Addressing the Cybersecurity Shortage Through Internships

Alan Gin
, CEO
, ZeroDown Software
Mike Battistella shares how to develop deep cybersecurity expertise and experience in new consultants through internships.

This is a companion blog to the “The SafeHouse” podcast dated October 24, 2024 with host Jeff Edwards, Co-Chair of the SafeHouse Initiative and his guest
Mike Battistella, President & CTO of Solutions³, and Director of Government Solutions at the DVMS Institute.  Listen to the podcast here: https://safehouseinitiative.org/addressing-the-cybersecurity-shortage-through-internships/

 

In today’s digital landscape, the cybersecurity skills shortage is a pressing issue that organizations face. According to the latest IBM CA data breach report, one of the top drivers of escalating breach costs is this very skills gap. To tackle this challenge, we dive into the insights shared by Mike Battistella, President & CTO of Solutions³ and Director of the DVMS Institute, who is actively working to bridge this gap through innovative internship programs.

 

Understanding the Skills Gap

During a conversation with a university liaison, Mike was asked a pivotal question: “Are we producing students that are job-ready?” His candid response was, “No, frankly no.” This stark realization sparked deeper discussions about the disconnect between academic training and the practical skills required in the cybersecurity field.

Despite students being exposed to various technologies in their studies, they often lack the business context and hands-on experience necessary for real-world applications. Mike pointed out that many interns come to them with limited knowledge of essential cybersecurity frameworks, such as the NIST Cybersecurity Framework. For instance, he recalls asking interns about their familiarity with the framework, only to receive blank stares or vague responses: “I know there’s identify, protect, detect, and then respond, recover… something like that.” This highlights a significant gap in the education system where theoretical knowledge does not translate into practical readiness.

 

The Disconnect in Cybersecurity Education

The numbers are staggering. There are currently between 320,000 to 380,000 open cybersecurity positions in the U.S., yet many organizations are laying off IT professionals. This contradiction arises from a focus on the more glamorous aspects of cybersecurity, like penetration testing and ethical hacking, while neglecting vital areas such as governance, risk management, and compliance.

As Mike explains, “We have a glut in one area and a shortage in the other.” This imbalance is compounded by the fact that many graduates lack hands-on experience, making it difficult for them to secure employment. Companies often seek candidates with years of experience, leaving new graduates in a catch-22 situation.

 

Building a Robust Internship Program

To address these challenges, Mike and his team have developed a comprehensive internship program that goes beyond mere technical training. Over the past seven to eight years, they have gradually refined their approach, focusing on creating meaningful experiences for interns. The program emphasizes practical skills, best practices, and real-world applications.

Interns are divided into specialized teams, each focusing on different aspects of cybersecurity. For example, two interns might work on Cybersecurity Essentials with the Department of Homeland Security (DHS) while others focus on the NIST Cybersecurity Assessment Team, specifically on the 800-171 standards. This structure allows interns to gain in-depth knowledge and hands-on experience in various areas.

 

Real-World Applications

Throughout the internship, students are trained to conduct assessments for real clients, providing them with invaluable experience. Mike explains, “We’re having the interns go in at no cost to the client, so the benefit to the client is obvious; he’s not paying, and the benefit to the interns is they’re doing a real live assessment based on what they learned.” This unique approach not only helps the interns develop their skills but also provides much-needed assistance to small businesses that cannot afford cybersecurity assessments.

 

Transforming Internships into Apprenticeships

The program aims to evolve into a more structured apprenticeship model, where interns will complete multiple assessments and gain several certifications during their tenure. “We envision this as a 10-week program, and by the end, they will have real-life experience and possibly several certifications,” Mike shares.

This hands-on experience is crucial for addressing the skills gap and preparing students for future roles in cybersecurity. The interns are not only learning about technical skills but are also being trained in soft skills, such as effective communication and presentation techniques, which are essential in the consulting world.

 

Encouraging Industry Involvement

Mike’s advice to organizations looking to combat the cybersecurity skills shortage is clear: get involved. He encourages companies to participate in internship programs, stating, “If they don’t know where to start, get a hold of me. I’m happy to talk to folks.” This proactive approach can create a pipeline of skilled professionals ready to fill the growing number of cybersecurity roles.

In conclusion, addressing the cybersecurity skills shortage requires collaboration between educational institutions and industry leaders. By investing in robust internship programs that provide real-world experience and practical skills, we can equip the next generation of cybersecurity professionals to meet the challenges ahead.

 

For more information about the SafeHouse Initiative and to learn about ways to get involved, visit their website: https://safehouseinitiative.org/