Preparing the Next Cyber Defenders

​October is designated as Cybersecurity Awareness Month by the national Cybersecurity & Infrastructure Security Agency (CISA). This awareness effort was driven by the need to increase the public’s understanding of cyber threats and the urgent need for talent in the vast field of cybersecurity.

According to CyberSeek, a program supported by the National Initiative for Cybersecurity Education (NICE), there are more than 700,000 cybersecurity job openings in the U.S., with more than 75,000 in California alone. And in summer 2022, the White House convened the first National Cyber Workforce and Education Summit to address the growing labor shortage in this sector.

As a national leader in cybersecurity education, the California State University is helping close this workforce gap by accelerating its graduates into a broad range of cyber careers.

You Don’t Have to Be a ‘Coder’

When you think “cybersecurity,” you may envision someone who codes and does technical work on the back end of software systems. But the truth is, cybersecurity is a nearly all-encompassing area that needs a broad range of talents to address the complex and constantly shifting global threat landscape.

“The awesome thing about cybersecurity is that one can choose from a broad range of career fields: computer forensics, national security, space systems, technical writing, policy development, privacy and compliance,” says Ed Hudson, systemwide chief information security officer at the CSU Chancellor’s Office. “One doesn’t have to be extremely technical, or a ‘coder’ in order to have a career in cybersecurity.”

Hudson adds that there are also cybersecurity focus areas related to application development and hardening, encryption, regulatory compliance and protection of health care records. “One can even become an ‘ethical hacker,’ which typically follows application development. If you know how to build it, you know where potential weaknesses are.”

‘Sherlock Holmes’ of Computers

Chioma Nwagbala fell in love with computer forensics while earning her master’s in public administration with a concentration in cybersecurity at Cal State San Bernardino. “The computer forensics class taught by Dr. Vincent Nestler, in particular, helped me realize that this is what I wanted to do,” Nwagbala says. She was also struck by Dr. Kimberly Collins’ public policy class, which she says really helped bring her MPA and cybersecurity concentration together. 

While a CSU grad student, Nwagbala worked as a student assistant in information security at the CSU Chancellor’s Office. While at that role, she was recruited as a cyber intern with the U.S. Department of Justice, where she was eventually hired as a full-time DOJ counterintelligence staff member in Washington D.C.

Today Nwagbala works on the private industry side of cyber for the KPMG Cyber Security Response Services team, where she helps clients remediate after cyber attacks and security breaches.

“The reason I like computer forensics is because I get to be nosy for a living. You almost get to be the ‘Sherlock Holmes’ of computers,” Nwagbala says. “You get to find the clues, put pieces together and find out ‘whodunnit’—and how they did it. we’re also able to tell clients how we can prevent this in the future and how they can respond.”

Cyber Education at the CSU

Four CSU institutions are currently recognized as National Centers of Academic Excellence (CAE-C) in Cyber Defense Education. Managed by the National Cryptologic School at the National Security Agency, the program aims to reduce vulnerability in our national information infrastructure by promoting higher education and expertise in cybersecurity.

The four CAE-C Cal States—Cal Poly PomonaSacramento StateCal State San Bernardino and CSU San Marcos—are committed to producing high-quality cybersecurity professionals. CSUSB is also the CAE Community National Center, leading over 300 universities and administering cyber workforce initiative grant funding to the CAE-C regional hubs across the country.

In addition, at least six CSUs currently offer undergraduate or graduate degrees in cyber, while several more campuses offer certificates in computer science and/or cybersecurity. Several CSUs also have institutes or centers dedicated to cybersecurity research and education, including Cal State Fullerton’s Center for Cybersecurity, Sacramento State’s Center for Information Assurance and Security, CSUSB’s Cybersecurity Center, San José State’s Silicon Valley Big Data and Cybersecurity Center and Cal Poly San Luis Obispo’s California Cybersecurity Institute.

In May 2022, CSUSB also became the first university to join the new federal Cyber Halo Innovation Research Program (CHIRP) designed to increase the cyber workforce that protects space-based assets.

Outside the classroom, the CSU is amping up opportunities for students to gain real-world cyber career experience before graduation. “We are working with a number of business partners to put in place paid apprenticeships for students while they finish degrees so that when they graduate, they not only have their degree but also real-world experience on an information security team, either at their university or with a business,” Hudson says.

Speaking of real-world experience, Kyle Westmoreland was able to work as an information security intern at the CSU Chancellor’s Office for two years while earning his bachelor’s in computer engineering at Cal State Long Beach.

While Westmoreland knew he wanted a career on the technical side of computers, he didn’t initially seek out a role in cybersecurity. After learning about the burgeoning career field from a roommate, he applied for the internship. He credits this real-world experience in helping him get hired at his current role as a full-time information security analyst at the Chancellor’s Office.

Westmoreland explains that his work entails a wide range of information and data security-related issues, including firewall access, working with information security colleagues at the CSUs, handling vendor access software requests, ensuring security standards are up to date for software, coordinating data loss prevention tactics and much more.  

“It’s never a dull day in security,” Westmoreland says. “It’s always evolving. There’s always something new, some new vulnerability, some new threat that we’re going to have to adapt to. So there’s always going to be a need for cybersecurity professionals.”

Women in Cyber

While female representation is growing in the cybersecurity workforce, it still has a ways to go. A 2019 report from the International Information Systems Security Certification Consortium (ISC)² found that women comprised 24% of the global cybersecurity workforce.

Nwagbala encourages young women who are interested in cyber to step up to the plate. “We need more women in general,” she says. “When I was in school, I was the only girl in my classes sometimes, or one of maybe five women. Also me being the only Black girl was a very common thing in my classes.”

To women interested in cyber jobs, Nwagbala says, “Don’t feel intimidated. You’re just as smart as anyone else. You’re just as talented as anyone else, if not more. You might be one of the few, but you’ll be one of the best.”

Nwagbala points to open source intelligence or OSINT as a hot field in which people gather information that’s available via social media and the internet to track down bad actors with malicious cyber intent. “So, there’s a job for that. And it’s in tech, honey,” she says. “Or if you want to program something, you want to hack something, there’s so much.”

“Cybersecurity should not be scary to women. Programming or data analysis should not be scary to women. You just have to find your niche because cyber is so broad.”

To that end, several CSUs have established community outreach efforts and education pipelines to attract more school-age young women and underrepresented people to cybersecurity and STEM careers. Cal Poly Pomona, for example, recently launched the HackHER Gals Cybersecurity and STEM Initiative to spark interest in the career field through meaningful activities for middle schools, high schools and colleges.

Learn more about how the CSU is helping to bridge the cybersecurity workforce gap and increase diversity in this critical field.

 
——————————————————

​How I Got into Cybersecurity​​

Curious to find out how the chief information security officer (CISO) overseeing the largest four-year public university system in the United States got into the field?  

CSU’s systemwide CISO, Ed Hudson: “I started my career in computer forensics while in law enforcement. I was the nerdy detective who had a computer at home back when hardly anyone had them. We started seeing computers increasingly used in and associated with crime scenes, so I went back to school to get my bachelor’s in general information technology and then specialized schools for computer and network forensics. Along the way I investigated software piracy, network intrusions and wrote incident response plans for Fortune 100 companies. I never imagined that one day I would be the CISO for an organization like the CSU!”

Hudson also earned a master’s in public administration from Cal State San Bernardino, home of the CSUSB Cybersecurity Center (CSC), a National Center of Academic Excellence (CAE-C) in Cyber Defense Education and the CAE Community National Center.​

withyou android app