A robust cyber workforce requires training rooted in STEM.
By Lisa Donnan, Partner, Option3
Nov 7, 2023

An introduction to this article appeared in the monthly Creating Connections newsletter put together by the women of The CyberWire. This is a guest-written article. The views and opinions expressed in this article are those of the authors, not necessarily the CyberWire, Inc.

A robust cyber workforce requires training rooted in STEM.

We live in an era where digital systems underpin our critical infrastructure and safeguard sensitive information. Our national security, economic stability, and societal fabric are interwoven with these complex systems. And yet, we face an alarming shortage of skilled professionals in the cybersecurity field that poses a dire risk to our nation's capacity to repel cyber threats.

The government and private sector need to reassess their messaging to drive youth interest in STEM to solve the labor shortage in cybersecurity. The nation's national security depends on having a robust cyber defense workforce over the next several decades and sustainable labor supplies must start from galvanizing interest in science, technology engineering, and mathematics – otherwise known as STEM.

Various factors are currently exacerbating the cybersecurity workforce shortage:

For one, cyber attacks have risen almost exponentially in recent years, creating an insatiable market demand for cybersecurity professionals.

Another factor is prevailing misconceptions among those entering the workforce as many view the field as overly technical, inaccessible, or even mundane. Many potential cyber professionals who turn elsewhere are unaware of the dynamic challenges cybersecurity offers, from ethical hacking to digital forensics.

Problems are also compounded with the nation’s diminishing population in the decades to come: A recent report by the New York Times highlighted this trend along with a significant shortfall in high school students anticipated by 2030. This means the potential cybersecurity talent pool is shrinking. With fewer students in the pipeline, the competition across all sectors, not just cybersecurity, will become fiercer.

And finally, interest in STEM is declining. While trends of subpar test scores in math and science are concerning, what’s even worse is the diminishing presence of the thinking and problem solving that comes with academic training in STEM.

So, why exactly is STEM so important for building a capable cybersecurity workforce?

STEM is not just an amalgamation of four distinct disciplines; it's an ethos that imbues students with skills that are indispensable in the cyber defense profession writ large. Critical thinking, problem-solving, and adaptability are the trifecta that STEM education passionately champions. 

Additionally, STEM disciplines are not bound by rigid doctrines or predefined solutions. Instead, they thrive on open-ended problems – the sort that don’t have a single “right” answer – which compels students to step out of their comfort zones, challenge the status quo, and conceive innovative solutions.

Finally, STEM encourages interdisciplinary learning that helps students find intersections and integrate knowledge across boundaries. For instance, a cybersecurity problem might not just be about code; it could intertwine elements of human psychology, social engineering, mathematical patterns, and technological vulnerabilities.

In the domain of increasing (and sophisticated) cyber attacks, where threats are ever evolving and adversaries are constantly innovating, this ability to think outside the box becomes a potent weapon. It’s this innovative mindset that will lead to the creation of unique defense mechanisms and strategies against complex digital adversaries.

Tackling this challenge means reimagining our messaging strategy across the government and private sector alike. STEM must be portrayed as approachable, massively beneficial, and the pathway to highly rewarding careers both intellectually and financially. This includes initiatives such as the Biden Administration’s National Cyber Workforce and Education Strategy and other efforts, too, particularly those supported by the private sector or enforceable by law.

Additionally, certification programs – specifically those tailored to teach specific tasks and procedures aimed at ensuring proficiency in a particular domain – should not be viewed as an alternative to STEM training for youth thinking they must choose one to the exclusion of the other. While this specialized knowledge is undoubtedly valuable, it narrows down one's exposure, and the laser-focused nature of certifications can unintentionally sideline diverse ideas and holistic approaches that are fundamental to fostering creativity and innovative problem-solving skills.

Additionally, many certification programs are heavily rooted in standardization. While there's undeniable merit in adhering to established protocols, it can also be its Achilles’ heel of an agile cyber defense workforce. Rigid curriculums might deter students from venturing beyond the conventional, from challenging the status quo, and from seeking uncharted methodologies. 

In contrast, college STEM education, with its broad-based approach, not only equips students with technical knowledge but also hones their critical thinking, adaptability, and problem-solving prowess. It fosters a sense of curiosity, encouraging students to question, explore, and innovate. 

Should our nation continue to uphold the status quo, the ramifications will be dire, and we’ll see a future where we lack the ability to respond effectively to threats, attacks, and breaches. An inadequately skilled workforce not only leaves digital doors open for cybercriminals but amplifies the risk of disruptions that could ripple across the nation and cause unprecedented turmoil.

To secure our future, both the government and the private sector must recalibrate their strategies and emphasize the importance and allure of STEM fields, particularly when it comes to emphasizing its relation to securing the nation’s future cybersecurity workforce. Without immediate action now, we risk leaving our nation exposed to potentially catastrophic cyber threats.