Solution spotlight: Paths to cybersecurity.
Solution Spotlight: Simone Petrella is talking with Diane Janosek, Executive Director of Capitol Technology University's Center for Women in Cyber, about paths to cybersecurity and ways to address cybersecurity workforce intelligence through education.
Simone Petrella: Today I am so thrilled to be joined by Diane Janosek, executive director of Capitol Technology University for their Center for Women in Cyber. Diane, thank you so much for joining me today.
Diane Janosek: Oh, thank you, Simone, I'm excited.
Simone Petrella: I am too. Let's get right to it. Can you start off by telling me a little bit about your own path into cybersecurity?
Diane Janosek: Sure. I wasn't expecting that one. But we all have different paths, especially since, as we know, cybersecurity really didn't pick up as an academic discipline until about 20 years ago, in its infancy. So folks that are working in the field usually have different paths and we all come together around a common passion. So my path was really on the law, policy, and technology side. I went into network security policy, and I really appreciated that. I also had to deal with some of the unauthorized disclosures and a lot of our interfaces with the public in Capitol Hill in terms of protecting information, and then, of course, the protection of privacy and civil liberties. So those all really synchronize and center in the nexus between data governance, civil liberties and privacy, and then cybersecurity and how information security all have come together. So I'd like to think that cybersecurity is kind of a nice umbrella, because there's multiple things within that that are just really exciting and always changing.
Simone Petrella: Yeah, that's amazing. So tell me, how do you think that your own experiences have shaped the way that you think about the cyber talent challenge that we're grappling with as an industry here? That's part of what we like to talk about and highlight. So where does this kind of land for you as we think about how we solve this?
Diane Janosek: How we solve -- that's like the million-dollar question.
Simone Petrella: I know.
Diane Janosek: [Laughing] If you had a dollar for every idea. But I think what we're looking at as the challenge, the real challenge, is getting the country energized. You always have to have a sense of urgency that there's an issue that we have to rally around, kind of like the World War II, kind of, you know, we can do it and pull together. Usually you have to have that as an impetus before you really get people on board and, you know, get that momentum and get the buy-in. I think we've had that with enough incidences going on, as well as people at their home having their own Ring doorbells, you know, compromised, and, you know, having their bank accounts constantly having to change out their credit cards that are compromised. So people are feeling it at a personal level and then they're also seeing it, you know, on a national level in terms of banks and libraries and, you know, departments of state, I mean, every level, the library up in Alaska, they're all getting compromised. So people are now realizing this is an issue, this is a challenge, it's real. But not everyone's coming together in terms of how can we make a difference to actually change this. And I think that the heart of that issue lays on how the United States is constructed in terms of our three branches of government with our federal and our state and how that issue has arisen on top of our governance in the United States. And that's what makes it particularly challenging in terms of, is there one way forward or not, or can we all rally together around some common purposes and goals?
Simone Petrella: Yeah. It definitely strikes me when I think about having worked in this space but also previously in the more functional and operational cybersecurity side, that there are a number of really impressive initiatives, whether it be through industry, academia, and government, that are looking to sort of take on this workforce shortage and the talent and skillset shortage we have head-on. What are some of the things that you have found, especially in your work with Capital Technology University, that have helped to create new pathways not only for individuals but maybe even for the employers that are looking to, you know, employ these graduates after they go through their programs?
Diane Janosek: Great. Thank you for that. I mean, everyone has, you know, an innate need to belong. They all want to belong to something that's important. And if we can get people to have a sense of, this area is important, you can easily get them into the pipeline. But getting them into the pipeline and getting them into workforce I think are almost two different equations, right. And we're trying to match those up with all the initiatives that are going on right now. So in that regard, I think they're looking at all avenues of tapping into talent, starting off young with, you know, some of the middle schools and the high schools, starting off with various types of degrees and scholarships and opportunities for associate degrees and bachelor's degrees. They're looking at doing cross training for mid-level career people that may want to change and move into the area of cybersecurity, some cross-training going on. They're looking at there's initiatives right now with veterans and first responders. After they may have done their 20 years, they can move on and try something else, moving naturally into the cybersecurity, retraining and having that paid for and having them open up the doors for that. So just opening up the aperture of who might be interested so that the pool to pull from and to gravitate and, you know, get the energy behind it, there's a bigger mass in which to pull, literally pull from. And then from that way forward, from the employer perspective, as you mentioned as well, they have to be creative. So just because you have someone walk in the door doesn't mean that they're going to be ready for the challenges that constantly are changing in the cybersecurity area. So keeping folks upskilled and current is a whole nother challenge. So this field is just layered with issues in terms of opportunities and challenges to have to go through it. So that's why I call cybersecurity a team sport, because there's so much to get the right person in the chair at the right time to address the right threat.
Simone Petrella: Yeah. I love that you reference that it's a team sport and something that I've harped on for a while now around the idea that we're often trying to field players, you know, on the field without even knowing their positions in a real consistent way. And then we're somehow surprised when we haven't given them the upskilling or the training to be successful in those roles. We just expect them to kind of grow on trees. So that resonates with me a lot. You know, if we just kind of focus on Cap Tech as an exemplar here, what are they doing as an institution to kind of bridge that gap between what they're doing from a pipeline perspective and growing new talent but then also looking at, you know, job readiness and the employer side? Because I view that as one of the primary gaps in this equation is employers care about job readiness, and institutions and universities often care about graduation rates. Those don't always align.
Diane Janosek: You are spot on, so very insightful in that regard. So the current president of Capitol Technology University is Dr. Bradford Sims. I believe he can from Embry-Riddle before that. But he was primarily in the industry of manufacturing in a lot of critical areas in terms of the pipeline and the supply chain. So when he came to Capitol Technology University, it may have been five years ago, when he came, his whole thing was, let's have students that are ready, able, and, you know, ready to go into the workforce for the needs that are out there. He doesn't want to create a degree program that there's not a demand for. So the programs of Capitol Technology University are very much focused on the emerging technology sectors. There's, you know, even unmanned aerial vehicles, degrees in that area, a lot of the digital networking areas, network security, just the different areas that are -- manufacturing, artificial intelligence, things that are in need right now by employers. They guarantee that you will have a job upon six months of graduation. If not, they will help you get additional training to make sure that you get the job that you desire, that you want to work in, that's marketable to you as well as to the employer, where it's a good fit. They are 100% on that. They have a job guarantee rate because they know that they are hitting the money with respect to what the employers in the local area need to sustain their economic business models as well as the security of their products and of their people and of their industries. So I think that's one thing that's really interesting. They don't have any liberal arts degrees. You wouldn't have like a language degree. They're focused primarily on what do they think is really necessary in some of the key infrastructure sectors of the United States. So I think they meet their name in that regard, we're Capitol Technology University. That's the first thing, they're focused on what employers are looking for for our country. The second thing that they're focusing on is making sure it's affordable, education is affordable. And they all very much participant in a number of different scholarship opportunities that are provided for at the federal level as well as the state level. So they're making it affordable for students to participate. Then the third thing that they're doing -- and I'll end there and turn it back to you -- is that they have said, you know, we want to be a leader in the area of cybersecurity education. They have embraced the role of the National Center for Academic Excellence for cybersecurity. There's five nationwide hubs so to speak. They are the hub for this region. And so in that regard, they're saying, hey, we want to help be a leader, we want to help shepherd new professors into the space, help mentor them, help get interest into the area, host different opportunities for high school students to come through on Saturdays, teachers to come through during the summertime to learn, as well as students to cross train in the area from one sector to another. So they're really trying to do a lot. I think that's the three things would be, you know, appropriate degrees that are necessary for the country, being a leader in cybersecurity education for the nation, and then, three, really making tuition cost effective.
Simone Petrella: And for those who aren't familiar, the National Centers for Academic Excellence in Cybersecurity, it's been around since 1999, and it has had a significant impact. Can you tell a little bit about the program and kind of where it came from and how it fits into some of the work that you've been doing there?
Diane Janosek: Yeah. Thank you, Simone, for asking that question. So I used to be involved with the program, I've since not been involved with the program. So this is just Diane's view of the world so to speak now. But the National Centers for Academic Excellence in Cybersecurity (they call it the CAE program), I kind of think of it as a stamp of a perimeter or stamp of approval that you would get, like a Good Housekeeping Seal that we saw with CISA coming out with some things these days. What they have to do is demonstrate, institutions of higher learning have to demonstrate, that they meet core competencies in their curriculum in the area of cybersecurity in both information assurance and traditional the cybersecurity arena, as well as some of the research components as well, the small component is cyber operations. So the schools say, hey, we believe we have a great school, not only a great school, we have great professors, we have students that are interested and willing and able to contribute to the field. And what we're teaching them meets that high standard of readiness. Great. So with that, there is now over 400 schools in the United States out of I think there's about 5,000 institutes of higher learning in the United States, over 400 of them have this kind of stamp, the NCAE "stamp of approval." And what has been happening is that there was just a study done, as you mentioned. It started in 1999 by just a couple of folks. And people that may have remembered Dr. Deb Frankie, who was one of the former directors of research at the National Security Agency, is now with one of the national labs. She was at the University of Idaho. She was one of the first schools that began in 1999. And what it really was doing was establishing an opportunity to learn and to grow the cybersecurity, not just the workforce, but the teachers, right. They didn't even have a textbook in 1999. So really growing that curriculum and starting it forward. So moving forward, right, I shepherded that program for a while as my role as the commandant at the National Cryptologic University. Moving forward, June of 2023 -- so just this summer -- a report came out and it said, do we think this program's worked? You know, has it yielded the dividends that we thought it should? And they said overwhelmingly yes. And they said absolutely, this CAE schools that the federal government has really encouraged them to grow their faculty, growth associate's degrees, their bachelor's degrees, as well as research programs. They said that these institutions produced an outsized number of cyber and cyber-related graduates relative to the non-CAE schools. And they went through a number of different examples. And the reason why I was so excited at Capitol Technology University is that it was done by, you know, very well academically focused entity out of Washington, DC, with professors from Georgetown. One of the sentences in there is that the CAE program and its designated institutions do more than just graduate cyber talent. Standout institutions such as Dakota State University, Pittsburgh Technical College, and Capitol Technology Universities collaborate and bolster the community inside and outside their universities, and they work with the community. They receive access to networks of employers, professional development for faculty, new funding streams, and nationally recognized designation. So this program is just one of the toolkit that the nation has to grow academic programs for the employers in the country so that we can fill this big void of cybersecurity workforce that I know, Simone, you know very, very well.
Simone Petrella: I do. And, you know, that study was so illuminating on so many levels. One of the things, though -- and it's near and dear to my heart, I know to yours -- is how much we've seen statistics over the years around representation in the cybersecurity field, specifically around diversity of all kinds, women in particular. And this recent study you're citing shows that the finding of, you know, the statistics we've seen across the industry are mirrored in the CAE institutions as well. Meaning we're still lacking as much diversity as we could in those programs and in the industry. So my question to you, you know, even as a passion play and having mentored so many women and worked in this field for so long is, what can not only academia but, you know, when you think of broadly about the industry, what can our industry partners, what can academia, what can government do, what can organizations do, to really not just talk about diversity and increasing diversity, but what can they really do in your mind that would start to actually have an impact on those numbers?
Diane Janosek: Well, thank you for that. So in the area of gender diversity -- which I think the numbers are, you know, quite low -- they're moving as far as they want. I believe Jen Easterly recently commented on that. They're moving some, but, you know, not enough. In the area of gender diversity, they've been doing studies in terms of, you know, when a young female might want to get into a STEM field, they generally make up their mind by 10th grade, if not eighth grade. So you have to start really early. And there was one study done that said, because -- I wish I had the name of the report. One report was called the Heckinger Study that was done out of New York State. And there was a second study that was done as well. I wish I could remember the name for you. And what they were saying is, is that female, the female population, in the middle schools tend to be very multidisciplinaries, where the boys may have some strengths. So they have more opportunities to go into other fields. So they may say, I want to go into science, and somebody may say, well, but you're so good at writing, you are such an amazing, creative writer. Like you don't want to give that up. And the answer would be, you can do both! You could do technical and do creative and, you know, it all comes together. And, you know, cybersecurity is so multitalented as well. So what it's really trying to change that narrative at a younger age so that the thought of where they're going to school, you know, it's planted in their head earlier. So they may have an idea, hey, I want to go into technology, so they naturally go to the CEE schools, because the education leg, but they know, you know, a stamp of approval. So I think we have to start before they start thinking about what school they want to go to and say, this is an amazing profession. And the first way to do that is to give students role models, show them, you know, open up the doors for, you know, different gaming opportunities and competitions and just fun things and, you know, Rubik's Cubes contests and different things that they realize, there is a home here and you do belong.
Simone Petrella: Yeah, no, absolutely. You know, just quickly pivoting, because I know that we've talked about in a recent episode, I spoke to Camille Stewart Gloster around the recent White House Cyber Workforce Strategy. And I would love to get your take on what your thoughts are on the White House's strategy and how that will help bolster the acceleration of cyber talent across the field, but also where there might be some areas that we need to continue to improve upon.
Diane Janosek: Well, thank you for that, Simone. So I loved listening to Camille. Of course, I'm fully supportive of what they were trying to roll out. I've been tracking this field for a while. The nice thing about cyber workforce development, it is bipartisan. And everyone realizes, yeah, we need to come to the table and get together. But the nice thing about the July 31, 2023, strategy that Camille was talking about is it just gives it more momentum and more energy and more focus, right. If they weren't talking about it, we wouldn't be talking about it. So it's setting the tone for, by the way, this is really important, employers, we need to think about this, states, as well as the federal government, need to be thinking about it, cities need to be thinking about it, let's all rally behind this. The reason why I loved Camille -- I think you even used the word "roadshow," you know, when you were talking with her. That's awesome. I mean, the fact that they are interested in doing a roadshow and talking about National Cyber Workforce Education Strategy is amazing, right. We need that. We need that as a country with all these open positions, with so many changes in technology, so many vulnerabilities being introduced in so many ways that people are unexpected, the fact that we have a White House that is directing this much energy with the stamp of the Office of the National Cyber Director, you know, with Mr. Inglis and with Kemba Walden, and now hopefully it's going to be a good friend of mine is going to be up there too, it's going to be a lot of goodness. And it's all because you need momentum, you need energy, you need all hands on deck and, you know, all power to them.
Simone Petrella: Amazing. Well, thank you, Diane, again, thank you so much for joining us here today. Really appreciate the conversation as usual. And is there anything else that you want to kind of bring up that maybe I neglected to ask?
Diane Janosek: I just wanted to mention that I often have people say to me, well, you know, what is cyber about, you know? And it is really an amazing field. It is an incredibly inclusive field. They want to include you. You don't know something, hey, we'll teach you. They sit sidesaddle on so many things. There's so many teaming. If you like working with a team and you like learning, it's an amazing field to jump into. So it is perfect for all ages, you know, all genders, all nationalities. And it's just fun. And we're very supportive of each other. So join in.
Simone Petrella: Thank you so much, Diane.
Diane Janosek: Thank you. Have a great day. Thank you so much for having me.