Addressing the national cybersecurity workforce shortage—one clinic at a time

When Bianca Ionescu graduated from her performing arts high school in 2020, she had no idea she would soon turn her years of orchestra experience into a major in Information Systems.

In 2018, Bianca’s sophomore year math teacher told her class about Gen Cyber, a week-long cybersecurity boot camp hosted at the University of Nevada-Las Vegas. While Bianca had dreams of becoming a professional musician, she had seen many performers struggle financially in the aftermath of the pandemic. In contrast, the stability and opportunity of a cybersecurity career made the path very compelling.

“I learned a lot within that little week,” Bianca says of her Gen Cyber experience. Since then, she’s become involved in UNLV’s student-run cyber clinic that provides cybersecurity training to local businesses – and joined Gen Cyber as a teaching assistant, where she’s introduced high schoolers to cybersecurity career paths. Now, she’s considering a career as a cybersecurity consultant. “As much as there is huge demand for skilled professionals, even entry-level positions or internships are always asking for [cybersecurity] experience,” Bianca says. “We’re able to build that experience and make sure they get those opportunities.”

In 2022, cyber attacks increased by 38% globally compared to 2021, and have cost the U.S. economy billions. But while the risk of cybersecurity threats continues to grow, the number of cybersecurity workers has not kept up with the pace of demand. The U.S. alone needs to fill more than 650,000 roles to help secure critical systems and infrastructure.

Without a robust cybersecurity workforce, these trends will only continue. To help reverse them, in 2023 Google.org in collaboration with the Consortium of Cybersecurity Clinics is committing over $20 million in grants for cybersecurity clinics at 20 higher education institutions across the U.S. By introducing students to the many opportunities of cybersecurity careers, these programs are helping to close the industry’s talent gap and empowering the next generation of cybersecurity professionals.

Modeled after law and medical school clinics, cybersecurity clinics are designed to support local, under-resourced organizations such as hospitals and schools with vital services, including comprehensive risk reviews and overall cybersecurity strategies.

At the University of Georgia’s CyberArch clinic, for example, students have developed a webinar series designed to help Georgia county governments learn cybersecurity fundamentals such as the National Institute of Standards and Technology (NIST) framework.

“We're basically providing very expensive services to these organizations for free,” says Hannah Brown, whose experiences at the CyberArch clinic have helped cement her interest in pursuing a cybersecurity career. “I’ve gotten a lot of reward from just that aspect of it.”

More broadly, these clinics also serve as valuable learning experiences, helping students improve their hard and soft skills and deepening their exposure to real-world cybersecurity work.

Many Consortium clinics are also recognizing the need for more inclusive pathways into cyber. Through Rochester Institute of Technology's partnership with the National Technical Institute for the Deaf (NTID), NTID students receive access to coursework, research, experiential learning opportunities, and all aspects of social life on campus, embedding interpreters and American Sign Language throughout campus. Students develop cultural competencies, empathy, and communication strategies as a part of their educational journey, as they work side-by-side with their deaf and hard-of-hearing peers.

Nathan Havens, who is hard-of-hearing and an advocate of expanding opportunity for the deaf community in the cyber workforce, has spent five years working in various warehousing roles in St. Louis, Missouri. In his spare time, he taught himself the basics of cybersecurity work before applying for the SAFE lab cybersecurity apprenticeship at Rochester Institute of Technology through its partnership with the NTID.

He credits that experience with giving him the technical skills needed to pursue a career in the industry. But he acknowledges the challenge in entering the field as someone who is deaf or hard-of-hearing and is committed to bringing more visibility to the need for increased access to training. “The cybersecurity landscape is fast-evolving,” he says. “I cannot just sit in the classroom and not have any hands-on work experience, especially since I'm in my 40s and have children. I can gain skills quickly, and I can keep up with the trends.”

Talent like Bianca, Hannah, and Nathan will be vital for the future of cybersecurity, and tools like cyber clinics provide the experience they need to advance to the next step—while ensuring they can help mentor the next generation and strengthen their communities.