2023 ASEE Annual Conference & Exposition

The cybersecurity workforce gap is large, with an estimated 1.1 million employed workers and 770 thousand job openings across the country. This paper describes a statewide initiative that is creating a diverse experiential learning portfolio in cybersecurity that aims at closing the gap between students’ experiences and employers’ expectations. All experiential learning activities in this portfolio are led by institutions of higher education and are characterized by significant participation from companies and government agencies. Important goals of our portfolio include broadening participation by under-represented groups in the cybersecurity workforce and creating non-traditional pathways into cybersecurity careers.

Programs in our experiential learning portfolio generally fall under one of five categories: transdisciplinary experiential learning; internships; apprenticeships; cybersecurity competitions; and intensive training coupled with professional development activities. Recognizing the transdisciplinary nature of cybersecurity is key to expanding the workforce. We have embedded experiential learning components into the curriculum of disciplines outside the traditional domains of computer engineering, computer science, and information technology. Examples include a program focusing data poisoning of satellite imagery that is adopted in geography curricula and hands-on training in cybercrime and data forensics in cooperation with the Virginia State Police. We have created an array of paid internship programs that range from placements for high school juniors and seniors to a program that subsidizes internships for college students in cybersecurity startups. Additionally, our annual virtual Internship Fair averages participation from 300-500 students and dozens of companies. This year, we are
piloting an apprenticeship program for professionals interested in transitioning into a cybersecurity career. We pay for a 19-week apprenticeship period, during which the apprentices work full time in one of our partner companies or government agencies; after this period, the apprentices are absorbed as regular employees. The program has attracted 400 applications for 21 positions. We organize a statewide capture-the-flag competition for college teams, with a separate division for community colleges. We also co-sponsor cyber competitions for high schoolers. And finally, we run annual in-person boot camps where undergraduates get intensive training on network security and artificial intelligence assurance testbeds. During these week-long boot camps, students also go through mock interviews and curriculum writing workshops, preparing them for job searches.

In the full paper, we will describe the structure of these programs and associated metrics. Early results indicate high retention rate: in the initial cohort of internships for cyber startups, 73% of interns received job offers after the completion of a summer-long internship; after the conclusion of another internship program aimed at small and medium-sized businesses, 91% of the interns remained in the cybersecurity field. Our learning portfolio has also been achieving great success in broadening participation in cybersecurity: our apprenticeship program has 90% participation from under-represented groups in STEM, and our internship programs have been achieving 50-80% participation from those groups. In two of the programs described here, 17-19% of participants were military veterans, aligned with our goal of creating non-traditional career paths into cybersecurity. Robust outreach to community colleges, minority serving institutions and organizations has been key to achieving these results.