Recent studies have revealed a serious shortage of talent to fill cybersecurity positions around the world. For example, the Leviathan Security Group recently reported that “With more than one million cybersecurity positions unfilled worldwide, currently-identified security needs couldn’t be met if every employee at GM, Costco, Home Depot, Delta and Procter & Gamble became security experts tomorrow.”
That’s a sobering number when you consider the threatening environment facing organizations. Even worse, while organizations are coping with more threats, they’re being forced to do it with a very shallow talent pool.
Last year I reported on this issue, and I discussed efforts from the SANS Institute to help solve the cybersecurity staff shortage. SANS has created the VetSuccess program, where it partners with the U.S. military to connect service men and women who will soon leave the military for civilian life with high-paying IT security jobs.
In the first round of the program, SANS worked with the U.S. Air Force and U.S. Army to find interested applicants who would be leaving the military for civilian work.
Once an applicant is screened by SANS, the group uses an assessment to ensure an applicant is ready for the program. Veterans complete the Immersion Academy, a series of SANS training courses that provide deep, technical knowledge and a pathway to GIAC certifications to ensure mastery. Veterans choose one of two course options, both of which involve security essentials, hacker techniques and GSEC and GCIH certifications. The courses are designed for completion in two to four months. GIAC certifications are required to ensure content mastery.
Almost two years later, the program is growing. According to David Brown, Director of SANS CyberTalent, the success has been due to their partnership with the military and employers who are providing premier workplaces. There were 40 applicants during the first round of the program, nine were selected (eight from the U.S. Air Force and one from the U.S. Army) and completed the program. Of the nine, all have received offers, and eight are working for companies such as Amazon, RBR Technologies and Insight Global.
“Our next step is to build on these results,” Brown says. “A second veteran’s academy was launched in August and a women’s academy is in development.” Another change: going directly to military bases to find talent. “We have been using the top down approach, going to Air Force and Army to identify potential candidates, but we have to rely on them to mine their databases and who fits our requirements,” Brown says. “Now we will try a different approach of working directly with various bases. We have two pilots with military bases, one of which has cyber specialties and the other has IT specialties.”
Do the applicants choose the curriculum, based on their personal career path?
All applicants are given a rigid curriculum for the first two core courses. For their third choice we provide some flexibility, so if a student wants to pursue forensics or penetration testing, that’s an option. It’s important to note that students have to pass the certification from the first course before they pass on to the next course. We are trying to “require success” here.
What benefits does it offer U.S. veterans?
The program provides courses, instruction, simulations, exams, certifications and employer assistance at no cost to qualified veterans. Participants will complete SANS courses and labs, and receive real-world knowledge, so they can fill critical cybersecurity positions.
What benefits does it offer employers?
Academy participants are screened from active duty service members who have one to three years’ work experience and demonstrated aptitude and skills in cybersecurity. Academy graduates are ready and able to utilize the range of tools and technologies currently used by leading information security organizations. Participating employers provide transitioning veterans with a career path to high-paying jobs, and meaningful careers in the information security industry.
Once the graduates are employed, then what happens?
We stay in touch with them. We conduct formal surveys within six months and one to get information to improve the program. We will soon begin to survey their employers to improve the program even more.