Industry Night at Whatcom Community College Catalyzes Cybersecurity Collaboration

On April 24th, Whatcom Community College (WCC) brought together cybersecurity students, industry leaders, and experts to address the critical need for skilled professionals in this field. Just over 100 people attended. Students came from other colleges besides WCC and comprised about one third of the audience. The remainder of attendees represented private and public employers, curious to see how community colleges can help fill the dangerous cybersecurity skills gap in industry today. 

President Kathi Hiyane-Brown emphasized Whatcom Community College’s commitment to cybersecurity education and its alignment with national strategies, highlighting the importance of collaboration between academia and industry. 

Michelle Robinson, Senior Director of the National Cybersecurity Training & Education Center (NCyTE) provided insights into collaborative efforts between NCyTE and the CAE Candidates National Center (CCNC). With a nation-wide mission, an overlapping goal of both organizations is to help colleges attain the CAE designation, which is overseen by the NSA. Washington state has 10 CAE institutions; one of them is Whatcom Community College.  

Brent Lundstrom, Director of the Washington Cybersecurity Center of Excellence (CCoE), outlined initiatives aimed at enhancing cybersecurity education and fostering industry-academia collaboration throughout this state. Some of the efforts include professional development for faculty, hosting Town Halls where colleges and industry can build working relationships and creating curriculum and hands-on exercises for the Cyber Range Poulsbo – a free training resource for industry, colleges, and K-12. 

Keynote address: Securing the Next Generation of Technology Workers 

Jim Reavis, CEO of the Cloud Security Alliance, gave the keynote address. Using the example of the Stuxnet virus, originally designed as a cyberwarfare tool, but later becoming a global nuisance, Mr. Reavis highlighted the importance of creativity and divergent thinking in cybersecurity, and a knack for predicting outcomes. As threats evolve, and more advanced tools are used in attacks, it’s not enough for defenders to simply match the pace of attackers. They must stay ahead of what might be coming next. 

Mr. Reavis said, “More and more of our lives depend upon technology and this dependence is increasing. The cybersecurity professionals that we have now are just a drop in the bucket compared to what is needed. Things are moving very fast, but this is the slowest you’ll see in the coming years.” 

Right now, most organizations are trying to decide the best ways to leverage artificial intelligence for scaling up and automating things that they couldn’t automate before. Therefore, knowledge of AI, machine learning, and large language models are key skills that cybersecurity professionals would do well to acquire. 

Furthermore, knowing how to assess risk is critical. This is both an art and a science. Cybersecurity professionals must provide the right information to key businesses decision makers. This requires an understanding of a wide range of technologies and how they impact the business, along with the ability to articulate this. 

Cloud computing is now the default infrastructure model for business IT systems. As cloud merges with AI and zero trust architecture, it’s important to understand how these overlap co-supportively. 

With the rapid rise of artificial intelligence, we must be alert to new and sophisticated scams involving deep fakes. Social and emotional intelligence can help us identify fraud even when AI is involved. Thus, college programs in cybersecurity would do well to include psychology and criminology as well. 

Shared Responsibility Equals Shared Fate 

Collaboration and communication skills, diplomacy, and shrewdness are strategic soft skills needed by cybersecurity professionals. Mr. Reavis emphasized that “shared responsibility equals shared fate.” To illustrate, he described the very old business model of firefighters in the US. They were contracted privately by businesses that could afford them. If a neighboring building burned down, “it wasn’t their problem.” But, that myopic, self-focused view burned down entire communities.  

Mr. Reavis said, “A community mindset must fuel our cybersecurity future where everyone agrees that we have both a shared responsibility and a shared fate.” 

Panel Discussion 

After the keynote, Stephen Miller moderated a panel discussion. Mr. Miller is a tenured professor and Director of the Information Systems Cybersecurity Center of Excellence at Eastern New Mexico University. 

• Jessica Lewallen IT Security Auditor at Washington State Auditor’s Office
• Kris Rides Co-Founder & CEO of TIRO Security
• Shawn Harris Deputy Chief Information Security Officer at Chipotle Mexican Grill
• Jennifer Kennedy Product Security Engineer, responsible for talent management across Boeing
• Ryan Bergsma Technology Director and Security Manager for the Cloud Security Alliance

The Questions  

“How can students explore the many opportunities in cybersecurity?” 

• Panelists placed a heavy emphasis on professional networking and utilizing LinkedIn.
• Most jobs are acquired through someone you know. Start building this professional network in the freshman year to be ready for a job hunt by the senior year.
• Regularly go to technical meetups, conferences, and hack-a-thons.
• Understand the vast range of organizations that need cybersecurity. These skills are needed in retail, restaurants, government, science, engineering and more. Find the place where your passions and prior experience overlap with cybersecurity and target a company that aligns with your values.
• Plan ahead and plan early for an internship. You may not be ready for that internship until next year but make those connections now and keep the professional relationships alive.
• Kris Rides, a technical recruiter, cited this example: One employer said he received around 700 applications for a single job. He narrowed it down to 6 applicants and hired one of those. When asked how he narrowed it down from 700 to 6, he replied, “I didn’t. Those 6 resumes were the only ones I looked at. They were passed to me from people I know, and I trust their recommendations.”
• Mr. Miller added a warning, “Network all you want and land that job, but know that you must work hard to keep that job, produce the promised output and keep up to date and sharp!”

How can colleges and industry be better partners in addressing the cybersecurity workforce skills gap? 

Employers should volunteer to join the advisory board at a college with a cybersecurity program. They should offer internships or collaborate on a capstone project for students. Colleges should start collecting data online about employers that have been offering internships and should ask them to collaborate on future internships. 

Colleges should do a better job at keeping track of their alumni. These can be powerful allies in mentoring today’s students and helping to find internships and jobs for future graduates. Everyone should be connected on LinkedIn. 

What hiring challenges are you facing in your organization? 

Jennifer Kennedy from Boeing responded that HR has trouble drafting job postings. Requirements and qualifications are too high and inaccessible. “We don’t always describe the jobs in ways that attract the right applicants,” she said. Another challenge is getting people to relocate for a job. Also, post-covid, many want to work remotely, but the nature of cybersecurity often requires you to be onsite and highly collaborative. 

On a brighter note, Jessica Lewallen from the WA state auditor’s office is happy that a new bill recently passed wherein state jobs are no longer allowed to require a degree. She said, “We can hire based on skills and knowledge without the lack of a degree blocking us.” 

How can students gain competency and build a career path? 

Recommendations included community engagement and leadership skills. For example, volunteer to do a cybersecurity awareness lunch-and-learn at your local senior center. Volunteer at the fire department to learn first-responder skills. Be a good sleuth and find your own internship by knocking on doors, so to speak. These things show more about you than simply a degree and a good GPA. Be sure to highlight these on your LinkedIn profile. 

Shawn Harris from Chipotle Mexican Grill said that he looks for two key features in job applicants: curiosity and “How coachable are you?” The curious person is excited to learn the latest technologies and usually has a passion project. Curious people invest in their careers by being self-driven self-educators. Coachable people are open to direction and realize they don’t know it all. Cybersecurity teams can be small and close-knit. They need people who will humbly fit into a highly cooperative environment. 

The event concluded with refreshments and a professional networking hour. 

Lively conversations ensued between employers and students. LinkedIn connections were made, and industry representatives received invitations to connect with Whatcom Community College and the CCoE. More discussions and collaboration will follow. Those who could not attend still have the opportunity to join these initiatives by contacting the CCoE at https://coecyber.io/.  

Click here to read about Whatcom Community College’s cybersecurity program: https://www.whatcom.edu/academics/areas-of-study/information-technology-computer-science/cybersecurity