Dr. Chuck Gardner a Senior Advisor for Workforce Development at the Cyber Innovation Center.
The episode is about the Cyber Innovation Center’s academic guidance and workforce development efforts.
Listen to the full episode
Key takeaways from the interview
- Skills gap and teamwork in cybersecurity: The curriculum addresses the skills gap in cybersecurity, emphasizing teamwork and communication skills. Cybersecurity is seen as a team sport, contrary to the solitary hacker stereotype.
- Diversity and inclusion initiatives: Cyber.org supports initiatives like Project Reach and Project Access, promoting diversity in the cybersecurity workforce. These include programs for students with disabilities and partnerships with HBCUs and minority-serving institutions.
- Staying current with cybersecurity trends: Cyber.org’s content is digital and frequently updated to reflect the latest cybersecurity trends and technologies. They engage with industry partners and participate in NICE working groups for relevant curriculum development.
- Cyber range: A virtual environment developed by Cyber.org allows students to safely practice cybersecurity skills, including offensive tactics like password attacks and backdoor implementation.
- The future of cybersecurity: Dr. Gardner highlights the ubiquity of cybersecurity in all industries and advises students to pursue careers in areas they are passionate about, as cybersecurity will be a part of all fields.
- Role of cyber.org: Continues to work towards bridging the gap in cybersecurity education, aiming to support more educators and spread awareness about their programs.
Here is a full transcript of the episode
Steve Bowcut: Thank you for joining us today for The Cybersecurity Guide Podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide, and the podcast’s host. We appreciate you listening.
Our guest for the show today is Dr. Chuck Gardner. Dr. Gardner is the senior advisor for Workforce Development at Cyber Innovation Center. The topic we’re going to be discussing, the cyber innovation center’s academic guidance and workforce development efforts. I think it’s going to be a great show. I’ve been looking forward to it for quite some time. With that, welcome Dr. Gardner. Thank you for joining me today.
Dr. Chuck Gardner: Thanks, Steve. Thanks for having me. I’m looking forward to the conversation.
All right. This is going to be fun. So, help us, at a high level, understand the Cyber Innovation Center, what it is, why it is, and a mission statement, that kind of thing.
Dr. Chuck Gardner:
Sure. Thanks. So, the Cyber Innovation Center we refer to as the CIC, was established back in 2008 in Northwest Louisiana, up in the Bossier, Shreveport area of Louisiana, Bossier Parish, Caddo Parish, Northwest Louisiana. At the time, it was an initiative that was aimed at changing the workforce of the region, from one that was focused on primarily healthcare, gaming and petroleum, to one that had some more IT and cyber and network administrative focus on it.
In 2012, through partnerships with Louisiana Tech University, Bossier Parish Community College, other entities up in the area, and getting the notice of DHS at the time, Secretary Napolitano, NICERC was born, NICERC being the National Integrated Cyber Education Research Center, our former name. We rebranded in 2020 to Cyber.org. Thank goodness. So, in 2012, we’ll just refer to it as Cyber.org was born, to take this learning model that had been established in Northwest Louisiana to again affect that change in workforce.
We identified K-12 as that initiative where we needed to impact the change to create the future workforce. So, this isn’t a short-term solution, this is a long game. It began in K-12, between 2008, 2012. 2012, DHS comes along and says, “This is a great model. Essentially we want to help scale this to regions across the country.” That initiated the CETAP program, Cybersecurity Education Training and Assistance Program from DHS now CISA.
We just finished, we’re about to finish our 10th year under the CETAP program, and we are in the middle of the Recompete process to hopefully win our next five-year award with CISA to do more work under CETAP to provide educators across the country with free access to cybersecurity curriculum, technology resources, professional development, those kinds of things. That all falls under the umbrella of the initiative of the CIC called Cyber.org.
Okay. Perfect. Thank you. Thank you for that explanation. I love that approach, that way of looking at it because we all know that cybersecurity globally is very competitive, and to compete, and by compete I mean defend, we need to start very young.
We need to start kids learning about cybersecurity in K through 12. So, I appreciate that approach. So, let’s narrow our focus a little bit. Your specialty is workforce development, so let’s talk about what that means in terms of Cyber.org and the work that you do.
Dr. Chuck Gardner:
Sure. So, in the area of cybersecurity and all things cyber, workforce development at K12 means creating cyber aware citizens, creating students who can graduate and work through school with an understanding of their role in cyberspace, their role as cyber citizens. But also to gain that technical skill and knowledge to potentially support the industry. We know there’s over 660,000 jobs across the country that are currently available in cybersecurity. While our current K-12 population can’t immediately solve them, we want them to be in line to be the solution for the next generation cybersecurity workforce.
From a cyber innovation center perspective, we’ve got relationships with various DOD branches and government agencies to support workforce development in terms of transitioning military or workforce, transitioning workforce to prepare for these roles. But the curriculum that Cyber.org develops is specifically identified for K-12, for the teacher. The professional development is aimed at preparing that teacher to be successful in their classroom, to ensure that students have the skills and resources that they need to learn, explore, and discover what their role in cyber could be in the future.
Okay. Excellent. So, if I understand what you said correctly, so K-12 students are learning some of the basics. I assume, and maybe you could elaborate on this, do you actually interface or integrate with higher education to understand what it is that these students need to learn in their K-12 environment before they continue on to get a higher education? Is that what you are telling us?
Dr. Chuck Gardner:
Sure. It goes back to that 2008 development of the Cyber Innovation Centers concept. We realized the role that higher ed plays in the development of effective K-12 programs. We want there to be as seamless as possible handoff of that student from their 12th grade classroom to their post high school studies.
If a student chooses to further their education, we want to make sure that it’s as easy as possible for them to be successful. A lot of the curriculum has been developed over time with college faculty as overseers, as mentors, and even as curriculum developers. We’ve even gone out to industry and sought out support from them to help develop curriculum that’s going to support the K-12 classroom.
Again, to make sure that we’re constantly updating our ideas, I know we’re going to talk about more of this, but to make sure that the content’s relevant but also rigorous for that population. So, the Cyber.org team, about 20, 22 of us, most based in Bossier City, Louisiana, are primarily former educators, master’s degrees, some doctorate degrees, and we want to make sure that the curriculum is rigorous for the audience it’s intended for. Relevant to the content we want them to be exposed to, but also engaging and fun because we’ve got to make sure that our students are hands-on and working appropriately throughout the curriculum.
Excellent. Thank you. You touched on collaboration with industry, and that’s where I wanted to go next. Maybe you could elaborate on that a little bit. I’m assuming you go out and you solicit input from education, from academia. I assume you do the same thing for industry. How does that work and what kind of input are you getting?
Dr. Chuck Gardner:
Yeah. I tell you, we’ve had some really great partnerships over the years, and a lot of them. I’ve been around for most of them. I’ve been around the Cyber Innovation Center since 2015. I started using the curriculum back in 2012. When I taught middle school in Florida I didn’t use that content there, but I taught high school in New Orleans, and I used the Cyber.org content in my classroom. I’ve been familiar with the material since 2011, 2012. I’ve been part of the team since 2015. In that time, some of the really great collaborations have been with industry, primarily introduced through NICE, National Initiative for Cybersecurity Education out of NIST. Palo Alto Networks, Tenable, ISACA, GoKnown is a small startup based in Louisiana. We’ve written some curriculum with them.
In fact, Palo Alto Networks partnered with us this past summer, we’ve done some work, I want to talk about this again in more detail, but we’ve done some work with Virginia’s Department for the Blind and Vision Impaired, to bring accessible cybersecurity curriculum to that population. Palo Alto partnered with us on a delivery of a summer camp this past summer. They spent a week with us in Richmond, and they brought hardware and activities into the classroom so that we could work with students on the establishment of these cybersecurity skills.
Not just virtual technology, but physical technology on the desktop. So, we’ve had some really great partnerships, Girl Scouts of America, trying to think of others. There have been many.
Steve Bowcut:
Interesting.
Dr. Chuck Gardner:
I’ll get that back out to you.
Yeah. Something that you alluded to earlier as well that I’d like for you to elaborate on is this idea of a skills gap. So, anybody that’s been working in or around cybersecurity for any length of time understands that there is a real need for cybersecurity trained workers.
Can you talk about that a little bit and where do you see the demand? Is it entry level SOC analysts? Is it nation state threat hunters? What is it?
Dr. Chuck Gardner:
So, in our focus on K-12, we see a lot of the entry level demands across industry. So, we have curriculum that’s tailored for CompTIA certs, that includes Security+, Net+, A+, IT Fundamentals. We’re working to align that to other entry level credentials. But for many years, those provided the foundation of DoDEA certification. So, if you wanted to work with DoDEA or Department of Defense contracts, you had to have those baseline CompTIA certs.
We also took a look at what states were needing in terms of cybersecurity standards. There are some states who have developed K-12 standards for cybersecurity, and we found that these credentials covered those and then some. So, while we’re not endorsed by, nor do we support CompTIA as a partner, we use those credentials to form the basis of some of our high school technical curriculum.
As far as that skills gap is concerned, I heard this line this summer from a colleague at CH Robinson up in Kansas City. “Cybersecurity is a team sport.” I know he’s not the first to say it, I’ve heard it elsewhere, but it made me chuckle in this environment that we were in, cybersecurity is a team sport. Students have got to be collaborative and they’ve got to be team players if they want to succeed. Teachers for years have not provided the model example of team players.
We have a door in our classroom and it’s most often closed. It’s rare to have teachers welcome in outsiders. I’m sorry if I’m offending any teachers in the audience, but as having been one, I know my door was often closed. Then I started teaching cyber and robotics content, and I found that in order to get the best feedback, I had to open my door and bring folks in and show them what we’re doing.
Cybersecurity is a team sport. That carries on to today, and our students who spend afternoons and evenings maybe gaming, down… I’m not going to use the… I’ve already gone there, the hoodie in the basement.
Students who are spending evenings solo gaming, it is not the way to solve problems. They’ve got to be able to work together. So, we’ve got curriculum that encourages students to work together, work in small groups. We’ve also got to work on communication skills, although soft skills that employers lament about, millennials not being prepared for. I apologize again for insulting millennials in the audience. But we know there are shortcomings in terms of some of those soft skill developments.
COVID threw a heck of a wrench at us in terms of getting students to collaborate and network and work together. So, we’re working with… We’ve got curriculum opportunities that are also going to help students present work on their presentation skills. Their research and reference skills to hit a lot of those ELA and humanities requirements, working on PowerPoints and other forms of digital presentations. So, the skills gap needs team players and the ability to communicate and work with others.
Perfect. Thank you. I appreciate that. That’s a pet peeve with me too. Cybersecurity is not how the media portrays it. It is not with a hoodie in a half dark room by yourself working on your computer. That’s the proverbial hacker. Cybersecurity is much more sophisticated, and it is a team sport, both at the education level and when you’re working. You will be part of a team when you work in cybersecurity.
Obviously to get the best education for students, we need to have those doors open as well. I appreciate that. So, another thing that you touched on that I’d like to get you to elaborate on a little bit is this idea of diversity and inclusion. So, what initiatives or programs are you aware of and do you guys use that promote inclusivity in the cybersecurity workforce?
Dr. Chuck Gardner:
Yeah. Awesome. So, Cyber.org is proud to support two initiatives that promote diversity and inclusion in the cyber workforce. We have two initiatives called Project Reach and Project Access. Project Access is near and dear to my heart. This established from a relationship back in 2015/2016. It stemmed initially from work we had done with the Virginia Department of Education to bring cybersecurity curriculum to high schools across the Commonwealth.
We impacted in one summer, over 220 teachers and over 700 students with a three-week summer camp. Virginia’s Department for the Blind and Vision Impaired caught wind of that activity and said, “It’s fabulous that you’re doing this for here, mainstream students, but we’ve got a population who I know can contribute to the cybersecurity workforce. Give us a chance, come and talk to us about what it is you do, and let’s develop some accessible opportunities for students with disabilities.”
We met in Richmond in the fall of 2016.
We brought everything we had, including the kitchen sink. We brought robotics platforms, we brought digital content. It turned out that this technology from a partner of ours called Parallax Robots for Education, developed over 20 years ago, that is programmed in old school, basic beginner’s all-purpose symbolic instruction code, that that worked with all of the assistive technology that these students needed.
It worked with screen readers and magnifiers, and it was this little wheeled platform called a Boebot, B-O-E-B-O-T. BOE stands for Board of Education. So, it was a platform initially designed for instruction. It’s what I used when I taught this content in New Orleans. We found that we tried Raspberry Pi’s, Arduino’s, all the technology that was available at the time. There was no Micro:bit yet, and this Boebot was the one that worked swimmingly with everything that we needed.
We developed a week-long summer camp around that platform. First time it was hosted was the summer of 2017 with Virginia. We hosted that camp three years. COVID gave us 2020 off. We came back in 2021 and changed it up a little bit and offered a cybersecurity camp based on Linux and some of the accessible tools that come prepackaged in Linux. So, Virginia has been our test bed for accessible curriculum. We’ve developed a lot of content from scratch with Virginia’s DBVI as our partner.
We’ve hosted six camps with M3 of the Robotics Camp Three of the Linux camps, seeing more than 100 students pass through this content, and really become a life-changing opportunity, because these students so often aren’t given the opportunity to even think about a career in computer science, let alone cybersecurity. Many times, their counselors, their teachers, their school counselors are giving them study halls, with the intention of thinking they need time to get caught up where they don’t need time to get caught up.
They need to expand their opportunities to test new things. This content is impacting them in such a way that over 90% have changed their focus from before they entered the camp to after entering the camp into something that’s tech related, whether it’s IT cybersecurity, getting certifications. We’ve had students that are now in four year programs at university, at VCU, at Blue Ridge Community College, a couple of different universities across the state, that are now studying computer science and cybersecurity. Other states have partnered with us as well, New Jersey, Arkansas, Nebraska, Michigan, Vermont, to name a few. I feel like I’ve left one out. But its been a really great initiative with Project Access to bring accessible cybersecurity curriculum to students across the country.
In terms of our Project Reach is providing outreach to HBCUs and minority serving institutions across the country. So, we’ve got this opportunity to work with diverse populations, underrepresented populations. The opportunity here is to partner K-12 with higher ed institutions that have successful cybersecurity programs so that K-12 students can see examples of success that look like them, in college and in careers. So, these partnerships include Bowie State University, Claflin in Orangeburg, South Carolina, Lane College, Langston, Lincoln University in Missouri, Morgan State, a number of universities that are HBCUs on the East Coast. We’re partnering now with MSIs, Minority Serving Institutions across the rest of the country, just to show that success has many different looks.
We want to make sure that if there’s a cybersecurity program, you know that you can be successful in that program because there are others before you that have passed through that program. This is what they look like. Just showing students that there’s all sorts of diversity in cybersecurity. It may not be represented in the final numbers, as students who graduate from these programs and enter the workforce. But we’re getting there. We’re making progress, and these programs are bringing that interest back to the K-12 population.
Excellent. Thank you. I appreciate that. So, you’ve talked about soliciting input from academia, soliciting input from industry, and yet one of the unique things about cybersecurity is the rate at which things change.
So, is there anything else, and maybe you’ve answered this already, but is there anything else that you’d like to say about how you make sure that you are staying up to date with the latest threats and tools and technologies?
Dr. Chuck Gardner:
Yeah. I think it’s interesting you’re finding less and less published guides for cybersecurity in and around the arena. We don’t publish anything. All of our content remains digital so that it can be updated regularly. Our content does undergo frequent updates throughout even the school year. But what we found, as I mentioned before, obviously the industry partnerships with Palo Alto and ISACA who are providing credentials.
Our work with the CompTIA credentials, like Security+ and Net+, those are also undergoing revisions. In fact, our high school cybersecurity content, that’s modeled after the SYO601 exam from CompTIA, which is Security+. I found out it’s soon to be 701. So, curriculum that we designed less than two years ago to support the 601 exam is going to have to be reanalyzed and organized and shuffled up to include the new 701 objectives when they’re released later this year.
But that’s primarily it.
We seek input from those industry partners. We’re members of a variety of NICE working groups. We work side by side with NIST and the Cybersecurity Workforce Framework, just to make sure that our content is staying as true as we can keep it to updated landscape changes in the area of cybersecurity. So, we’re thankful for the partners that offer the time to come work with us and share thoughts and ideas about how the curriculum is relevant.
Steve Bowcut:
Yeah. Interesting. That is one of the interesting aspects I think, of cybersecurity, because there are some fundamentals that I think there are textbooks and manuals out there, that everyone who’s interested in cybersecurity should probably spend some time with. But they really just teach the fundamentals. Once you get past a certain level, that rate of change is happening so quickly that the printed materials oftentimes are no longer relevant. But you’ve got to have those fundamentals first.
Dr. Chuck Gardner:
Fundamentals are important. The question that might be popping on people’s heads is how in the world are you doing that in K-12? There’s a variety of solutions. We’ve identified the need for virtual environments where we can practice these kinds of things. We want to keep K-12 students safe, but we also want to show them some of the technology that is available out there.
The term, the concept we’re using to do this is a Cyber Range, there’s a variety of Cyber Range styles that have been developed by partners across the country, across the globe even. Some competitive environments like Capture the Flag events use Cyber Range environments to give students the ability to practice things. But the Cyber.org Range is a virtual environment we’ve developed over the last year with support from the state of Louisiana, which gives students the ability to practice malicious attacks in a safe, secure cyber environment.
We’re giving students access to Kali Linux and a vulnerable Windows seven machine. Those devices are networked, and students can use that to see what the offensive side looks like from the Kali perspective. They can launch a password attack or a credential harvester or using Metasploit to implement a backdoor, and then do key log or a privilege escalation. Then they can log in as the victim, air quotes, the victim logs in through the Windows machine, and they can see the effects of these events on their machines, searching for websites, entering credentials into a fake website that’s been spoofed by the Kali Linux machine.
Recently we’ve also added Windows Server 22 to help support Cyber Patriot and other networking activities that students want to do in the Range. Again, along with the curriculum and the support of CISA and DHS, these resources are all free for teachers across the country.
That’s so fascinating. Excuse me. Is the idea, the vision behind that, it’s a resource that K-12 teachers would use as part of their curriculum? Or is it maybe that students would go there on their own after hours or both? I mean, what is the design?
Dr. Chuck Gardner:
So, the design is that the teacher’s going to request access and then provision that access to their students.
Steve Bowcut:
Got it.
Dr. Chuck Gardner:
So, all of our engagement happens with the teacher. We’re not an educational institution. We don’t store or keep student records throughout the school year. We give teachers access to this content, and then it’s up to them to share it with their students.
Now, the Cyber Range is a little bit of a different entity because we do have students logging into the Range, but again we provision the accounts to the teachers, and then we create usernames for the students to log in as, so that they’re not using their personal information. This has provided suitable access for most school districts across the country to say, yes. That’s accessible access for our students.
Excellent. Okay. Wow, what a great resource. I appreciate you sharing that. All right. So, we’re about out of time, but I’d like to wrap up with this. We’ll ask you to dust off your crystal ball and look into the future just a little bit. So, where do you see the future of cybersecurity and the role of Cyber.org? So, the Cyber Innovation Center, how do you see this moving forward?
Dr. Chuck Gardner:
I mean, the future of cybersecurity, it’s everywhere. It is every industry, it’s every corner of the things that we do. One of my friends from North Dakota at one point said, “The only industry that really isn’t going to be or hasn’t been affected by cybersecurity is butter churning,” to some extent. But I’ve got to get butter to market, so I’m going to-
Steve Bowcut:
That’s right.
Dr. Chuck Gardner:
… do that. So, advice for students coming up in the field is, find something that you love. Find a hobby, find something that you want to do. There’s going to be a cybersecurity aspect to it, pretty much no matter what it is. Whether you’re providing services, supporting students in the classroom, maybe you’re providing counseling services, there’s going to be a cybersecurity aspect to it. If manufacturing something is your thing, there’s going to be a cybersecurity aspect to it. So, students, find a hobby and you’ll love cybersecurity if you can do it in something that you love.
For Cyber.org, like I said, we’ve been doing this for 10 years. We’ve got an opportunity to continue doing this for another five with the support of CISA. We’re hopeful and thankful for the work that we’ve been given. But also, there’s 660,000 jobs currently available across the country in cybersecurity. Cyber.org currently has 30,000 educators across the country who have access to the content.
There’s still a big gap of need from us to support educators across the country. So, we just would love to just get the word out there. It’s been a ground roots effort for 10 years, we’ll keep doing it that way. But we’re starting to get more and more traction from industry and from government awareness of the program, and the work that we’re doing. So, we just keep hoping for that support and letting us do the work that we do across the country.
Steve Bowcut:
All right. Well, thank you. Thank you for taking the time to be on our show today and to tell our audience about what it is you’re doing. I think that our audience will find this a very valuable resource. So, thank you very much. I appreciate your time today, Dr. Gardner.
Dr. Chuck Gardner:
Thanks, Steve. It’s been a pleasure being here.
Steve Bowcut:
All right. A big thanks to our listeners for being with us. Please remember to subscribe and review if you find this podcast interesting. Join us next time for another episode of The Cybersecurity Guide Podcast.