22 May 2024

Uncle Sam Wants YOU (To Learn To Code) – And He’s Got An Apprenticeship Program For It

How apprenticeships can help us close the cyber employment gap and help us win the cyber war

Mack Wartenberger
Mack Wartenberger Security Architect LinkedIn

The digital age has ushered in an era of unprecedented connectivity, but with it comes a relentless onslaught of cyber and privacy threats. Our personal data, critical infrastructure, and even national security are constantly under siege by sophisticated adversaries. To defend these digital battlegrounds, we need a robust cybersecurity workforce – one that not only possesses the technical expertise but also reflects the rich diversity of the world we live in.

And building that workforce should be easy, right? Cybersecurity jobs run the gamut from technical implementation to governance, offer flexibility, and are a clear path to building stability and wealth. Unfortunately, the current state of cybersecurity talent presents a concerning picture. While the demand for qualified professionals continues to skyrocket, the diversity of the talent pool remains stagnant. As of 2024, a staggering disparity exists in the demographics of the cybersecurity workforce. According to WorldMetric, only a fraction of the talent pool is represented by minorities and women:

A mere 26% of cybersecurity professionals are non-white, 14% are women, and a paltry 2% are minority women.

This gap arises not just from a lack of skilled individuals, but also from a lack of representation within the field itself.

In this blog, I am going to outline these challenges more completely. I am also going to build a case for a potential solution: the widespread adoption of cybersecurity apprenticeships to close the skill and diversity gap in cybersecurity. And I am not the only one who feels that way. I was thrilled last week to spend time representing Aquia at the Women Tech Leaders Summit and at a session of the Maryland 2030 Commission to see how two different federal groups are exploring apprenticeship opportunities as a potential solution to the employment gaps in cybersecurity.

Here’s a closer look at the two key challenges plaguing cybersecurity:

1. The Skills Gap: The cybersecurity landscape is constantly evolving, demanding a workforce that can adapt and innovate at lightning speed. Traditional security approaches aren’t enough to combat the ever-increasing sophistication of cyberattacks. We need professionals with a deep understanding of emerging technologies like cloud security, artificial intelligence, and DevSecOps. Those deep understandings aren’t the result of degrees or certifications, but of practical experience with defending security assets.

2. The Diversity Gap: As reflected in the WorldMetrics statistics, the cybersecurity workforce is still fairly homogenous. This lack of diversity hinders the industry’s potential. By requiring four-year degrees in IT or technology for most roles, our industry discourages individuals who might not have the same access to those resources from joining. What results is an echo-chamber, where only our nation’s security defenders lack the unique voices and perspectives provided by minorities and women. The cybersecurity industry is struggling to adapt its hiring and retention practices to ensure a diverse and highly skilled workforce. The traditional approach of placing the onus on the individuals to seek degrees, certifications, or on-the-job experience without structured support is inherently biased towards groups who have both the security and privilege to confidently pursue those options. What we’re seeing in statistics like the ones from WorldMetric is clear: This traditional approach is not closing the gaps in cyber quickly enough.

Amidst the challenges detailed above, a glimmer of hope shone through at both the Women Tech Leaders Summit and the Maryland 2023 Commission: the federal (and individual state’s) government’s commitment to skills-based hiring and a new emphasis on apprenticeship programs to build a workforce with those needed skills.

Skills-Based Hiring: Leveling the Playing Field

Gone are the days when a traditional four-year degree, and perhaps some certifications, were the sole gateway to a successful cybersecurity career. The emphasis is now shifting towards demonstrably valuable skills and real-world experience. This shift, championed by federal leaders like Harry Coker Jr., the National Cyber Director in the Office of the White House, recognizes that raw talent and a passion for security can be found in diverse corners, regardless of formal education.

“Generational investments” in skills-based hiring, as Coker emphasizes, are crucial for preparing the U.S. for the digital age. Imagine a future where individuals with a proven track record of success in cybersecurity, honed through non-traditional avenues, are given the opportunity to contribute their expertise regardless of their educational background. This approach unlocks the full potential of the talent pool and ensures we don’t overlook hidden gems.

Apprenticeships: Bridging the Gap Between Education and Employment

Apprenticeship programs, long a staple in skilled trades like carpentry and plumbing, are now making a significant impact in the cybersecurity landscape. These programs offer a unique “earn-and-learn” model, allowing aspiring professionals to gain valuable hands-on experience while being compensated for their work.

This approach breaks down financial barriers that may have historically prevented individuals from pursuing a career in cybersecurity. Apprenticeships bridge the gap between theoretical knowledge and practical application, equipping participants with the essential skills needed to thrive in the industry.

A Call to Action: Investing in Diversity

While skills-based hiring is a significant step forward, it’s only half the battle. Building a truly robust cybersecurity workforce requires embracing diversity. A homogeneous team, even one with exceptional technical skills, may struggle to identify and address emerging threats from diverse angles.

The cybersecurity industry is working towards greater diversity, and for good reason. Industry leaders understand the critical role it plays in creating a more secure digital landscape.

Jennifer Roberts, Director at ARPA-H’s Resilient Systems Office, emphasized the need for a variety of backgrounds at the Women Tech Leaders Summit. “We need folks coming from a variety of backgrounds…looking at the problem in a different way.” This echoes the sentiment of Caitlin Gandhi, Director and Co-founder of the U.S. Digital Corps, who, at the same event, highlighted the importance of role models. Gandhi said, “You can’t be what you can’t see.”

In essence, a lack of diversity can create blind spots for cybersecurity teams. Imagine a team of security professionals with similar backgrounds and experiences. They might be highly skilled, but their solutions to cyber incidents are likely based on past encounters. This leaves them vulnerable to entirely new attack vectors employed by ever-evolving malicious actors as they continually hone and update their Tactics, Techniques, and Procedures (TTPs).

Diversity brings a wider range of perspectives, experiences, and skills to the table. A team with a mix of genders, ethnicities, educational backgrounds, and thought processes is better equipped to anticipate and address a wider range of threats. This fosters innovation and leads to more comprehensive protection.

Creating a Level Playing Field for Women Leaders in Tech

The recent Women Tech Leaders Summit, hosted by GovCIO, highlighted the urgent need to bridge the gender gap in cybersecurity. Megan Baird, Deputy Administrator for the Office of Apprenticeship at the Department of Labor, emphasized the importance of mentorship and leadership for women in the field.

Baird stressed that apprenticeship programs can act as a gateway for women to enter the federal workforce and secure higher salaries as they advance. This resonates with the sentiment shared by many – that promoting female leadership within cybersecurity is crucial for attracting and retaining talent.

Imagine a young woman with a passion for technology who may have felt discouraged by the traditionally male-dominated cybersecurity field. Witnessing successful female leaders in action, coupled with accessible apprenticeship programs, sends a powerful message: “There’s a place for you here.” This inspires a new generation of women to pursue cybersecurity careers, enriching the talent pool and fostering a more inclusive environment.

Building wealth and achieving compensation parity are significant benefits of cybersecurity apprenticeships, especially for women. DOL’s Baird highlighted that women participants in registered apprenticeships more than doubled their starting salaries in their first year of full-time employment and reached 92% compensation parity with their male coworkers within 2.5 years. This demonstrates the power of apprenticeships to address systemic inequities like gender-pay gaps and create economic opportunities for women.

Moreover, the often remote and flexible nature of cybersecurity work is particularly impactful for individuals who may be juggling family and career responsibilities. This flexibility makes careers in cybersecurity a more accessible field for people who might otherwise be excluded from more traditional and rigid work environments.

Aquia’s Sarah Gori, Allie DiPietro, Ashling Knight, and Mack Wartenberger attend GovCIO’s 2024 Women Tech Leaders Summit in Washington, DC Aquia’s Sarah Gori, Allie DiPietro, Ashling Knight, and Mack Wartenberger attend GovCIO’s 2024 Women Tech Leaders Summit in Washington, DC.

Maryland Apprenticeship 2030 Commission: A Model for the Future

Regional initiatives further amplify the national push for diversity and apprenticeship programs. The Maryland Apprenticeship 2030 Commission, chaired by Jacob Hsu of Fearless, a digital services integrator, serves as a prime example. Traditionally the focus of the 2030 Commission has been on trade-based careers, but recently their focus has turned to leveraging the established process for supporting trades-based apprenticeships to draw more youth and minorities into the cyber industry. In fact, last week, representatives from Fearless and our team at Aquia met with the 2030 Commission initiative to highlight exactly how apprenticeships are allowing their organizations to address the employment gap in cyber. Highlighting transformational work of programs like Aquia’s Accelerator apprenticeship program (of which I am a graduate) demonstrates a remarkable forward-thinking approach.

By creating pathways for those who might not have otherwise considered a career in cybersecurity, we can ensure a wider talent pool that reflects the diversity of the American workforce, bringing a fresh perspective to the ever-evolving cyber landscape.

Maryland 2030 Commission Vision for Success Maryland 2030 Commission Vision for Success.

The Aquia Accelerator focuses on practical training in conjunction with more formal education to ensure that apprentices are ready to deliver industry-leading cyber security upon graduation. Simultaneously, Aquia provides its apprentices with mentorship that helps guide and prepare them, not just for their first full-time role, but for a career that promises to grant them the flexibility, compensation, and fulfillment that cybersecurity is known for.

Aquia Accelerator graduates are poets, parents, veterans, first-generation college grads, and more, and they have all achieved full-time employment through this transformational approach. If you need proof that apprenticeships work, look no further.

Take for example Jose Velazquez, an Aquia Accelerator graduate who now works full-time on automating continuous compliance controls as a Governance, Risk, and Compliance (GRC) Specialist. Jose grew up in poverty, and his resilience through that hard time instilled in him a sense of self-confidence and willingness to work at whatever was in front of him. Jose’s background enabled him to tackle the unknown: learning about cybersecurity (while achieving a bachelor’s degree in Accounting.) Jose’s industrious upskilling into GRC and automation has turned him into a vital part of Aquia’s GRC practice.

Or Elif Sumner, another Accelerator graduate working as a GRC Specialist. Elif guides Aquia’s commercial customers through assessments, enables them to implement controls, and provides guidance to ensure customers abide by regulations and industry standards. Before Aquia, Elif was studying to become a linguist and was working as a pharmacy technician, while learning computer languages on the side. Born in Europe, Elif had the chance to travel and learn about many different cultures and approaches to technology before she moved to the US. Elif’s experiences and understanding of the different mindsets and cultures affords her a more nuanced perspective of possible risks facing Aquia’s customers, making her an invaluable part of our team.

Beyond Inclusion: The Power of Innovation and Growth

But embracing diversity isn’t just about fairness; it’s about harnessing a multitude of perspectives for enhanced innovation and growth. A study by McKinsey & Company found that companies with a diverse workforce outperform their less diverse counterparts by a staggering 35% in profitability.

Picture a team of security professionals tackling a complex cyber threat. One team member, with a background in psychology, might identify subtle social engineering tactics used by the attacker. Another, with experience in finance, may spot suspicious financial transactions associated with the attack. This cross-pollination of ideas leads to a more comprehensive understanding of the threat, enabling the team to develop a more effective response. Similarly, diverse viewpoints will allow a more robust defense program to be built that addresses not just the technical, but understands the industry and human element.

Economic Opportunity for All

The benefits of diversity extend beyond innovation. Apprenticeships offer a valuable pathway into the cybersecurity field, providing well-paying careers without the burden of crippling student debt. This fosters economic mobility and creates opportunities for individuals from all walks of life.

Imagine a young person with a talent for technology but limited financial resources who wouldn’t have been able to afford a traditional four-year college degree. An apprenticeship program allows them to gain the necessary skills and experience, launching them into a fulfilling career path in cybersecurity while allowing the immediate financial needs to be met. This empowers individuals to achieve financial stability and contribute their unique talents to the fight against cyber threats.

A Personal Journey: The Power of Apprenticeships in Action

My own experience as a Security Architect and Zero Trust SME for one of Aquia’s federal customers is a testament to the transformative power of apprenticeship programs. My time in the Aquia Accelerator program not only equipped me with the technical skills and industry knowledge I needed, but it also fostered a sense of mentorship and community that allowed me to take on challenges, knowing my team had my back. Surrounded by experienced professionals, I was able to learn from the best and refine my skills in a real-world setting. This prepared me for a successful career in cybersecurity, a path that would not have been accessible without the guidance and support offered by the apprenticeship program. Now I have a skillset that makes me an asset to both Aquia and our customers along with the skills and perspective that I brought to the table myself. That is a recipe for success that can, and has, worked for many different cybersecurity professionals with all kinds of backgrounds.

The first three Aquia Accelerator graduates: Mack Wartenberger, Jose Velazquez, and Ellie Ashton The first three Aquia Accelerator graduates: Mack Wartenberger, Jose Velazquez, and Ellie Ashton.

A Collective Effort: Bridging the Cybersecurity Divide

The initiatives outlined above – the federal government’s focus on skills-based hiring and apprenticeships, along with regional efforts like the Maryland Apprenticeship 2030 Commission – demonstrate a strong commitment to building a more robust and inclusive cybersecurity workforce.

By supporting these initiatives and promoting skills-based hiring, we can bridge the cybersecurity gap and ensure a more secure future for everyone. We can create a future where the brightest minds, regardless of background or educational pedigree, are empowered to defend our critical infrastructure and chart a course towards a more secure digital landscape. This future is within reach, but it requires a collective effort.

Let’s leverage the power of apprenticeships, embrace diversity, and empower the next generation of cybersecurity professionals. Together, we can build a more resilient digital ecosystem and safeguard our nation from the ever-evolving threats of the cyber age.

To learn more about registered apprenticeship programs, visit the Department of Labor’s Apprenticeship USA. Together, we can bridge the talent gap and build a more diverse cybersecurity workforce.

Mack Wartenberger is a mid-level Security Architect with Aquia. LinkedIn

If you have any questions, or would like to discuss this topic in more detail, feel free to contact us and we would be happy to schedule some time to chat about how Aquia can help you and your organization.

Categories

Accelerator Security Apprenticeship