in the country. CISA region number one, which is the Northeast — essentially the six New England states — and CISA region number four, which is the Southeast — that’s based in Atlanta. But we’re touching about eight different states in the South, ranging from Kentucky, North Carolina, all the way down to Florida. The goal of this project is to develop a system that recruits, retains, and then places underserved populations. And the definition here is again, women, persons of color, and veterans, but also people in rural America who don’t have access to the cybersecurity professional opportunities that people in more urban or suburban geographies have. We want to give them that option as well, because a lot of these jobs can be remote. So there’s no reason why we shouldn’t be able to train up people who are really struggling because of the world these days to get a job. And that’s what we’re going to focus on as well.
Tom Temin: So will you be developing a way to reach out to get those people in or also the coursework itself that they would undergo to become qualified?
Jonathan Edwards: We already have a lot of that in place, but we’re going to take it for a series of test drives to see how it works in these two specific areas working with CISA. Our curriculum is a strong curriculum that touches on all facets of cybersecurity at the entry level — firewalls and IDPS, malware analysis, packet analysis, Security+, Network+, Certified Network Defender, etc. Beyond that, then we also want to train someone to understand the practical application that’s necessary. A hiring manager doesn’t want to know you just have the skills. Our hiring manager wants to know that you know how to apply the skills — the who, where, when and why — to apply in different scenarios. So what we’re doing is we are making sure that people have awareness of the program, then access to the program, and then we will help them with job placement or apprenticeship placement as the case of merits.
Tom Temin: We’re speaking with Jonathan Edwards, he’s chief operating officer of the CyberWarrior Foundation. And what are the requisites that people need to bring to it in the first place? Because, say, in dense urban areas, you might have underperforming schools, and therefore students that have not achieved the aptitude they need, say in math. In rural areas, there are social problems of a different nature perhaps. So how do you bring all that together?
Jonathan Edwards: This is where we’re trying to really crack ceiling if you will. We believe that we can train virtually anyone with computer literacy skills into cybersecurity. We’re trying to break the mold in terms of what hiring managers are looking for with cybersecurity talent. There are a half a million open cybersecurity jobs domestically today, and that number is growing. There aren’t enough people who get out of bed every morning saying I want a career in cybersecurity. So we’re planting aspiration in people’s hearts and minds. That means that we are developing systems and curriculums that will train someone who has no experience in cybersecurity or in technology, with the skills necessary, but it also means that we need to work with hiring managers, HR departments to help them understand that the talent that wants to be in cybersecurity today isn’t necessarily meeting the needs of these companies or government agencies. And they need to rethink how they search. And they need to rethink who they work with to meet their talent needs. So that’s the other pretty interesting part of what we’re doing with CISA. We’re going to train them up. But we’re going to work with the private sector, the government sector, nonprofit organizations, whomever to say, okay, now let’s take a real strong look at how you’re hiring, who you’re hiring, and what your expectations are.
Tom Temin: And very often, the underutilized communities often have a need to say develop a work ethic or an understanding of the need that when you have a job, it’s nine to five or six to two, whatever the case might be, and it’s something real that you’ve got to stay with. And is there a manner by which you can inculcate that information and that skill, as well as the specific cyber skills?
Jonathan Edwards: Well, to get through our program requires one thing, it requires discipline. There’s no two ways about it, it requires a tremendous amount of discipline. Our program is four hours of live remote Zoom instruction per day, five days a week. So that alone takes a tremendous amount of discipline. Plus, it’s an hour to two hours of prep work, so you understand what you’re confronting that day in the classroom. Then it’s probably five to 10 hours of homework that is self paced per week. So the discipline that we instill to get through the program to make sure that you understand the skills and how to apply those skills through a tremendous number of lab based exercises that those real world scenarios that we talked about previously, that discipline, if they can get through the program, will transcend into the work world where they say, okay, this is what it takes to succeed in a cybersecurity job.
Tom Temin: And what about the requirement that they have a reasonably operable laptop computer and broadband? Because that’s an issue in a lot of rural areas and some urban areas.
Jonathan Edwards: It absolutely is, that digital divide exists. We have certain minimum requirements for computers that we need students to have, because we install virtual machines so that people can understand penetration threats in different operating systems, in different scenarios that different companies or agencies might have. So they do need those minimum requirements. What we do, however, is we have partnerships with individuals and organizations that will help people who don’t have a laptop. Now we can’t help people who don’t have the broadband necessary because of the rural areas. That’s the challenge. And I hope that the infrastructure bill starts to solve that problem down the road. But we work closely with people who…if someone just has no means to have a sufficient computer or laptop, we try to meet those needs, were not always successful. But yes, there are minimum requirements for memory and other capacities.
Tom Temin: So what will the metrics for success be in this pilot after three years for you and for CISA?
Jonathan Edwards: Well, at the end of the day, we want to place every single student that goes through the program in either an apprenticeship that transcends into a job, or a job itself that bypasses the need for an apprenticeship — either or works for us. We want placement beyond that, because this is a pilot. We also want to well document the best practices so that we can hopefully work with CISA down the road, years out, to bring this program not just to the Southeast in the Northeast, but across the United States, because the entirety of the United States needs the skill and then the diversification within the profession.
Tom Temin: And briefly, what are the outreach mechanisms so that you can get this opportunity before the people that you want to serve?
Jonathan Edwards: It’s a lot of shoe leather, and it’s a lot of online leather. We will be working closely and we have historically worked closely with community colleges, with diversity stakeholder individuals, with workforce stakeholders, with the Urban Leagues of the world. We have great partnerships — one in Boston with the Massachusetts Technology Leadership Council, and one in Georgia with the Technology Association of Georgia, they’re going to help us find students and will also most importantly help us find the companies willing to place again, either in jobs or apprenticeship. So we’re developing the tentacles necessary to recruit the students and recruit the employers. It’s a time consuming effort but we’re excited with the partnerships that we have and we’re really excited to expand those partnerships to recruit that talent.
Tom Temin: And you’re optimistic?
Jonathan Edwards: Extremely optimistic. We know our curriculum works. We have historically had people going through our program that are placed in jobs before they even get their certificate of completion. That demand is there. We just need to instill the talent and again, the discipline. So I’m extremely optimistic about our success. CISA is 1000% behind what we’re doing, they want to see us succeed. I’ve been told that we do and we are going to provide them with a solution to something they’ve been trying to figure out for a very long time. And so the excitement is both I know we can succeed, but there’s the excitement is also we are partnering with the federal government to help them perform their job and to meet the needs of protecting our country against cyber threat.
Tom Temin: Jonathan Edwards is chief operating officer of the CyberWarrior Foundation. Thanks so much for joining me.
Jonathan Edwards: Thanks so much for having me, Tom. I appreciate it a lot.