Purdue’s Cyber Apprenticeship Program: Advancing Skills, Filling the Gap
Purdue University’s Cyber Apprenticeship Program (P-CAP) model is a new take on training a new cadre of professionals in the high-demand cybersecurity field. UIDP spoke with Geanie Umberger, executive director of the program, about the critical need to advance the skills of this workforce.
UIDP will host a free webinar Sept. 2 on this topic for industry workforce development professionals. Learn more and register.
UIDP: Why is the lack of cybersecurity professionals such a huge concern across so many sectors?
Umberger: The bad actors have been out there, holding files hostage and using ransomware so frequently you don’t even see the stories in the mainstream press anymore, but sometimes the damage is in the millions of dollars. With COVID-19, it’s gotten worse. Companies have to think about protecting their infrastructure with so many individuals working remotely. The experts are saying they anticipate that a lot more people will be working remotely in the future, and because of that, the opportunity for a bad actor to get in and do damage will increase.
We’re also seeing an explosion of technology, the internet of things, and changes with how we connect. As that expands with 5G, those systems require support to ensure they’re secure. Because of these individuals with nefarious motives that want to cause mayhem and trouble, a company can’t take a risk; it’s your reputation on the line. It could cost you millions.
With the current lack of cybersecurity professionals and chronic understaffing, you’re going to increase the stress and burnout of those individuals. It can cost a fair amount of money to have an open cybersecurity position. A study by the Center for American Progress said it costs a company anywhere from 213% to 400% of a position’s salary try to fill that open position. Some companies have shared that they can have as many as 50 to 100 positions open in one division alone. When you do that math, it adds up really quickly, and we know the impact on companies is significant. So companies really need to think about how to plug these holes. Some use the strategy of “buying” talent, which really isn’t working. A study by Burning Glass says that for every open cyber position there are 1.5 individuals to select from. To put this into perspective, across all occupations, for every open position you have at least five experienced individuals from which to select. Simply put, you are only swapping people and never getting ahead of the curve.
UIDP: From an employer’s perspective, what are the top three benefits of using an apprenticeship program to engage high-value employees?
Umberger: Besides developing a loyal talent pool that meets your needs, a major benefit is the return on investment. The Department of Labor did a study that showed for every dollar a company spends, they will get $1.47 return on investment. This is across all occupations. Moreover, an ROI study by James Koch looked at European engineering apprenticeships and found that it did cost money the first year, but by the time the companies hit year two they were net-neutral. By year three, they’re actually making money and are getting a significant return on investment. It takes at least two years for a company to train new college graduates, and you can spend the same time training someone to do it exactly how you like it to be done with a definite ROI.
Apprenticeship USA did a study that showed a large proportion of college graduates, as many as 70%, plan on leaving the company that first hires them within three years. And when you hire graduates, you have to get them ready—some companies call it finishing school. But with an apprenticeship program where they’re already learning in your company, in your environment, 89% of the apprentices are still there three years after completing their training. Combine this with surveys by Personnel Today of apprenticeship employers, where 81% said they saw increased productivity and 66% saw increased competitiveness due to having an apprenticeship program.
That’s so important for cybersecurity, because so many are retiring, combined with fewer kids entering school. Coupled with an explosion in new technology, it’s the stuff of nightmares for companies.
UIDP: Is a program like this also a means to address national challenges, such as training and employment for special populations—returning service personnel, minority or underserved populations, or others?
Umberger: Very much so. In IT, especially in the area of cybersecurity, there is a serious lack of diversity. Our program has been developed to focus on women, veterans, and minorities—not that we’re ignoring everyone else, but those are three populations that we’re really trying to work closely with and give them this opportunity, even if they don’t have a background in cybersecurity already. We want to support companies that are willing to help those with no background and are from a diverse background to break into this field and really make a change. We also support companies that want to upskill incumbent employees, helping their employees move up in their career.
Filling the skills gap in cybersecurity is part of a push from the federal government. They desire a more diverse cybersecurity talent pool, which we all do, and are encouraging programs to aid in this effort. But the push from the feds goes even deeper than that. There’s serious concern about our cybersecurity infrastructure. We need to protect our national treasures, our companies, infrastructure, and all that we have here, and that’s why the federal government is pushing hard through an assortment of programming, like apprenticeships. Our grant is part of an initiative from the government to give U.S. citizens the opportunity to break into fields where there is high demand, to help them get the training they need so companies don’t have to rely exclusively on the H1B visa program. Instead, the federal government is taking the H1B visa fees to help us help companies develop talent, and help individuals get training to protect out national infrastructure and companies.