Opening the diversity pathway into the cybersecurity industry

A Maryland cyber training program makes the field more accessible to people who have had financial barriers

The numbers might vary depending upon who is tracking, but the findings are all the same – the need for cybersecurity professionals is critical. The Bureau of Labor Statistics estimates 16,300 workers are needed each year till 2030; says almost 600,000 open jobs exist today.

With this need for talent and recognizing the value of diversity for the industry, training and certification organization SANS Institute is partnering with CyberSN, a woman-founded cybersecurity career and staffing firm to help the state of Maryland develop homegrown talent.

“We hear from customers often that diversity in teams helps a lot with new ways of applying skills and thinking about problem solving. We tend to observe if you have people from various backgrounds on teams, they solve problems differently. People approach problems in different ways and that comes into play when you talk about backgrounds from racial and gender aspects,” says Max Shuftan, director of mission programs and partnerships for the SANS Institute.

“Society is waking up and realizing (cyber) attackers are diverse – all races, genders, religious backgrounds, and more, and from all over the world,” says Deidre Diamond, founder and CEO of CyberSN. “Cyber professionals need to know how their adversaries think, work, and perceive to work against them. How do you know if you don’t have those around you on your team to help you see those blind spots and look at things differently?”

Program Basics

Max Shuftan, director of mission programs and partnerships, SANS Institute (Photo: SANS Institute)

The partnership is part of a Cyber Workforce Academy and EARN Maryland (a state-funded, workforce development program) Cybersecurity and Information Technology Industry grant initiative. Applicants do not need a college degree but must be at least 18 years old. Shuftan says those reviewing applications want to see passion and some previous knowledge about or interest in the industry. Interviews or video essay submissions also help identify candidates.

“We want a sense of what they want to do in cybersecurity and see that they’ve done some research about the various jobs there are, and what they want to pursue,” he says.

“We ask, ‘What do you read? Like blogs or vlogs? What podcasts do you follow? Can you describe how you’ve spent 30 minutes last week trying to learn about cybersecurity?’ We are trying to create a hobby of learning.”

Deidre Diamond, founder and CEO, CyberSN (Photo: CyberSN)

Candidates also take an aptitude assessment that was developed for a U.S. military program which tests problem-solving skills, information parsing, and applied reasoning.

This cybersecurity training program lasts six months and includes three technical training courses for three industry certificates.

Typically, Diamond says, financial barriers can prevent interested and qualified people from accessing a program like this. Certifications at certain levels, she says, can cost $450 each. Once accepted into the EARN Maryland program, the training, books, two practice tests per certification, and the certification are free. Extra practice tests have out-of-pocket costs.

Making the Mid-Career Pivot 

Recent graduate Rachel Barnes says without the scholarship she would not have had the opportunity to pursue the cybersecurity field. The wife of an active-duty military member, the couple relocated to Maryland. She spent a decade in human resources management, earning certifications in that industry but wanted to pivot. Seeing the plethora of job openings in the Maryland and Washington, D.C. area, she started the program in January 2021.

Rachel Barnes cybersecurity professional (Photo: R. Barnes)

“It was very rigorous and very long hours. It was a huge learning curve because I didn’t have any previous experience in cyber or information technology,” Barnes says. “I put in more than 40 hours a week. There’s labs in virtual machines that really do simulate real-life experiences you’ll have in the workforce.”

The program includes unique mentors for each cohort who hold weekly meetings to answer students’ questions the curriculum, share current, real-world situations in the workforce, and learn the jobs candidates are hoping to land. Before the pandemic, the first training course in the program met in person, but since March 2020, all programs have been virtual.

CyberSN helped launch two cohorts with a total of 22 students, who are expected to finish their program in May. In addition to the education, training, and certification, job preparation services include mock interviews that mimic the process cybersecurity professionals’ experience: a screening with a hiring manager or human resources representative, a company assessment, and a technical interview.

Shuftan says 91% of students successfully achieve their certification and on average, students find jobs within two to three months after completing the program.

Barnes found a job a month after completing her program and is now a technical account manager for a “large, industry-known vulnerability management company.”

“It gave me a career I can learn and grow in, indefinitely,” she says. “It’s providing me job security and that security will remain into the future because the world is now so prevalent in information technology and cyber. It has really changed my life.”