Driving an effective cybersecurity apprentice program (Part 1)
Forecasting success carries a responsibility of providing future proof, and some obvious risk. I take the responsibility of being a wise custodian of a program that involves use of taxpayer funding seriously, with specific goals in mind. Those goals involve producing excellent taxpayers, charged with safeguarding digital resources from attack.
Defining a successful project begins with identifying a need. The specific need is filling the existing shortage of qualified cybersecurity professionals. That task became much easier as the result of the efforts of those involved in the NIST grant funded CyberSeek website that went live in November 2016. The site graphically identifies the shortage of cybersecurity professionals and provides specific labor market information at the National, state, and regional levels.
In September of 2016, the California Community College Chancellor’s Office announced the availability of grant funding for apprenticeship programs. Having researched the general unavailability of apprentice programs in the ICT field for an article I wrote in May of 2014, this announcement served as an opportunity to see if we could develop an apprenticeship program here in California.
To facilitate the chances for project success, I reached out to Coastline Community College in Southern California, to serve as the host college. Having taught cybersecurity courses at my own college for the past 18 years, I was aware of what Coastline’s hosting brings to project success. It is the only California community college that currently holds the “Center of Academic Excellence in Information Assurance and Cyber Defense – 2 Year” Federal designation issued by the National Security Agency and Department of Homeland Security (NSA/DHS).
The 1$ million grant was awarded in mid-January. The application that was submitted details how the grant is going to be administered. In general terms, the plan it to utilize a cohort approach, with approximately 25 students per cohort. Admission to the program requires that potential apprentices have previously obtained their CompTIA A+ certification.
Students will take what are defined as four “core courses” that include courses that are aligned with the exam objectives for the CompTIA Network+ and Security+ certifications, along with the Microsoft MTA certification relating to its server product. Additionally they will take a basic programming course.
From there they will be given the opportunity to select either a Cisco track (focused on CCNA certification), or a cybersecurity track (that focuses on the EC-Council CEHv9 and the new CompTIA CSA+ certification). Costs associated with course fees, textbooks, and certification exams will be paid by the grant.
Students are required during the term of the grant to participate in “on-the-job” training for a total of 2,000 hours. The program is designed to provide a living wage for this “learn and earn” period. While industry recognized industry certifications are important, the inclusion of this work based learning component is a key element in the Project’s success, given the “in order to get a job you need experience, and in order to get experience you need a job” conundrum.
We recognize challenges we face is identifying employment slots for apprentices to meet this work based learning requirement. Employer monetary incentives, while available through grant funding, are probably not a sufficient carrot to have employers waiting in line to participate in the Project. Much of our efforts will be directed at the cybersecurity professional community, seeking support from local chapters of professional organizations like ISACA, ISSA, and (ISC)2.
We are contacting members of the existing workforce in the Region and asking them to serve as mentors for the students, helping them find “earn and learn” employment opportunities. To support this effort, I’m reaching out to my fellow CISSPs, reminding them that one of our ethics cannons is to “advance and protect the profession.” I believe advancing the profession includes taking steps to insure that we have an adequate cybersecurity workforce to meet the needs of our society.
This article was purposely labeled “Part 1.” We believe it important to detail our successes (and failures), as we move forward with this effort, hopeful that it will encourage other colleges to consider this approach to cybersecurity training. Our goal is to create a sustainable model designed to continue once the grant funding runs out.
 California Apprenticeship Initiative
 See “Formal ICT apprenticeship programs: Why not in the USA?”
 Coastline Community College (Fountain Valley, Calif.)
 Information Assurance Directorate, NSA
 California Cybersecurity Apprenticeship Project (CCAP)
 (ISC)² Code Of Ethics