Paper

 

Academic Paper: Bridging the Gap in Cybersecurity Employment

Carlos Washington

CYSE 494: Entrepreneurship in Cybersecurity

Old Dominion University

 

Cyber security is defined as being a practice of defending digital assets (computers, mobile devices, servers, networks, data, almost any electronic system) from harmful and malicious risks, threats, vulnerabilities, and attacks. CompTIA, which is a reputable, well-known, and neutral vendor Information Technology/Cybersecurity certification provider says that technology occupations compose a net employment market of 12.1 million within the United States. Technology is a field that is of great importance and it is vital to the foundation of any organization/company/business/etc. Currently, the world is digitally inclined, and a great deal of their stored assets are digital. Majority of daily tasks are performed on some form of computer system or mobile device. Understanding the intricacies and miniscule details within computing, information technology, and information security fields can be both challenging and intimidating to a young and inexperienced. However, what would change if the youth were more exposed to the above listed areas before high school or college? Awareness in the African American and minority population would create tremendous growth in the field for the racial group.

Throughout my research, I have noticed that there is a strikingly low percentage of minorities in the technology field. To combat this issue, awareness of the matter needs to be promoted; raise awareness and allow students to know about the field at a deeper level in their younger ages. Educational systems should implement more real word technology courses so students can become acclimated to them at a younger age. Students gravitate to what is familiar, also, to what the students enjoy; how are students supposed to gain the necessary knowledge about the field without obtaining the needed awareness? The basis of education starts in a school environment. As the world gravitates towards a much more digital environment, interests in the field will inevitably grow; employment opportunities will continue to thrive, and it will be pivotal to witness the rise of minorities within the field.

IMPORTANCE OF CYBERSECURITY

Southern New Hampshire University defines cybersecurity as, “Cyber security consists of all the technologies and practices that keep computer systems and electronic data safe. And, in a world where more and more of our business and social lives are online, it’s an enormous and growing field” (Stodyk 2018). Oftentimes, the common perception of cybersecurity is that it stops with computers. Although computers are a significant piece, it is not the only technology that needs cybersecurity. It is gravely necessary for users of technology in any setting to not underestimate the importance of the digital and virtual environment. Even on a basic level, understanding and taking small preventative and protective measures encourages a safer digital and virtual environment. Cyber-attacks are performed daily-exploiting vulnerabilities. Successful attackers usually occupy a wide range of knowledge on general tactics, as well as a deeper understanding in specialized areas, especially within the area they plan to attack.

Information Technology departments have been around for various years; employers, businesses, educational systems, healthcare administrations, political career areas, etc. all understand that a computer system and information system is integral within their daily operations, as well as security measures, such as security cameras.; “Cyberspace has become part of the daily life of many governments, citizens, industry etc. around the world. Moreover, the global expansion of digital media, networks, and information and communications technologies (ICTs) might well become the most powerful technological revolution in the history of humankind” (Drent, Homan, Zandee  2013) Cultivating the program will allow for nontraditional topics (topics not usually taught in a traditional environment) to be discussed, so that the participants of the program are well-rounded. The college environment does well in laying foundations, and even taking it a step further. The aim of the program will be to set a strong base knowledge and an advanced level of techniques and operations. The cybersecurity field is advancing, and it will continue to grow for many years as the world continues to move further towards digitalization and virtualization.

REPRESENTATION IN CYBERSECURITY

            Representation is important in any field. Adults and children alike start their learning processes by sound, visualization, and memory; if a child can see an individual or a large population of individuals that is similar, the children will be more likely to desire to be in that role. Diversifying the field will produce a wide spectrum of people from different racial backgrounds and ethnic makeups. Specifically, for the African American community, the desire shows in statistics; however, the lack of employment in the field also shows within statistics. The Black community is not being hired into many of the computer security/cyber security jobs. Generally, minorities remain the minority within the Cybersecurity field. The current scope of representation is distributed sporadically, “Data from DataUSA showing the ethnic make-up of holders of the post of ‘Information Security Analyst’ demonstrates this clearly. DataUSA, found that in 2016, the workforce for this post was made up of 74% white employees, 11.9% black employees, and 7.9% Asian employees” (2018). The above quote displays the racial demographics of employees working in the capacity of an Information Security Analyst. As seen above, minorities make up a disproportionate amount of Information Security Analyst’s as opposed to White employees-which make up the majority. Information Security Analyst is an entry level position within the arena of Cybersecurity.

The number of minorities in the field is severely lacking; by targeting low income areas and minorities the field should grow, racially, with an increased presence of minorities. Furthermore, an article entitled Minorities in Cybersecurity: The Importance of a Diverse Security Workforce states,

“A report by (ISC)2 found slightly better statistics for ethnic minority representation when viewed across a wider spectrum of cybersecurity employment – with 26% of the workforce coming from a minority group. (4) However, what the report highlighted that was of particular interest was that people from ethnic minorities who held managerial positions in cybersecurity were more highly qualified than their Caucasian counterparts. In terms of salary, there were also discrepancies. The report found that, on average, minority groups were paid less than their male Caucasian counterparts, with Black females fairing the worst” (2018).

The above stated quote shows that through survey methods, there may be underlying factors as to why there is a lack of minorities in the field. Advancement opportunities are probably high factors for prospective employees, and if the prospects notice a lack of minorities in the management sector of cybersecurity, then what does that display? Additionally, the program’s target is to African Americans and minorities because there is a need for them in the computer security world; their representation is important. Also, bridging the gap between traditional and nontraditional subject matter will elevate the overall knowledge for the participants within the program. The program will focus on over qualifying all of its participants (Caucasian included) for them to obtain overly qualifying knowledge.

UNDERREPRESENTATION OF MINORITIES IN CYBERSECURITY

The job market for this complex, lucrative, and necessary field continues to strongly grow. The need for qualified professionals is great. Cybersecurity is a field that prides itself on intricacies and security, but the prospective employees must understand all of the difficult subject matter or be willing to learn it. The employment market for cybersecurity continues to grow, Demand for cybersecurity skills has risen dramatically in the past five years, occupying supply. In 2015, more than two hundred thousand cybersecurity jobs went unfilled in the United States” (Segal 2017). A great thing about cybersecurity and planning to enter the field is that as time continues to evolve, technology continues to grow as well. The need for cybersecurity professionals will largely and forcefully continue to grow, “The Department of Homeland Security (DHS) secretary said that DHS will hire at least 600 additional cybersecurity experts including IT specialists, analysts, cyber and coding experts. Two months earlier, during National Cybersecurity Awareness Month, DHS awarded 34 contracts for cybersecurity research and development to 29 academic and research organizations” (2013).  As a cyber professional, you understand how crucial the security practices are behind the scenes. A good cybersecurity department will protect against potential threats, vulnerabilities, and attacks by implementing rigorous security measures.

A large gap in the cybersecurity field deals with minority representation. The diversity of the field is lacking, “Existing efforts to develop more appropriate cybersecurity curricula and diversify the workforce to include more women and minorities are important to filling the skills gap” (Segal 2017).  Women and minorities have experienced fewer opportunities throughout history; unfortunately, it has not ceased within this coveted and popular field. Minority representation could very well be what is needed to bridge the skills gap,

“In many ways, these statistics illustrate that the cybersecurity workforce is dominated predominately by white men. This diversity gap is problematic for three reasons. First, lack of participation, especially among women, limits the pool of available talent in the workforce. Second, homogenous teams produce less innovative work. And third, there is a troubling social equity problem when minorities are not afforded the full pay and promotional opportunities stemming from relatively high paying cybersecurity jobs” (2013).

Limiting the applicant pool causes a limit of skilled workers. Minorities are effective in the employment sector, and they should not have to experience discrimination in the field. The cyber program will help to promote diversity amongst the cybersecurity workforce. The program will work to partner with local companies in efforts to provide internships, entry level positions, mid-level positions, and so forth to the participants of the program. The cyber program understands that a diverse workplace is beneficial to both the employer and employee. Pay and advancement opportunities are another issue of concern regarding minorities within the field,

“An (ISC)2 study from March 2018 found that, although minority participation in the cybersecurity workforce is higher (26 percent) than the overall U.S. minority workforce (21 percent), there are still pay discrepancies and promotional barriers that disproportionately affect people of color, and in particular women of color. The study found that more minorities in cybersecurity have obtained a master’s degree or higher (62 percent) when compared to their white counterparts (50 percent), yet minorities are still paid less on average ($115,000 for minorities, compared to $122,000 for the overall cybersecurity workforce) and promoted less often (23 percent of minority cybersecurity

professionals hold a role of director above, compared to 30 percent of their Caucasian peers). Female participation rates are also dismally low at only 14 percent of the cybersecurity workforce in North America (2013).

Minorities often exceed educational qualifications. Minorities desire and need for further education and qualifications can stem from a variety of factors, including but not limited to, their upbringing, environment, socioeconomic status, and so many other factors. Minorities often have to push harder than their Caucasian counterparts and still receive less opportunities and compensation. Those individuals who hold advanced degrees should be able to gain employment, promotions, and proper compensation for their knowledge, skills, qualifications, and abilities to accurately complete their tasks, not because of their racial background.

LOW INCOME

Income is a determining factor in a multitude of instances. Education is one of the biggest occasions when income weighs heavily on the family. Parents, legal guardians, independent, and dependent students all can struggle when it relates to securing finances for education. Aside from post-secondary education, students and families still can and do struggle while attending secondary education institutions. Students can be bullied because of their economic status; students can be mentally distressed by experiencing ill-treatment from peers, administration, home, and even internally. Income can place students at a great disadvantage even into college graduation,

“Students who do not attend college or who drop out quickly are predominantly persons from low-income families, living in underdeveloped areas within major cities or in sparsely populated rural areas, and who have attended ineffective elementary and secondary schools. Those who make it to college generally attend institutions that are undercapitalized, and they graduate at a rate that is significantly lower than their more advantaged counterparts” (Hoxby, Turner n.d.).

Low income effects can matriculate throughout education. Students from low income families must work extremely hard to surpass their environment,

“The studies indicated clearly that money makes a difference to children’s outcomes. Less well-off children have worse cognitive, social-behavioural and health outcomes in part because they are poorer, not just because low income is correlated with other household and parental characteristics. Low income affects direct measures of children’s well-being and development, including their cognitive ability, achievement and engagement in school, anxiety levels and behaviour” (Cooper, Stewart 2018).

Environmental effects can be mentally taxing; therefore, it is important to affirm less fortunate students. The cyber program mitigates this issue by striving to be a non-profit with the capability to service all communities, while targeting low income families. The cyber program desires to push an initiative of success through cybersecurity with no regard to financial barriers. The program will accommodate those prospective students who are dealing with financial hardship; the financial state of one should not determine their lack of success.                          College is seen as a step in the natural progression of success; it can be seen as a measurement of success. The cyber program can be utilized from middle school up to college (sophomore level). The cyber program strives to allow students gain a deeper understanding of what the classroom curriculum is teaching them (on the college level), or to lay a foundation for those who plan to study within the field. Low income students require aid outside of financial need. They need overall help considering the number of factors that affect their mental health:

“Using administrative data for the entire population of students who take any College Board or ACT exam, Hoxby and Avery (forthcoming) show that many high-achieving, low-income students fail to apply to any selective postsecondary institution. In failing to do so, they act in a manner that is typical of students with the same income (they are “income-typical,” despite their unusually high achievement) rather than the manner typical of students with the same achievement (“achievement- typical”). This evidence is reinforced by studies of mid-achieving, low-income students who, it appears, are also unlikely to choose colleges for which they are academically best prepared” (Hoxby, Turner n.d.).

The students need to understand that they are able to reach their full potential by pushing a little harder than the average. The cyber program will work to motivate students, so they know that they are beyond capable to fulfill their desires and dreams. The program will be most beneficial starting younger for those above reasons. The program strives to help students grow into a successful and professional cyber related career, by doing so, each aspect of student help will be utilized (i.e. college and career help).

Cybersecurity is a field that spans further than just one area. Although the primary work is within a computer system, that is not its end. Personally, deciding on a major was challenging in the beginning. Jumping around from major-to-major and from department-to-another department, I noticed that all of the work that is done is through some form of computer or information system. The digital age is strong and almost every aspect of professional work is on a device. Where a device is, cybersecurity is present.

As you may have noticed, the presence of computer security, information security, and cybersecurity have all grown over the years. Commonly, end users will disregard tips related to securing digital assets and fluid digital operations if their role is not directly related to security or information technology. The end user usually has one priority, which is to get their specific work done. The implementation of this program will not stop at the classroom, but it will prepare those eventual professionals to be able to effectively relay the severity of what they could do that could actually harm their work. Awareness is the first step.

Throughout my courses outside of my major, I notice that individuals decide on a specific major because of their interests and even because of their thought process. As it relates to the program, I believe targeting African Americans and other minority students would prove beneficial. To curve the current demographic to increase presence will help companies implement positive changes to policies, procedures, and even goals. Race is a part of an individual and to receive their thoughts, input, and feedback on different ideas, it can be observed that a more well-rounded product comes to fruition because of the contrasting backgrounds.

The Cyber program will also be targeting low income students. Income is a factor that haunts so many different people. At Old Dominion University, I have crossed paths with students who are considered low income, just as I was. There is an added issue that low income students must worry and struggle with. They may constantly ask themselves, “How am I going to pay for this/next semester? How will I pay for books? How will I pay for housing?” These students struggle internally because they (or their parents) are trying to figure how to juggle and move the finances around to spread across for each item needed. Throughout my courses, I see low income students working extremely hard to keep up with their grades and finances. The drive that they show is impeccable, especially considering their circumstances.

Within my time at Old Dominion University, I have taken a number of classes dealing with Business, Political Science and Human Services. Each of the listed subjects require targeting a demographic to receive some form of gain. Business courses usually seek to obtain a financial gain by selling a product and/or service. Political Science is a broad category that seeks to typically advocate for a community in need; a policy, initiative, or law is pushed. Human Services is considered a helping profession and its goal is to help less fortunate communities. Throughout all the courses, they strive to achieve success by appealing to their consumer. The cyber program seeks to help in each area listed above, less in financial gain and more so toward helping and pushing an initiative though. The program understands that communities of individuals are different but that should not put those less fortunate communities at a disadvantage. It also does not mean that the more fortunate are receiving the best education or treatment either. The cyber program strives to surpass traditional education and to increase hands on and professional practices, and each community of demographic should be catered to.

There are a multitude of factors to determine effectiveness of the innovation. Success can be measured by tracking the number of students who enter cybersecurity related fields during their time in grade school (Secondary education institutions: middle and high school). Secondly, success can be measured in students participating and ranking within a cybersecurity, or a related field challenge, competition, workshop, and/or conference. Third, entering the collegiate environment and pursuing a college major that is: Cybersecurity, Cybercrime, Information Assurance, Computer Security, Information Security, Network Security, and any other related security majors. In addition, an information technology or computer science major can count, as long as there is a security concentration chosen. Another success tracker will be security related certifications. Lastly, the final determination will be by holding exams and awarding certificates of completion for those participants who pass the exam(s).

Program participants will be able to pick the exams that they would like to take. Each exam will be hand-crafted by at a minimum of 5 professionals within the field. Examinations will also go through a rigorous three-phase plan. Phase one will be the cultivation of the cybersecurity professionals and their thorough design of the exam. Phase two will have industry professionals take the exam to check for errors and level-of-difficulty. Phase three will be reviewed by both professionals and review committee, and then the roll-out of the examination. Each of these instances will prove beneficial and will show that the student is dedicated to the field. The tracking of progress in the program will also take place through testing. No student will be dropped from the program. We will offer tutoring for those underperforming. Students of all populations and racial background should have the opportunity to excel in a field that they enjoy, while also obtaining in-demand skills.

Grant funding, donations, service fees, cybersecurity professionals, schools to implement the program and willingness to learn. It is the program’s hope and mission to breed marketable cybersecurity professionals. Each staff member will understand how difficult it is to break into this field and create a suitable environment for success, for each participant.

Funding is the foundation of the entire program. It is the mission for the program to not need much funding from the students, considering the fact that this program is targeted towards low-income and African American students; race or income will not disqualify prospective students from the program. The anticipated costs will be paid from grant funding, donations, and service fees paid directly from the student.

Cybersecurity professionals are an integral part of the implementation aspect of the service. The program severely needs those professionals to help groom the students so that they are able to create a successful career in the field of cybersecurity. Also, the program will strive to have a wide range of diversity in order for students to be able to see someone who looks like them working in the field. The reason for the diversity is to allow participants to visualize themselves in a similar environment one day. Diversity in mentors, teachers and overall professionals will hopefully allow a positive psychological response for students to further their desire to be within the field. There is no surprise that individuals can be uncomfortable if they are not familiar with an environment,

“Bandura’s(1986) Social cognitive theory presents a theoretical background to explain individual behavior. It assumed that personal factors in the form of cognitive, affective and biological events, behavior and environmental events all operate as interacting determinants that influence each other. According to this theory, an individual’s behavior can be affected by the interplay among given environments, individual and cognitive and personal factors. An individual selects the situation or environment in which they exist and then are influenced by that environment” (Chai, Bagchi, Goel, Raghav, & Upadhyaya, 2008).

It is the program’s hope to have professionals with varying experiences. At a minimum, professionals within the program should have at least 1full year of experience; the low amount of experience will bridge the gap between what college has taught and give the professional the opportunity to be able to relate to students on a more ground-based level. Furthermore, the professionals with 7+ years of experience in the field will be able to understand and teach subject matter on a much deeper level. The diversification of years of experience will create a well-rounded program, touching on very basic topics to the more rigorous and complex topics.

Implementation into the educational sector in middle schools, high schools, and within the collegiate environment for freshmen and sophomore students. Middle school systems will be targeted because that is the age range when kids can begin to develop and foster lifelong learning and practices. Learning at a younger age seems to be easier; laying the foundation and building upon it will prove beneficial as time progresses. It is the program’s hope to be implemented as a mentoring program and to eventually be established as a class and/or extracurricular program with a full curriculum detailed and taught. Participants will be able to join anytime, but it is preferred to start early to correctly matriculate.

Willingness to participate is a huge factor. Participation is what will drive the program; willingness to learn, to fail, to learn from mistakes, to keep pushing when subject matter is difficult, and endurance for the rigor of the program. Cybersecurity is difficult and the implementation of the program will create easy to remember tools for students, professionals who want to teach, and translatable skills, both hard skills and soft skills for participants to become innovative thinkers in the classroom and in their personal and professional lives.

First, to create the program there will be a number of ground-work related tasks. The ground-work related tasks will include creating an entire business plan and functional aspects to ensure operation readiness; however, to start, a team of motivated individuals sharing similar interests will be selected. The team of individuals will be the first step so that quality of input is accomplished and accounted for; different people view ideas from differing perspectives and starting by creating that team will set up the program to be well suited for an array of people.

Second, the team of like-minded individuals will convene to establish an actual purpose for the program. By doing so, the team will answer some base questions to lay a foundation.

  1. Why am I here?
    1. This question will allow the team members to really sit back and evaluate their reason and desire for grooming cybersecurity professionals
  2. What is the field missing?
    1. This question will get members thinking about innovative ways to create
  3. Who are we servicing and why?
    1. This question will remind members why this is being done

Third, an entire business plan will be created, and back-end operations will begin to start building the program. The business plan will be the blueprint for operations, functions, and services. It aligns goals for the program and thoroughly works out discrepancies. Clarification of goals, mission, and purpose will be included. Goals will keep the program growing because they are a part of future proofing; it answers the question: Where are we going? The mission introduces what the program is striving to achieve. The purpose reiterates why this program is being created, and why it is needed.

References

Career Outlook: Spotlight on Computer Technology. (2013). Hispanic Engineer and Information Technology, 28(1), 41-54. Retrieved June 17, 2020, from www.jstor.org/stable/43752064

Chai, S., Bagchi, S., Goel, R., Raghav, H., & Upadhyaya, S. (2008, August 28). “A Framework for Understanding Minority Students’ Cyber Security Career Sangmi Chai, Sharmistha Bagchi et al. Retrieved June 19, 2020, from https://aisel.aisnet.org/amcis2006/413/

Cooper, K., & Stewart, K. (2018, July 27). Does money affect children’s outcomes? Retrieved June 16, 2020, from https://www.jrf.org.uk/report/does-money-affect-children%E2%80%99s-outcomes

Drent, M., Homan, K., & Zandee, D. (2013). Civil-Military Capacities for European Security (pp. 53-63, Rep.). Clingendael Institute. Retrieved June 13, 2020, from www.jstor.org/stable/resrep05404.8

Hoxby, C., Turner. S (n.d.) Expanding College Opportunities for High-Achieving, Low Income Students. Retrieved June 16, 2020, from https://www8.gsb.columbia.edu/programs/sites/programs/files/finance/Applied%20Microeconomics/Caroline%20Hoxby.pdf

Low-income and Minority Students. (n.d.). Retrieved June 15, 2020, from https://www2.ed.gov/offices/OPE/AgenProj/report/theme1a.html

Minorities in Cybersecurity: The Importance of a Diverse Security Workforce. (2018, June 11). Retrieved June 13, 2020, from https://resources.infosecinstitute.com/minorities-in-cybersecurity-the-importance-of-a-diverse-security-workforce/

Segal, A. (2017). Rebuilding Trust Between Silicon Valley and Washington (pp. 12-13, Rep.). Council on Foreign Relations. doi:10.2307/resrep21422.9

Stodyk, D. (2018). What is Cyber Security and Why is it Important? Retrieved June 11, 2020, from https://www.snhu.edu/about-us/newsroom/2018/05/what-is-cyber-security