Application Security/Software Assurance

 

Education Level: Intermediate

4316 - Solving Cybersecurity Skills Shortage with Apprenticeships and Certifications

Monday, September 25
3:15 PM - 4:15 PM

Problem
90% of all security incidents result from exploits against defects in software. 20% of software defects result in cybersecurity vulnerabilities. 92% of vulnerabilities are in application layer, not in networks (NIST). Data breaches exploit vulnerabilities in unsecure software (NIST). Most developers lack sufficient security training. (ISC)2 Global Information Security Workforce Study forecasts a shortfall of 1.5 million cybersecurity professionals by 2020. National high priority need exists to develop workforce which is trained, mentored, assessed and credentialed with the needed competences in cybersecurity professions. The move towards competency based higher education is an urgent necessity.

Solution
A skills formation and workforce development model for secure software development that we believe is scalable to other critical cybersecurity occupations in government and industry. Provide government and industry with the workforce to meet growing demands for software developers who are trained, credentialed, and capable of producing software which is secure from cyber-attacks. Utilize a dual “learn and earn” apprenticeship program similar to proven successful vocational training models in Germany, Switzerland and other European countries. Dual here means that theoretical training in a vocational school is supplemented by relevant practical training and mentored experience at participating employers with the apprentices receiving a salary as they gain work-related skills.

Case Study
In 2013, concerned employers in Central Illinois organized a government industry academic collaborative effort to combine practice, theory, and work to train a globally competitive workforce for developing software that is secure from cyber-attacks. We leveraged the software assurance curriculum that was developed by CMU/SEI with funding from DHS and included recommendations for adopting at the community college level. Other distinguishing features and benefits of the solution include:
• Incorporation of CMU/SEI training modules for software developer certification and competency assessment as part of on-the-job apprenticeship training curriculum.
• Aligned with the NIST Cybersecurity Workforce Framework as well as the NICE framework
• Recognized by DoL as a National Registered Apprenticeship standard for secure software development
• Practicum examination and preparation for standard industry certifications such as CSSLP to validate competency
• Employers directly involved in the education/training process
• Increased participation of under-represented populations such as minorities, women, and veterans in high wage software development careers through the apprenticeship pathway
• An economically feasible pathway for the apprentice to acquire in-demand skills with little or no debt
• Readily employable graduates for secure software development with no additional training
We launched the first apprentice cohort partnering with the community college in Peoria, Illinois in fall 2015. We have begun scaling up implementation statewide in Illinois and nationally.

Recommendations
Employers need to take immediate steps to solve the cybersecurity skills shortage. First step is to be define the competences for the cybersecurity occupations and ensuring they are included in academic curricula. Partner with local higher education institution such as community college to implement the apprenticeship dual model for the cybersecurity occupation. Make sure that what is proposed is aligned with NIST cybersecurity workforce development framework and NICE framework. Incorporate industry standard certifications such as CSSLP to validate competences acquired.

Learning Objectives:

Girish Seshagiri

Executive Vice President | CTO
Ishpi Information Technologies, Inc.

Girish Seshagiri, Executive Vice President | CTO, Ishpi Information Technologies, Inc. is a thought leader in software assurance, software quality management and secure software development. Girish is the architect of several disruptive technology innovations and strategic initiatives, including: High Velocity Development℠ (a hybrid agile development process), firm fixed price performance based software development contracting and software quality guaranteed by a lifetime warranty against defects. He is the author of the visionary white paper “Emerging Cyber Threats Call for a Change in the ‘Deliver Now, Fix Later’ Culture of Software Development.”

Girish is an early adopter of the apprenticeship model for skills formation and advocates regional cybersecurity workforce development. He has an M.B.A. in Marketing from Michigan State University.

Presentation(s):

Send Email for Girish Seshagiri


Assets

4316 - Solving Cybersecurity Skills Shortage with Apprenticeships and Certifications

MP3 Audio Slides Video

Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Solving Cybersecurity Skills Shortage with Apprenticeships and Certifications