California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework

Cybur is proud to serve on the Cybersecurity Taskforce Advisory Board under the California Governors office for this important initiative.

Strategy Paper and Recommendations 

Prepared by: 

Keith Clement, Ph.D., Professor, California State University, Fresno, 

California Cybersecurity Task Force, Workforce Development-Education Subcommittee Chair; California Interagency Advisory Committee on Apprenticeship (IACA) IT Subcommittee Chair; 

Chair, Public Safety Education Advisory Committee (PSEAC) of the California Community Colleges 

Kelly Mackey, Regional Director of Strategic Partnerships, Department of Industrial Relations, Apprenticeship and Workforce Innovation 

Erle Hall, Education Programs Consultant, Career Technical Education Leadership Office, Career and College Transition Division, California Department of Education 

Mario F. Garcia, CISSP, Deputy Commander, California Cybersecurity Integration Center (Cal-CSIC), Homeland Security Division, Governor’s Office of Emergency Services (Cal OES) 

September 9, 2020 California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework

EXECUTIVE SUMMARY 

Global demand for cybersecurity and information security professionals and personnel has been mounting for decades. Well-prepared cybersecurity professionals are essential given the dynamic change in scope and breadth of threats and vectors in today’s cybersecurity environment. Based on the reliance of technology in the digital environment, we need coordinated and linked education, training, and workforce development programs to increase statewide cybersecurity capabilities and enhance cyber-resiliency. In order to meet current and future critical state-wide cybersecurity “high needs areas” and workforce/skills gaps; comprehensive, coordinated, and strategic academics/education and professional workforce training programs are in heavy demand. 

The California Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline Strategy and Framework (“CEWYA”) describes a statewide comprehensive and collaborative model of education programs and workforce development opportunities into a coordinated IT-Cyber sector apprenticeship pathway. The IT-Cyber youth pre- apprenticeship and registered apprenticeship pathway advances students from 5th/6th grade through career readiness and college preparedness programs. This includes education programs and workforce development opportunities aligned to select IT-Cyber career entry points as well as linkages with college/ university two-year/four-year degree programs and professional/industry recognized certificates. 

The CEWYA Apprenticeship Pipeline is a four-step process: 1. Outreach and Recruiting; 2. Pre Apprenticeship step; 3. Apprenticeship Program step; 4. Employer Based “On the Job Training” (OJT) step. Spanning these four steps, we find six critical components woven together into the CEWYA Process: these include education programs, industry recognized certification components, essential employability “soft skills,” OJT, and Cyber-Hygiene-Awareness components. This report discusses how these components relate to the CEWYA process and steps; as well as, cybersecurity model curriculum, academics standards, extra-curricular activities, cyber-competitions, professional/career development, and additional activities (like Model Industry Training Competency (MITC) design and promulgation. 

The cybersecurity career pathway includes a variety of specialized education programs and specialized tracks in “high need domains/areas” including degree and certificate programs (see “Stacking Certificate Programs” later in the report). In addition, it is key to align and link with National Initiative for Cybersecurity Education (NICE) Workforce Framework domains. Finally, it is critical all education programs and workforce development opportunities are available to everyone irrespective of geographic location or socioeconomic status/background. 

We seek innovative ways to meet key stakeholder workforce needs with rigorous academic/professional curriculum and standards, enhanced student access to quality, cost-efficient, and aligned IT-Cyber programs statewide. This paper describes the CEWYA Apprenticeship Pipeline, the broader California Cybersecurity Workforce Development and Education Strategy, and how an apprenticeship vocational model is key to reduce current/future state cybersecurity workforce capability skills/gaps. The Strategy Report provides recommendations for a framework, blueprint, and template to develop and implement the California Cybersecurity Career Education Pipeline and Pathway Project (CCCEPPP) to prepare 50,000 entry-level cybersecurity professionals from 2020-2030. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

CONTENTS 

Executive Summary ………………………………………………………………………………………………………….2 

Contents ………………………………………………………………………………………………………………………….3 

Acknowledgements…………………………………………………………………………………………………………..5 

Introduction ……………………………………………………………………………………………………………………..7 

California Cybersecurity Workforce Development and Education Background.. ……………………..9 

California Essential Critical Infrastructure Workers and Workforce……………………………………….11 

IT-Cybersecurity Workforce Development and Education Barriers, Obstacles, and Limitations..12 

Workforce Development Issues Addressed by Pre- and Registered Apprenticeships……..12 

General Cybersecurity Workforce Development and Education Limitations…………………12 

Education/Higher Education Obstacles…………………………………………………………………….13 

Additional Educational Barriers and Obstacles………………………………………………………….13 

Cybersecurity Workforce Development- Industry Obstacles, Barriers, Limitations……….14 

Concluding Thoughts on IT-Cyber Workforce Development/Education Barriers, Obstacles, and Limitations…………………………………………………………………………………….15 

Linked Strategies……………………………………………………………………………………..16 

Three Key Pillars………………………………………………………………………………………16 

Points of Emphasis……………………………………………………………………………………16 

California IT-Cyber Essential Workforce Pre- and Registered Apprenticeship Program Pipeline and Pathway (CEWYA) Objectives………………………………………………………………………………….17 

CEWYA Design Methodology and Development Process…………………………………………………..18 

The Essential Prioritization of California Cybersecurity Workforce Development and Education Initiatives………………………………………………………………………………………………………………………19 

Table 1: California Job Openings/NICE Cybersecurity Workforce Framework Category……….20 

NICE Framework Work Roles in Key Cyber Workforce Categories…………………………………….20 

Securely Provision (SP)………………………………………………………………………………………..20 

Operate and Maintain…………………………………………………………………………………………..21 

Key Support: Security Operations Centers (SOCs) and IT-Cyber-Privacy Offices…………………21 California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

California Cybersecurity Essential Workforce Pre- and Registered Apprenticeship Pipeline/ Pathway Steps/Process……………………………………………………………………………………………………23 

Step 1: Recruiting and Outreach 

Step 2: California Cybersecurity Pre-Apprenticeship Program 

Step 3: California Cybersecurity Apprenticeship Program 

Step 4: Employer Based On the Job Training (OJT) 

CEWYA Process Details………………………………………………………………………………………………..25 

California Pre- and Registered Apprenticeship Pacing Guide……………………………………………..26 

5th and 6th Grade…………………………………………………………………………………………………26 

Pre-Apprenticeship Phase and Recommendations…………………………………………………..27 

Apprenticeship Phase and Recommendations…………………………………………………………27 

Related Higher Education Programs……………………………………………………………………..28 

CEWYA Model IT-Cybersecurity Pacing Guide Milestones and Recommendations……………..28 

Career Technical Education (CTE) Program Curriculum Component 

IT-Cyber Industry Recognized Certification Component 

Sample Certifications/Courses/Tracks to Select From 

Programming/Coding Component Milestones 

Essential Employability “Soft Skills” 

On the Job Training Component 

Digital Skills, Cyber-Hygiene and Awareness 

Pre-Apprenticeship Certification/Courses/Tracks………………………………………………………………29 

CEWYA Apprenticeship Level Model……………………………………………………………………………..31 

Apprenticeship Certification/Courses/Tracks…………………………………………………………………….32 

Cybersecurity Education and Workforce Development (Post-High School)………………………….34 

Certificate Design/Development List to Implement CEWYA……………………………………………..35 

K-12 Cybersecurity (CTE) Industry Recognized Certificate Programs/List of Courses to Develop………………………………………………………………………………………………………………………..36 

Concluding Thoughts: Closing the Barriers, Obstacles, and Challenges of the Apprenticeship Model of Workforce Development………………………………………………………………………………….38 

References……………………………………………………………………………………………………………………39

California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

ACKNOWLEDGEMENTS 

Tsegay Arefaine, Strategic Business Analyst, California Department of Industrial Relations, Division of Apprenticeship Standards (DAS) 

Miki Bellon, Mikology/Silicon Valley Roundtable 

Helen Bui, Strategic Business Analyst, California Department of Industrial Relations, Division of Apprenticeship Standards (DAS) 

Brenda Bridges Cruz, Deputy Director, Office of Professional Development, California Department of Technology (CDT) 

Stephen Dodd, IBM Certified Project Executive, IBM Public Partnerships, IBM 

Paul Giacomotto, Deputy Regional Director of Strategic Partnerships, Department of Industrial Relations, Apprenticeship and Workforce Innovation 

Amy Kardel JD, Vice President, Strategic Workforce Relationships, CompTIA 

Keith Koo, Managing Partner, Guardian Insight Group and Host, Silicon Valley Insider Radio Show 

Marian Merritt, Lead for Industry Engagement, National Initiative for Cybersecurity Education (NICE) 

Shamla Naidoo, Managing Partner of IBM Security, former Chief Information Security Officer, IBM Global 

Jonathan Nunez, Commander, California Cybersecurity Integration Center (Cal-CSIC) 

Palo Alto Networks Education Team 

Vitaliy Panych, State Chief Information Security Officer (Acting), Office of Information Security, California Department of Technology 

Mario Perez. Data Communications Specialist/CSIT Professor, Los Angeles Mission College 

Mark Plunkett, Senior Director, Global Custom Training Solutions, Operations, and Business Development, CompTIA 

Eric Rood, Chief, California Department of Industrial Relations, Department of Apprenticeship Standards (DAS) 

Wayne Sharp, Founder/President, MyVerse.com 

Julie Su, Secretary, California Labor and Workforce Development Agency (LWDA) California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

6 

Trisha Turlington, Senior Business Development Manager RHA, Red Hat 

Kyle Trambley, California Governor’s Office of Emergency Services (Cal OES) 

Julie Whitten, Assistant Deputy Secretary of Innovation and Accountability, Government Operations Agency 

Donna Woods, Instructor, CTE Cyber Academic Pathway, Canyon Springs High School/Moreno Valley Unified School District, CyberPatriot Teams Advisor/Coach 

California Cybersecurity Integration Center (Cal-CSIC) 

California Community Colleges (CCCs) 

California Department of Education (CDE) 

California Department of Technology (CDT) 

California Division of Apprenticeship Standards (DAS) 

California Governor’s Office of Emergency Services (Cal OES) 

California Government Operations Agency (GovOps) 

California Interagency Advisory Committee on Apprenticeship (IACA) 

California Labor and Workforce Development Agency (LWDA) 

National Initiative for Cybersecurity Education (NICE) 

The California State University (CSU) 

The University of California (UC) California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

7 

INTRODUCTION: 

Faced with unemployment rates and economic conditions reminiscent of the Great Depression, we must get Californians back to work in high need, high wage essential professional jobs immediately. Curiously and simultaneously, many high paying tech jobs remain currently and critically unfilled in California cybersecurity fields (i.e. 72,000+ positions)1 as well as many more in IT. Vigorous action today is necessary to prepare tomorrow’s workforce in IT-Cyber specializations. Moving forward in a rapidly evolving digital and technological transformation, it is key to fill numerous and rapidly growing numbers of available tech and security positions. In an information-rich era, it is imperative to have a solid cadre of qualified and prepared IT-Cyber specialists and specialized workforce (from technicians through managers) with key skills and experience flowing regularly into the statewide labor pool. 

1 (https://www.cyberseek.org/heatmap.html accessed electronically on 7.7.2020). 

In this strategy report, we seek to collaborate and develop a framework and template to help alleviate statewide IT-Cyber employment, workforce, economic, critical infrastructure, security objectives and concerns. This strategy paper examines an IT-Cyber pipeline/pathway apprenticeship model approach to enhance California workforce development and education capacities. We seek to answer the following questions in this report. 

1. How do we design IT-Cyber career pipelines/pathways with an immense and thorough recruiting and outreach process to include all state residents; and focused on serving and driving upward social mobility for all? 

2. How do we develop and implement a career pipeline with coordinated, comprehensive, seamless transitions from one level of the education process so that all students may access it through virtualization and digitalization? 

3. Where are the critical “hands on” and vocational learning elements of IT-Cyber workforce development? How do we prepare a specialized IT-Cyber workforce to meet current Industry job minimum requirements and Knowledge, Skills, Abilities (KSAs) and professional competencies? 

4. How do we get candidates the necessary educational preparation and work experience critical to getting the “big job” in the professional field? 

5. How do we match prepared candidates with employers looking to hire in these fields with well-paying entry-level positions? 

The most direct solution to these questions is the formation of an Essential Workforce Pre- and Registered Apprenticeship Talent Model and Pathway. This model has key short-medium-and long-term strategy components and implications that are discussed. One strategy report objective is linking education, workforce (and other components) together into a coordinated, seamless, and linked apprenticeship model culminating in qualified and prepared IT-Cyber workforce to serve California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

California. These “pipeline/pathway” strategies yield a highly trained and experienced IT-Cyber workforce with key skills ready for entry-level positions and moving the needle on getting the state back to work in the burgeoning “new-collar” economy. 

A second CEWYA strategy report objective is a brief discussion of the scope and extent of California cybersecurity workforce development/education needs and capability/skills gaps. The California Cybersecurity Workforce Development and Education Strategy facilitates and coordinates a statewide pipeline/pathway at all levels of education (K-12, Associates, Bachelors, Graduate, and Professional Certifications). About 1/8 of all IT jobs (about 12-15%) are found in the specialized field of cybersecurity and we are currently experiencing significant workforce and skill capability gaps in both. 

A third report objective is a discussion of various obstacles, limitations, and barriers found in IT-Cyber workforce development and education. It is important to understand these critical limitations and concerns so we can work collaboratively towards viable solutions. IT-Cyber workforce development issues currently confronting industry, public sector, and academic communities are profound. In some cases, these education concerns and workforce capability gaps/ skill shortages date back decades. However, pre-existing IT-cyber workforce and skill gaps are exacerbated by the further transformation to a digital and social media era. 

While critical shortages of prepared and qualified IT-Cyber candidates existed before COVID 19, the pandemic response has only exacerbated already substantial and chronic workforce and skill shortages. Many students and employees today work and study remotely from home on unsecured (or under-secured) computers and networks. When conducting organizational business virtually at home, many are not working with usual workplace office IT and network security. These additional vulnerabilities and risks illustrate the ever changing and opportunistic nature of security concerns found in the transition to working/studying remotely. 

IT-Cyber workforce needs for emergency responders, health, medical, life sciences, public safety/service and health officials, airlines, tourism/hospitality, small/medium sized business and other heavily impacted sectors is also concerning. Industry and employers (and “Essential Workforce”) are impacted given quarantines, shelter in place orders, and potential customers staying at home. We face today the twin pressing concerns of growing IT-Cyber workforce development capacity/infrastructure shortages; further exacerbated by COVID-19 pandemic response/global supply chain and economic disruptions. These significant events themselves have in turn exposed additional cybersecurity threats and risks across the global economy; including vulnerabilities discovered in the new “work from home” workplace. 

While we have many residents seeking jobs right now due to economic upheaval, there is simultaneously a large pool of well-paying and available positions in IT-Cyber to upskill, reskill, or begin to skill. Towards this objective, we lay out and discuss issues confronting IT-Cyber workforce development and education. These issues impact industry (employers public and private), the public sector (government), and Education/Higher Education communities. These obstacles are often similar and important commonalities for us to build on. The value here is in information sharing and building upon common purpose, goals, mission, and objectives. In this way, we encourage and facilitate IT-Cyber education and workforce development coordination, collaboration, communication, better-informed partners, and stronger resulting partnerships. 

What is the solution to a California cybersecurity workforce/capability/skill gap problem? We discuss specifics and details of solutions to include an IT-Cyber pre- and registered apprenticeship talent model at all levels of education. How do participants move through phases of the apprenticeship talent model from outreach/recruiting through education, work experience, and entry-level career positions? Through an IT-Cyber framework structure for career preparedness and college readiness programs and initiatives. Additional details found in the “Pre-Apprentice and Registered Apprenticeship Pacing Guide” near the end of this report. The IT-Cyber pacing guide describes the four-step pre- apprentice and registered apprenticeship pipeline process. For each step of the apprenticeship pathway process, we recommend key objectives, timelines, and milestones in the education/workforce development pathway. 

In addition to the steps of the California IT-Cyber Pre- and Registered Apprenticeship Talent Pipeline Model, we include an IT-Cyber “Road-map” for related education and workforce development coordination, information, and planning purposes. An IT-Cyber Education Roadmap clearly describes all education and experience necessary to meet position minimum qualifications; knowledge, skills, abilities, and competencies for entry-level IT-Cyber employment in select occupations/related industry sectors. The Roadmap covers each level of education and provides a variety of recommendations to enhance all aspects of the talent pool. Some students may need degree programs and others certificate programs. Roadmaps provide the central hub and conduit for strategic communication so we can share and match prepared workers with hiring employers. Thus, we link IT-Cyber education program graduates with Industry (both public and private) to meet the needs of major stakeholders and key partners. However, before we get too far ahead on discussing potential workforce development and education solutions, we should provide relevant background to the matter at hand. 

California Cybersecurity Workforce Development and Education Background: 

There are 504,000 cybersecurity positions available in the U.S. and over 72,000+ in California. 2 Available cybersecurity positions are expected to continue and increase due to greater reliance on tech in COVID-19 pandemic emergency response as students and employees study/work remotely from home. As of 9.01.20, California has 712,052 positive cases and 13,163 deaths. 3 Essential public and private workforce concerns and COVID-19 emergency pandemic response, as well as pressing cybersecurity education and workforce development needs exist to justify the design, development, and implementation of a statewide comprehensive cybersecurity career education pipeline and pathway forthwith. 

2 (https://www.cyberseek.org/heatmap.html accessed electronically on 7.7.2020). 

3 California Department of Public Health, https://www.cdph.ca.gov/Programs/CID/DCDC/Pages/Immunization/ncov2019.aspx, Accessed electronically 9.3.2020. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

The California Cybersecurity Workforce Development and Education Strategy: Framework and Recommendations for a Career Pipeline and Pathway Project objective is to prepare 50,000 entry-level IT-Cyber professionals over a 10 year time frame (2020-2030). This innovative and coordinated strategy was designed by the California Cybersecurity Task Force (CCTF) Workforce Development and Education (WDE) Subcommittee in collaboration and partnership with statewide public sector, industry, and education/higher education communities. In addition to cybersecurity education programs aligned, linked, and seamlessly transitioning from one segment to the next, we are also keenly interested in vocational/workforce preparation. 

IT-Cybersecurity workforce development initiatives and projects are widely anticipated to have a significant role in the upcoming California economic recovery. Getting people skilled/reskilled/upskilled to work in high demand, well paying, and essential career positions is a key step in enhancing the state economy and improving the personal finances of participating candidates and their families. IT-Cyber is a “hands-on” professional field and prospective job candidates significantly benefit from registered apprenticeships, work experience, and On the Job Training (OJT) opportunities. Public and private sector employers greatly benefit from apprenticeship programs in many ways as discussed shortly. 

The California Cybersecurity Task Force, WDE Subcommittee partners extensively with IT-Cyber employers (both public and private sector), Non Government Organizations (NGOs), Government agencies and organizations, and education/higher education communities. Collaboration and enhanced coordination exist in the following areas: model curriculum, academic standards, extra-curricular activities (like cyber competitions, coding camps), and vital workforce development opportunities (like pre- and registered apprenticeships). 

Including all of these components (and others described in the pacing guide at the end of this document) to develop an efficient and comprehensive career pipeline is critical. CEWYA begins in the 5th/6th grade and continues through college readiness and career preparedness programs as consistent with California Career Technical education (CTE) programs in Middle and High Schools. 

The smooth and efficient operation of a cybersecurity (and related) career education pipeline/pathway to support the California economy is timely and critical to meet the multi-faceted pandemic and related challenges to our workforce/employment talent pool, security, and society. 

To enhance California Cybersecurity Workforce Development and Education Strategy, we include the California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Pipeline component to balance and reinforce model curriculum/academic standards for IT-Cyber education programs, courses, and instructional content as well as workforce/career opportunities. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

California Essential Critical Infrastructure Workers and Workforce: 

The California Cybersecurity Essential Workforce Pre- and Registered Apprenticeship Pipeline supports Governor Newsom’s March 19, 2020 Executive Order N-33-20 and State Public Health Officers’ designated “Essential Critical Infrastructure Workers. 4 

4 (https://covid19.ca.gov/img/EssentialCriticalInfrastructureWorkers.pdf, Accessed electronically on 7/05/2020). 

Important to note that in a modern economy, all industry sectors have a direct link and connection tied to IT-Cyber. Tech is very pervasive in our lives and organizations today. Because of this nexus, we must coordinate and design clear pathways and pipelines for many different industry sectors; and provide a clear road map for cybersecurity education and workforce development opportunities that are accessible and available. We must provide guidance and advice for pathway students to navigate and onboard with “open high demand jobs” through workforce and education programs with professional experience opportunities to enhance economic and social mobility for all. 

The following Industry Sectors are identified/included as “Essential Workforce.” 

1. Healthcare/Public Health- 

2. Emergency Services Sector- (including Law Enforcement, Public Safety, and First Responders, and Public Works)- 

3. Food and Agriculture- 

4. Energy- (including Electricity Industry, Petroleum Workers, Natural and Propane Gas Workers)- 

5. Water and Wastewater- 

6. Transportation and Logistics- 

7. Communications and Information Technology- 

8. Other Community-Based Government Operations and Essential Functions- 

9. Critical Manufacturing- 

10. Hazardous Materials- 

11. Financial Services- 

12. Chemical- 

13. Defense Industrial Base- California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

IT-Cybersecurity Workforce Development and Education 

Barriers, Obstacles, and Limitations: 

Workforce Development Issues Addressed by Pre- and Registered Apprenticeships: 

There are a variety of current barriers, obstacles, and limitations in current cybersecurity workforce development and education practices. These problems contribute in part to large numbers of available job openings and difficulty finding qualified talent to hire and onboard. Significant obstacles include accessible statewide cybersecurity education programs/courses; available workforce development/experiential learning opportunities; and diversity, inclusivity, and equity of special populations in IT-Cyber. Industry, the Public Sector, and Academic communities have common problems that require mutual solutions. However, each arm of the triangle has their own respective considerations to handle within their own sphere of activity as all have their own interests and objectives at the heart of their strategic activity. 

Once we understand the underlying problems commonly associated with cybersecurity workforce development and education, we can work towards implementing solutions, both within each major stakeholders, but also holistically across the entire ecosystem. Solutions to cybersecurity workforce development and education are found when eliminating these barriers and limitations; and hence forms the basis of CEWYA project objectives found below. Clearly, workforce development opportunities like a pre- and registered apprenticeship programs will go a long way to address the following key capacity and supply side limitations and issues. 

General Cybersecurity Workforce Development and Education Limitations: 

Workforce barriers, obstacles, and limitations briefly described below: 

IT-Cybersecurity crosses the public (across all levels of government) and private sectors (small, medium, large sized business); across all industrial and economic critical infrastructure sectors, and most occupations and professions found in an interconnected modern digital world. 

IT-Cybersecurity is a very ubiquitous field. As tech is deeply ingrained everywhere in our organizational and individual lives, we all become tech specialists. We are behooved to start thinking like cyber professionals and safeguarding our computers, devices, data, networks, social media presence. 

One key consequence of the pervasive presence of IT-Cyber is in many specializations, sub-fields, and numerous occupation clusters found in this field; from networking, mainframes, software design, database/cloud management, AI, programming, machine learning, augmented/virtual reality, hacking/pentesting, big data/analysis, and many others. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

Education/Higher Education Obstacles: 

In a recent white paper co-written by EdWeek and Cyber.org (formerly National Integrated Cyber Education Research Center – NICERC) and based on a nationwide survey of K-12 educators, several obstacles and trends that limited progress in cyber education were identified. 5 The most daunting of these is the situation identified in the paper as “cybersecurity deserts”. This circumstance is characterized by an absence of business firms engaged in cybersecurity services delivery and/or an absence of Universities engaged in cyber education. 

5 Cyber.org (NICERC) The State of Cybersecurity Education in K-12 Schools, 

(https://cyber.org/sites/default/files/2020-06/The%20State%20of%20Cybersecurity%20Education%20in%20K-12%20Schools.pdf, Accessed electronically on 7/18/20). 

6 California Department of Education, Career Technical Incentive Grant (CTEIG) Funding Years Timeline, 

(https://www.cde.ca.gov/ci/ct/ig/cteigtimeline.asp, Accessed electronically on 7/18/20). 

In California, it should be added that a contributing factor to cybersecurity deserts would be an absence of secondary school Career Technical Education programs in Information and Communications Technologies focused on cybersecurity since their existence is not necessarily dependent upon the presence of business firms and universities due to several successive years of funding from the state Career Technical Incentive Grant (CTEIG) starting in state fiscal year 2015-16 (see California Department of Education, CTEIG funding page.) 

The white paper also notes the absence of cybersecurity education taking place in undersized and high needs school districts and especially in high poverty rural districts where no cybersecurity resources exist. Other factors affecting the lack of cybersecurity education in the K-12 space include a lack of knowledge amongst faculty, students being unaware of educational and skill requirements for employment in cyber, and access to cyber education being “infrequent and uneven”. Indeed, less than half of the 900 respondents in the survey reported that their district offered cybersecurity education. Worrying trends in the report show that learning about several key cyber-related topics like cyberterrorism, secure programming, secure networking, and hacking/data security is taking place significantly less often in high school versus middle school. 

Additional Educational Barriers and Obstacles: 

Coordinated alignment and linkage between cybersecurity industry (private/public sector) employer needed curriculum/skills with salient and accessible education/higher education programs (certificates, degrees) and courses. 

Many entry and exit points available/needed to fulfill the workforce needs in the very diverse, ubiquitous, and specialized IT-Cyber profession and numerous sub-fields. 

IT-Cyber is a “hands on” experiential “learn by doing” field. The role of work experience is essential for recruiting, hiring, and advancement in the field, particularly when discussing more technical and specialized IT-Cyber sub-fields. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

One key limitation found in cybersecurity education and workforce development programs and workforce development opportunities is in coordination and information sharing functions. Coordination and communication are critical in any effective career pipeline/pathway and linked/aligned/articulated across multiple (or all) segments/levels of education. 

Assuming the development of a vast series of cybersecurity education programs and courses and linked pre- and registered apprenticeship opportunities, how do we manage and administer and liaise between educational institutions (and students and faculty) and local employers in the field? We need an organized strategy and approach on how to initiate, maintain, and communicate with a strong network of statewide, regional, and local employers that serve as OJT providers, mentors, and ultimately the employers of successful pre- apprentices and registered apprentices at the end of the workforce development process. 

Cybersecurity Workforce Development- Industry Obstacles, Barriers, and Limitations: 

In terms of IT-Cyber workforce development and education, there are a variety of unique current barriers, obstacles, and limitations faced by industry (both public and private) employers in finding prepared/qualified professional employees. 

The ideal cybersecurity program provides a balanced emphasis on what educational institutions teach with the current “in-demand” mastery of skills, knowledge, and abilities sought by public and private employers. Equilibrium and balance must be found somewhere here. This mix of education/industry/government needs implemented throughout education and workforce development pave the way for substantial growth in this multi-sector workforce. In other words, is what employers think needs to be taught in IT-Cyber what is actually taught in the classroom? If the answer is no—we have a significant problem here. 

IT-Cyber are extremely dynamic professional fields given rapid changes in technology. Predicting future workforce capability and skills is a challenging task in newly emerging and rapidly evolving industry sectors and occupations. 

Routine changing of necessary workplace skills and professional demands due to evolving security threats, risks, and vulnerabilities on a near daily basis require an emphasis on “life-long learning.” It is more important to keep up with the current environment than static and dated knowledge, skills, and abilities that lose relevance over time. Always keeping up on timely new skills and knowledge is key to success in this profession. 

There is a lack of understanding and resulting disconnect in industry HR recruiting, selection, and hiring of many IT-Cyber professionals. Significant steps must be taken to streamline and enhance this process so we can onboard greater numbers of newly minted cybersecurity professionals ready for work. While HR departments may do an excellent job hiring many classifications of employees, it is a much greater challenge when dealing with IT-Cyber fields. Writing job descriptions, recruiting diverse groups, and the interviewing process are examples of where the HR Department could enhance IT-Cyber hiring practices. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

Today’s cybersecurity job candidate must consider the quality of their educational background and substantial exposure to tech and computing (usually) at earlier ages than previous generations and excel in both their academic and vocational (career technical) achievements. Employers seek these qualities today. 

The creation of many IT-Cyber career entry/exit points are necessary to prepare all segments and specializations within the talent pool. The entire talent model needs feeder programs to support the entire spectrum of prospective candidates seeking these positions. In this occupational cluster, some entry points are basic and lead to relatively unskilled entry-level positions. Candidates utilizing these entry points will need access to additional skills development and preparation to advance to the next level within the IT-Cyber field. Other segments of the entry-level talent pool need more complex, technical, perhaps programming heavy, specialized knowledge, and additional skills well beyond capabilities of most tech users. In any case, all segments of the talent pool must have clear road maps provided to direct them to education/experience needed for professional success in IT-Cyber. 

Contrary to conventional and public misperceptions of cybersecurity, there are many non- technical positions such as in social engineering or privacy found within the large number of IT-Cyber based occupations. This indicates different strategies and workforce development/ education models must be utilized and encouraged to prepare all segments of the cyber talent pool.—technical or not. In addition, support must also be provided to assist IT-Cyber professionals across different industry sectors, types of organizations, and spanning the org chart from entry level to executive. 

We must work towards strategies and ways to enhance diversity, inclusion, and equity in the IT-Cyber workforce. Education programs, workforce development opportunities, and mentoring of students are examples of these strategies to include new groups of students who may not have had access to these programs previously. 

Concluding Thoughts on IT-Cyber Workforce Development/Education Barriers, Obstacles, and Limitations: 

As one can see, there are many barriers, obstacles and limitations with current IT-Cyber workforce development and education challenges. Finding prepared cybersecurity professionals statewide is daunting with 72,000+ current available positions; robust future occupational growth outlook; and record numbers of baby-boomers retiring from the workforce monthly. These concerns point to significant employment challenges down the road. Given all barriers and obstacles to IT-Cyber workforce development and education, California needs a comprehensive strategy and innovative digital/technology initiatives to overcome potential limitations. 

To help overcome these significant challenges, we are working on both a comprehensive long- term strategy (covering 2020-2030), as well as immediate steps, and short-term strategies, tactics, and actions to secure an enhanced and prepared IT-Cyber Essential Workforce moving forward into the future. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

As such, we rely on two carefully linked California IT and cybersecurity workforce development and education strategies: 

I. The California Cybersecurity Workforce Development and Education Strategy: Framework and Recommendations for a Career Pipeline and Pathway Project- (discussed under separate cover). 

II. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Pipeline (CEWYA) 

With Three Key Pillars: 

I. IT-Cyber Education Programs at all levels of education. 

II. Workforce Development Opportunities- Pre-Apprenticeships and Registered Apprenticeships across IT-Cyber employer/industry sectors and occupations. 

III. Diversity, Inclusion, and Equity in IT-Cyber supporting all special populations into the field including: military-civilian transitioning, veterans, disabled veterans and their spouses; as well as historically underrepresented groups: including women, minorities, and those with physical/neurological differences. 

Points of Emphasis (Contributed by Mario Perez, Professor, LA Mission College) 

This proposed program emphasizes competitive job skills that are useful and employable. 

The program aligns to the needs of the industry (both public and private sector). 

The program provides value and outreach to the community. 

Students are taught to think critically (also creativity, curiosity, inquisitive, passion). California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

California IT-Cyber Essential Workforce Pre- and Registered Apprenticeship Program Pipeline and Pathway (CEWYA) Objectives: 

1. Enhance partnership and communications with key partners and major stakeholders of cybersecurity workforce development and education. 

2. Build a coalition of interested public sector, industry, and education partners into a network of coordinated action on California cybersecurity workforce development and education. 

3. Design, develop, and implement cybersecurity education programs, courses, and relevant content in coordination with major partners and key stakeholders to support the pre-apprenticeship and registered apprenticeship program pipeline/pathway. 

4. Collect, analyze, and organize cybersecurity education Student Learning Objectives (SLOs) from middle school (6th grade) through 4 year undergraduate degree programs and embedded stackable certificate programs in high need essential workforce specializations. 

5. Establish and promulgate cybersecurity model curriculum and academic standards to support all phases of the pre-apprenticeship and registered apprenticeship pipeline education process. 

6. Work with key partners and major stakeholders to develop competencies to support apprenticeship program Minimum Industry Training Criteria (MITC) for key high demand IT-Cyber occupations (linked to specific O*Net Classification codes and positions). 

7. Outreach and relationship building with IT-Cyber employers and additional key industry sectors to develop employer-apprentice connections and provide available job positions. 

8. Utilize California Cybersecurity Apprenticeship Centers on participating California Community Colleges, California State University, and University of California campuses to administer and manage employer-apprenticeship logistics, training, and coordination. Develop and implement education programs that meet the needs of their local workforce. Serve as liaison between employers and apprenticeship students, faculty, and staff. 

9. Enhance diversity, inclusion, and equity of IT-Cyber and encourage the participation of students from traditionally disadvantaged backgrounds in the IT-Cyber Pre-Apprenticeship and Registered Apprenticeship Pipeline/Pathway Program. 

10. CEWYA Program assessment and evaluation. 

11. Link and align CEWYA with the NICE Cybersecurity Workforce Framework. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

CEWYA Design Methodology and Development Process: 

The California Cybersecurity Task Force (CCTF) Workforce Development and Education (WDE) Subcommittee consists of subject matter experts from California agencies/departments, the private sector (including small, medium, and large sized firms) and K-12 Education/Higher Education community. The California Department of Education (CDE) administers K-12 education statewide; and on the higher education side, campuses are drawn from California Community Colleges (116), California State University (23), and University of California (10). 

As many in the workforce development and education professions know, the key to success is found in the facilitating collaboration and coordination among industry, government, and education/higher education communities. In other words, bringing prepared job candidates (i.e. with solid qualifications) together with firms looking to hire people with a particular set of skills/education/experience. Based on the variety of barriers, obstacles, and limitations found in this space, it is clear we have much to do to bring everyone together under one roof and handle these issues collaboratively. 

Towards this end, the CCTF WDE Subcommittee initiated discussions in 2013 on the design and development of a comprehensive cybersecurity career education pipeline and pathway. Since 2017, the subcommittee generally met for monthly teleconferences, quarterly in person meetings at CCTF Quarterly Meetings and presentations. In addition, Subcommittee members have made many professional conferences, meetings, presentations across the state to support IT-Cyber and CEWYA design, development, and implementation phases. We have met in Northern, Southern, and Central California and draw on participants across the state. 

Over the course of the career pipeline/pathway design and development process, we relied on the input and feedback of hundreds of participants. This includes assisting on the development of model curriculum, academic standards, and workforce development opportunities. Many participated because they are acutely aware that we need to increase our workforce capacity and build up these ranks. It is difficult to provide sufficient security and necessary vigilant posture over extended periods without sufficient staffing and full IT-Cyber teams. One clear element contributing to cybersecurity vulnerability and risk these days is not having enough qualified and prepared IT-Cyber personnel. In terms of organizational structure, workforce and capability gaps (shortages) found across all ranks and key positions in all our respective organizations is perhaps the ultimate obstacle here. 

To address these various issues, the California Cybersecurity Workforce Development and Education Strategy acknowledges hundreds and hundreds of participants who contributed in some way to the objective of reducing critical IT-Cyber chronic workforce shortages. Please see Appendix 2 of that document for a comprehensive list of participants. One way in which many participants helped was in the design and development of statewide cybersecurity undergraduate model curriculum and academic standards process. The model curriculum and additional items are also found in the aforementioned report. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework 

The Essential Prioritization of California Cybersecurity Workforce Development and Education Programs and Initiatives: 

Due to great demand for current and future IT-Cyber workforce, we need to triage and take care of where the job demand is the highest and most essential. While COVID-19 has redefined how we work/study remotely from home, it have also shifted cyber threats and vulnerabilities to take advantage of increased remote access. We need prepared IT-Cyber professionals to handle the uptick in malicious activity. In terms of workforce development, we should play the numbers to expeditiously reduce critical statewide gaps. We begin with an understanding of where the jobs/opportunities exist in the cybersecurity enterprise. 

When looking at the Cybersecurity Supply/Demand Heat Map, some interesting information pops out. Of the 72,123 available cybersecurity positions in California (according to Cyberseek) the majority of positions (43,056) or (60%) have job requirements that map to the “Operate and Maintain” category wand 37,758 positions map to “Securely Provision” from the NICE Cybersecurity Workforce Framework. 7 This demonstrates the complexity of a typical open position in cybersecurity, with each practitioner needing to master many workforce category skills. The cybersecurity workforce is malleable and flexible, and many positions map into multiple workforce categories. 

7 (https://www.cyberseek.org/heatmap.html accessed electronically on 7.7.2020). 

In any case, if we concentrate our workforce development and education activities on building cybersecurity career education pipelines /pathways with aligned essential workforce pre-and registered apprenticeship opportunities—we need to focus on where the available positions are found to move the needle forward quickest. Please see the following table 1 (next page) listing NICE Cybersecurity Workforce Categories and California Cybersecurity Job Openings. California Cybersecurity Essential Workforce Youth Pre- and Registered Apprenticeship Talent Pipeline (CEWYA) Strategy and Framework