Community colleges have increased the number of cybersecurity professionals that graduate from their programs each year. These individuals are finding employment in every sector of our economy and are addressing the nation’s shortage. The federal government led by the NIST/NICE Project have been able to better define the nations cybersecurity workforce through a list of 52 specialized cybersecurity work roles.

This study was designed to examine the type of cybersecurity jobs filled by community college graduates and how they align to the NICE frameworks job roles. This study was conducted as a partnership between the National Cybersecurity Training and Education Center (NCyTE) and the Center for Systems Security and Information Assurance (CSSIA) and was funded by the NSF. The study examined graduates from 12 of the nation’s top community college cybersecurity programs. 

The study is based on student interviews and self-identification of their current cybersecurity work roles. Doctoral candidates from Dakota State University interviewed the alumni and collected survey data. The results were analyzed and published by Dr. John Sands and Corrinne Sande. The study reveals the type of positions community college students are prepared for. The study highlights current trends and identifies potential opportunities for community college graduates.

Presented by Dr. John Sands, Moraine Valley Community College

Watch a pre-summit interview with Dr. John Sands.

With the passing of the 2018 National Defense Authorization Act (HR2810), the nation’s leaders have recognized the expanding role of community colleges and community college students in the NSF’s CyberCorp® Scholarship for Service (SFS) program. This article will document why the community college student population can contribute to addressing the nation’s federal cybersecurity workforce shortage.

The author will document the impact of the current CyberCorps® program and the expanding role of community college students in these programs. In 2018 the National Defense Authorization Act specifically addressed using community colleges to recruit veterans and/or individuals looking to change careers and possessing undergraduate or graduate degrees in other fields of study. The article also documents the unique opportunity community colleges offer in expanding workforce diversity.

The expansion of the SFS program to community colleges offers a greater opportunity to expand these programs to many of the 1,100 community and technical colleges in the United States. The study was conducted by Kim Muschalek from San Antonio College. San Antonio College is one of the schools currently participating in the SFS Community College Cyber Program (C3P) authorized by HR2810. The author will document the impact of the current CyberCorps® program and the expanding role of community college students in these programs.

Presented by Kim C. Muschalek, San Antonio College
Watch a pre-summit interview with Kim C. Muschalek.

NSA launched the Centers of Academic Excellence in Information Assurance (now Cyber Defense) Education program in 1999. While initially only open to Universities, in 2010 the CAE2Y designation was created and community colleges had the ability to become CAEs. Community colleges have been at the forefront in applied cybersecurity education and have assumed leadership roles especially involving the CAE. Several community colleges serve as CAE regional resource centers and two community colleges serve as national centers. These community colleges provide mentoring, peer reviewers, program development and other services to universities and community colleges alike.
The NCyTE center contracted with Seattle Jobs Initiative to conduct a study of the impact of the CAE on institutions and the surrounding economic region. This article will report the results of this study along with providing highlights of the leadership role of community colleges and their contribution to the national cybersecurity workforce.

Presented by Corrinne Sande (Whatcom Community College

Watch a pre-summit interview with Corrinne Sande.

A career pathway describes an educational ecosystem consisting of multiple elements of an effective and efficient pathway of study for students, intending to lead to a specific career field. Pathway elements typically include secondary and post-secondary school courses, and workforce learning programs, such as internships and apprenticeships. The United States Department of Education created a Career Pathways framework that grouped occupations within associated career clusters. Occupations within a pathway share common knowledge, skills, and abilities. Well-designed Career Pathways enable students to gain an early start towards a targeted career, earn professional credentials while still in school, and shorten the time required to complete academic studies and enter the workforce. Career pathways have been shown to greatly increase career awareness and interest, as well as workforce capacity for high-demand fields. The challenge faced by the cybersecurity academic community is the absence of a formal career cluster framework for the cybersecurity field. When the Career Pathways framework was developed there was no placement within the framework for many of today’s high-demand career fields like cybersecurity due to the fact that careers like cybersecurity were not established or a recognized profession at that time.

This paper will provide an overview of pathways of study and how they benefit the workforce. We will discuss our findings from our investigation of cybersecurity programs of study from community colleges across the United States and share thoughts from leading CTE stakeholders. We will discuss the elements of a model cybersecurity pathways, and highlight states with successful models, such as Texas and Ohio. We will also examine opportunities to strengthen career pathways in cybersecurity and the unique challenges in building these model programs of study for cybersecurity. Resources were provided by the Department of Education in the 1990s in order to help build momentum for Career Pathways and aid in development and dissemination. New and emerging technology, such as cybersecurity, need similar resources and funding in order to help develop cybersecurity career pathways models and support dissemination and training.

Presented by Dr. Deanne Cranford-Wesley (North Carolina Central University) and Chuck Bales (Moraine Valley Community College)

 Watch a pre-summit interview with Dr. Deanne Cranford-Wesley and Chuck Bales.

Over the last 10 years, there has been a trend in the United States in which community colleges have been given the opportunity to offer bachelor’s degrees within their institutions. This endeavor has helped increase the number of individuals with bachelor’s degrees offering hands on experience and training. This document focuses on the history of community college and why community colleges can offer bachelor’s degrees. This document will also take an in-depth look at three leading community colleges in the country that have gone through the process and are now offering bachelor’s degrees associated with cybersecurity. 

Currently 28 states allow community colleges to award bachelor’s degrees. Collectively these college produce over 21,000 bachelor completers.³ “The Inside Higher Ed survey asked a broad set of questions about community college bachelor’s degrees at a time when half the states have now enabled two-year institutions to award such degrees. The survey found that 75 percent of community college presidents would like to see their campuses offer bachelor’s degrees, even though only one in 10 reported offering four-year degree programs on their campuses. Only 1 percent of respondents said their college offers a wide range of four-year degree programs. Eighty percent of community college presidents agreed that their institutions are in a strong position to offer bachelor’s degrees to students who would not otherwise have access to those degrees because of four-year universities’ higher costs or distance from where students live.”¹

Community colleges are adept at quickly meeting regional workforce needs and providing affordably bachelor degrees. Many of the bachelor degrees at community colleges are workforce based applied programs. Due to the strong demand for cyber security technicians many states are allowing community colleges to create cyber related bachelor degrees. State education board policies generally dictate the degree area and number of bachelors an educational institution can offer. “States typically spell out a program approval process and criteria, and some include data collection and reporting processes in their policies. When considering community college bachelor’s policies, state leaders must often navigate contentious debates over the traditional missions of two- and four-year institutions and how the overlapping and competing roles of the two sectors continue to evolve.”²

Presented by Kyle Jones (Sinclair Community College) and Ernie Friend (Florida State College at Jacksonville)

1. https://bit.ly/inside-higher-ed-survey
2. https://files.eric.ed.gov/fulltext/ED556034.pdf
3. https://nces.ed.gov/collegenavigator/?s=all&l=93&ct=1&ic=2

Watch a pre-summit interview with Kyle Jones and Ernie Friend.

The cybersecurity work roles are continually changing to meet the needs of the public and private sectors. Community colleges play a key role in meeting these changes in a timely matter. In my fifty-five years’ experience in the Information Technology (IT) workforce as an IT professional, manager, and educator, it has become apparent how community colleges are a powerful resource that address not only entry level jobs but incumbent worker and employer needs, multidiscipline career changing training, and veteran pathways in cybersecurity. The NIST/NICE Framework currently lists fifty-two work roles that cover the seven workforce categories. CyberSeek has five common cybersecurity feeder roles, and there are many other security roles and job titles that can be found online by searching “cybersecurity work roles”.

This paper will cover a study of how community colleges currently and in the future will meet the student and employer requirements for cybersecurity work roles, tasks and knowledge, skills, and abilities. The study will capture key topic information with interviews from NIST/NICE leaders, industry representatives, faculty, and student and graduate interviews. The information will include both the multi-disciplinary nature of cybersecurity and the specialization of cybersecurity work roles. The study will provide answers and best practices addressing the challenges community colleges face today and will face in the future in quality curriculum and programs to provide a productive cybersecurity workforce. This includes what types of resources, funding, and support would provide the greatest impact for success.

Presented by Stephen D. Miller (NCyTE & Eastern New Mexico University – Ruidoso)

Watch a pre-summit interview with Stephen Miller.

Key differences exist between traditional, transfer-oriented degree programs and applied degree programs at Community Colleges. While applied degree programs tend to provide employers with job candidates who possess the required skills to “hit-the-ground-running”, more than 76% of employers require a 4-year degree for employment. The structural differences between Applied Associate degrees and Bachelor of Science degrees result in significant articulation challenges for students seeking to continue their studies beyond community colleges. This is especially true in Cybersecurity disciplines, where the majority of 4-year Cybersecurity programs are placed in transfer-oriented Computer Science departments while most 2-year programs exist in applied degree programs, such as Information Technology. 

This study examines articulation challenges between two- and four-year institutions. NSA institutional data was examined to identify successful articulation programs and public data from EMSI was analyzed to address the effectiveness of Computer Science and Cybersecurity programs at meeting cybersecurity workforce needs. Interviews were conducted with NSA Centers of Academic Excellence Points of Contact (POC). This study presents successful articulation models and makes recommendations for increasing articulation opportunities between 2- and 4-year institutions.

Presented by Margaret Leary (Northern Virginia Community College)

Watch a pre-summit interview with Margaret Leary

The cybersecurity workforce continues to experience extreme shortages while the frequency, sophistication, and severity of cyberattacks continue to intensify, putting national and individual security at risk. While national initiatives are in place to address the cybersecurity workforce shortage, there continues to be a lack of female and minority representation in this field. 

This study will examine the current state of diversity in the cybersecurity workforce, highlight both empirical and anecdotal findings of research focused on attracting and retaining both women and minority cybersecurity professionals, and will discuss strategies that community colleges can employ to address the shortage of individuals with cybersecurity skills while increasing the number of female and minority participating in this workforce. 

Key stakeholders of successful projects and initiatives will be interviewed and their responses and suggestions for capacity building will also be reported. Lastly, lessons learned from successful frameworks and organizations aimed at capacity building in both academia and the workforce will be discussed.

Presented by Dr. Kristine Christensen (Moraine Valley Community College) and Dr. Rebecca Caldwell (ADMI and Winston Salem State University)

Watch a pre-summit interview with Dr. Kristine Christensen and Dr. Rebecca Caldwell.

From their inception community colleges required strong partnerships in their local communities including business partnerships, industry organizations and local, state and federal government agencies. This tradition is still true especially in the cybersecurity field. In today’s cybersecurity workforce approximately 82% of entry-level jobs require candidates to have a college credential of industry recognized certification. This study examines the critical partnerships between community colleges, local businesses, government agencies and industry organizations.

The author examines the role of business partnerships, the impact and benefits to both businesses and the community college cybersecurity programs and the benefit to the students in these programs. The author also examines the multitude of partnerships between community college cybersecurity programs and local, state and federal agencies. Government agencies now play a greater role in protecting our nation’s critical infrastructure and our citizens from cyber-based attacks. The author examines the role government agencies play in defining workforce frameworks, identifying critical cybersecurity program elements and designation requirements, funding faculty development, funding career awareness programs, providing student with government scholarships, and many other initiatives.

The author also examines the relationships between cybersecurity industry organizations and community college cybersecurity programs. In this examination, the author explores certification programs, student skills competitions and industry sponsored cybersecurity bootcamps serving community college students. The author will also discuss the benefits and issues with cybersecurity industry organization sponsored certifications and how certifications can benefit community college students.

Presented by Dr. John Sands (Moraine Valley Community College)

Watch a pre-summit interview with Dr. John Sands.

The lead author for this paper, a Mechanical Engineer by training, transitioned to teaching Networking and Information Technology in 2000 and to Cybersecurity shortly thereafter. In addition to nearly 20 years of teaching cybersecurity, the lead author has extensive experience in curriculum development and securing grant funding to support cybersecurity education.

This paper will discuss the unique nature of cybersecurity and the difficultly in teaching the required skills and knowledge. In addition to the rapid pace of change in the field of cybersecurity, there are technology requirements and institutional constraints that must be overcome. The challenge is to create a robust space for students to learn cybersecurity, while balancing the safety of networks and systems and institutional concerns.

We will document some of the different approaches that have been adopted to teach cybersecurity, extending from single station approaches to statewide cyber ranges. We will detail products and technologies, approaches to teaching concepts, developing skills and assessing student learning. Included will be well-known national cyber ranges, cloud-based and home-grown solutions, competitions, grant-funded initiatives, public-private partnerships and commercial solutions. Additionally, we will capture perceptions of educators, students and business and industry leaders and need for and effectiveness of these various solutions.

Presented by Mike Qaissaunee (Brookdale Community College). Additional contributor: Lonnie Decker (Davenport University)

Watch a pre-summit interview with Mike Qaissaunee.

Community colleges are uniquely positioned to meet the national demand for a skilled cybersecurity workforce. Cybersecurity is an incredibly dynamic field, and the industry connections that are at the heart of the community college mission are a priceless asset in keeping education current and aligned with workforce needs. Further, cybersecurity is an applied discipline, and community colleges excel at providing practical education experiences based on the latest tools and techniques. As the demand for skilled cybersecurity professionals has increased, employers have increasingly valued extracurricular activities as both a means of skills validation and as an opportunity to observe a prospective employee perform in the context in which they will work.

Community colleges have taken an active role in the development and implementation of extracurricular activities within cybersecurity education. This study will review and summarize some of the most significant benefits extracurricular activities contribute to the cybersecurity education community. It will explore the impact of extracurricular activities in student development, share any common characteristics of successful activities, and note challenges to future implementations. The study will provide a perspective on work currently underway to refine the evidencing of competencies within extracurricular activities. The findings of the study may prove helpful to employers interested in external validation of a skillset, educators aspiring to enhance the student experience within their programs, and students who seek to test their knowledge and skills in a practical, applied context.

Presented by Jake Mihevc (Mohawk Valley Community College)

Watch a pre-summit interview with Jake Mihevc.

Multiple and convergent data indicate not only a serious and worsening shortage of cybersecurity professionals, but also an under-recognized deficit of cybersecurity teachers and trainers. In order to evaluate possible explanations for barriers and disincentives to cybersecurity faculty recruitment, training and retention, a questionnaire was administered to 31 cybersecurity subject matter experts. The participants were also queried about the viability of differing approaches to develop cybersecurity faculty, as well as the use of novel techniques and technologies to augment training. Major findings indicate that 90% of these experts strongly or somewhat agreed that a major factor making it hard to develop and retain faculty who are teaching cybersecurity is the compensation differential compared to being part of an industry cybersecurity team. Data also show 96% strongly or somewhat agreed that the low status and pay of adjunct and other part-time professionals is a barrier to having adequate information security teachers. About 80% of the respondents strongly or somewhat agreed with the proposition that mainstream media sources should be cultivated, and original content developed, to represent information security teachers in a positive light. Still other responses suggest support for having top information security industry professionals, who are recognized experts, drafted to train new information security teachers; for identifying recently completed Master’s and PhD students as trainable potential information security faculty; for private sector corporations investing more resources in developing information security teachers and trainers; and for use of memes and other youth-friendly “viral” media to spread awareness of cybersecurity.

Opinion was more divided on using AI software to do training via chatbots, on importing more trainers and teachers via immigration, on retraining groups including retired university or college professors with PhDs and technical backgrounds to become information security teachers, and whether resources in this area are scarce due to expenses associated with the growing administrative sector. Recommendations based on these data are proposed, with a focus on investments in teaching and training appropriately scaled to the ongoing security needs of both public-sector institutions as well as private entities, such as for-profit corporations.

Presented by Owen McNally (Austin Community College)

Pre-summit interview with Owen McNally