Diane M. Janosek from the NSA, celebrating the 20th year of their Centers of Academic Excellence in Cybersecurity program.

Dave Bittner: My guest today is Diane M. Janosek. She's commandant of the National Cryptologic School at the National Security Agency. She joined us recently in our studios to recognize 20 years of NSA Centers of Academic Excellence in Cybersecurity program. The program brings together colleges and universities, along with industry, to help bridge the cybersecurity skills gap, establish rigorous standards for academic programs in cybersecurity and to provide a pipeline for cybersecurity professionals. We started our conversation with a look back at the program's inception.

Diane M.: At the time, there was more cyberattacks occurring, more with the military and the defense areas. And we were recognizing that the need to secure information networks was tremendous. And what the need was is, as you probably would guess, there was no textbooks back then. You really didn't even have academic professors. You wouldn't even have professors that could teach cybersecurity at the collegiate level, let alone at the high school level. So from going from nothing to a full on-ramp in terms of now having programs at the college level, at the community college level, through the Ph.D. level on cybersecurity has really been tremendous for the country.

Dave Bittner: Take me through some of the ways that the program has evolved over the years. What changes have you seen?

Diane M.: Well, we're recognizing now that we have to focus more on what's on the horizon. So we've now established a designation for CAE Dash research, so you can be a research institution. So that you can take a look at what technologies on the horizon, what innovation is occurring in the area of technology that we might have vulnerabilities that we're not thinking of? We all see what's going on with respect to Internet of Things and social media and all the vulnerabilities that may occur there with respect to all the connections that we have in everyday lives in everything that we do.

Diane M.: So recognizing that, we are - we partnered with the schools. We now have rigorous standards in the area of research. We have standards now at the advanced levels with the master's, the Ph.D. level. So we're just trying to really say, what do we need to do as a country to come together and say what are our adversaries, whether they be foreign adversaries or even within our own country, what are adversaries doing to address and attack our networks? And what do we need to do to come together to respond to those?

Diane M.: So we've really embraced the two-year programs for the community colleges. We've also really embraced older workers or more seasoned workers that want to cross-train. So if you're right now working maybe in the health care sector, but you also want to branch out a little bit and do maybe the - work on the cybersecurity side of health care, which is really important, you can now do that as well through the cross-training efforts that we have with these academic institutions, these 272 schools across the country.

Dave Bittner: Yeah. One of the things that really impresses me about the program is the breadth of it. One of my partners on the CyberWire is - his name's Joe Carrigan, and he works at Johns Hopkins, and of course, you all partner with them. But then also here, locally, you work with Howard Community College. And so there really is opportunities from elite schools to institutions that are available to everyone and beyond.

Diane M.: Thank you for raising that. We absolutely agree with you. It is for the best, really high-end institutions, as well as the local community colleges. What Howard County Community College is offering is tremendous, as well as Prince George's Community College, Anne Arundel Community College. They're so diverse. And what the good news about the program is is that once you join the CAE program, you belong to a community. They actually have an institution, a legal entity that they've created called the CAE Cybersecurity Community. They come together. They share resources. They'll share curriculum. They'll share cyber labs. They'll share training resources, so you don't have to recreate material from scratch. They share information. They share opportunities for students to then go from a two-year program to a four-year program to a master's program.

Diane M.: The cybersecurity community is very, very innovative. What they recognize now is they had to come together to give students an opportunity at hands-on experience. They've created opportunities where there's partnerships with over 50 businesses, where they can recruit from virtual career fairs for these students. So the CAE is through the program over the course of 20 years. The CAE schools have come together, really leveraged each other, shared resources and really have made this country a better place.

Dave Bittner: And so it really is reaching beyond those college-level institutions. You're going down to the high school level, the middle school level, really building that pipeline, getting them while they're young, sparking that interest in them.

Diane M.: Absolutely. The CAE program, through its 20-year history, has created a sense of community. So not only do they have a community with the colleges and the, you know, federal government across all the different states, they've established a community right where they are, right in their local area.

Dave Bittner: What can you tell us about what the colleges get out of it? Is this a feather in their cap that they can then go talk about and say, hey, we're a part of this?

Diane M.: Absolutely. Our schools that are the - CAE certified, you will see that designation prominently on their websites. They absolutely say, we have met the standards that are being expected to us for rigorous curriculum. That will also show not just the curriculum is a high standard, but the professors, the faculty are also well-credentialed. They are skilled in the area that they're teaching. They're not just teaching someone they don't have familiarity with. So you know when you go to a CAE school that you will get faculty that understands the discipline for which they're teaching.

Diane M.: In addition to that, they also have an opportunity to have scholarships for their students while they're attending the schools. The neat thing in the Department of Defense is that they're recognizing now that we need to have something akin to a cyber ROTC program. It's called the DoD Cyber Scholarship Program, and it's essentially - is recruiting high-schoolers to go to one of the CAE schools, attend one of the CAE schools on scholarship and then do a couple of years with the federal government in a particular area and serve back. And it really is - the cyber ROTC program is really the first of its kind, and that is definitely a feather in the cap for those institutions that are getting those students.

Diane M.: So through the programs like the CAE program, what NSA is really committed to doing is increasing the pipeline of cybersecurity professionals. We are especially committed also to increasing the pipeline with more female and minority involvement. The diversity part of cybersecurity is so important. As we know now, and we're all experiencing this with cybersecurity, it's multidisciplinary. It's not that it's just the technology side. You have to understand multifacets. The diversity that's out there, with respect to having different viewpoints on a team, is really important. Making sure that there is a team effort, that all team-players feel that it's safe to share information, that they're included in that response. So diversity inclusion is really important, and we're hoping to achieve that as well in the area of STEM and cyber through the CAE program.

Diane M.: One last thing I wanted to mention is that NSA can't do this alone. We do this through a partnerships with the - with other federal agencies. We do this with the state involvement as well, with industry involvement, through the federal government, through grants, through the grants process - NSA has invested over $100 million annually in support of academic partner programs - through educational grants, through research, through recruitment efforts. We recognize that this whole country can benefit from a rigorous academic programs such as these, through the sharing that occurs as a result of it, through the community that's created. And it's very, very powerful, and we really appreciate the CAE schools rising to the occasion, agreeing that there's a need to raise the bar, agreeing that our whole country benefits from cybersecurity professionals. And we just value the partnerships that we have.

Dave Bittner: Our thanks to Diane M. Janosek from NSA for joining us. If you want to learn more about the Centers of Academic Excellence in cybersecurity, visit the NSA website. It's in the resources section.