The National Cyber Security Alliance has announced that the overarching theme for Cybersecurity Awareness Month 2021 is “Do Your Part. #BeCyberSmart.” Cybersecurity Awareness Month was launched by the National Cyber Security Alliance and the Department of Homeland Security in October 2004.
In the spring of 2020, the HBCU Cybersecurity Workforce Summit met to explore the need for cybersecurity degree apprenticeships with members of the Consortium Enabling Cybersecurity Opportunities and Research (CECOR), a government/industry/academia collaborative. One of the action plans was to launch employer-led cybersecurity apprenticeship cohorts partnering with CECOR.
Recently, Mirtha Donastorg, The Plug‘s HBCU Innovation Reporter, explored how CECOR, a $25 million initiative launched at Norfolk State University in 2015, created a pipeline for more Black cyber-security professionals.
Published this piece yesterday following up on a $25 million federal #HBCU initiative announced six years ago. I wanted to know: How had the money been used? Was it effective? (spoiler: yes it was) https://t.co/TxmMBbOs4l
— Mirtha Donastorg (@mjdonastorg) August 25, 2021
In 2015, then-Vice President Joe Biden made a major announcement while visiting Norfolk State University (NSU): the Department of Energy (DOE) was dedicating $25 million over the next five years to build up cybersecurity education at 13 HBCUs to diversify the cyber workforce.
Before 2015, the DOE provided grants for small groups of HBCUs to do specific research in cybersecurity, but eventually, it took a different approach.
“What [the Energy Department] wanted to do was to have one large consortium with all of the HBCUs they had worked with, plus a few additional ones,” Aurelia Willams, interim vice provost for academic administration and the executive director of the Cybersecurity Complex at NSU, told The Plug.
So more than a dozen HBCUs, two national research laboratories, and one South Carolina school district formed a cybersecurity consortium known as CECOR (Consortium Enabling Cybersecurity Opportunities and Research), with NSU serving as the lead HBCU.
Before the formation of CECOR, almost all of the 13 HBCUs offered computer science degrees, but no cybersecurity programs. At least three didn’t even offer computer science. By the end of the initiative, all 13 schools offered at the minimum a cybersecurity concentration with many adding a new cybersecurity bachelor’s degree.
The $25 million enabled the schools to develop the new curriculums and hire faculty to teach the courses. The two national labs that were a part of CECOR, Sandia National Laboratories, and Lawrence Livermore National Laboratory, also helped with the curriculum. Among other things, they developed training in skills that students would need to work at the labs, like in the operating system Linux.
“It was just one of these gatekeepers that was limiting people’s abilities to perform or even get hired,” Celeste Matarazzo, a cybersecurity researcher and co-principal investigator for CECOR at Lawrence Livermore, told The Plug about the lab’s Linux training program.
After identifying that need with faculty, Lawrence Livermore co-led a Linux boot camp every spring with North Carolina A&T State (N.C. A&T) University, one of the CECOR institutions.
NSU received about $5 million over the five years, with Sandia and Lawrence Livermore each receiving about $2.5 million. The remaining $15 million was split among the other CECOR institutions. Beyond hiring new faculty, the money was used to build labs, fund research, pay tuition for some students, and send them to internships.
CECOR also worked with K-12 students to spark an early interest in cybersecurity. One of the CECOR members, the University of the Virgin Islands, held summer camps for middle and high schoolers to prepare them for a national cyber defense competition.
But curriculum creation and K-12 programs were just one part of the pipeline puzzle. CECOR also established robust internship programs with the two labs in order to develop a diverse workforce.
“Diversity in cybersecurity is essential,” Matarazzo said. “Because the threat is limited only by human creativity, right?”
“So we want people who bring different perspectives to problem-solving so that we can make sure we have the most effective cyber defense force,” she added.
To achieve that goal, Lawrence Livermore accepted anywhere from 10 to 26 interns specifically from the CECOR schools, and Sandia hired between six to eight interns each summer, with some then being hired to work part-time through the whole school year.
Corithian Williams did exactly that. The A&T alum spent his first summer at Sandia in 2018 after graduating with his bachelor’s degree but continued on part-time for the next two years as he pursued a graduate degree, also from N.C. A&T. After getting a master’s in computer science with a concentration in cybersecurity last December, Williams has been full-time with Sandia.
“They’ve really been there, they’ve supported me a long way,” Williams told The Plug about his time with the lab.
N.C. A&T was one of the few CECOR schools that had a robust cybersecurity curriculum before 2015, so it was more likely to have students who were ready for internships at the national labs. But to give students experience from the schools that were just developing a curriculum, NSU created its own internship program and brought other CECOR students into their labs for the summer.
By the third year of CECOR, this intra-consortium pipeline led to students from schools who had just built cybersecurity programs also getting accepted to the national labs, Aurelia Williams said.
A lasting impact
With CECOR only being funded for five years, the schools and labs kept in mind ways to make the spirit of the initiative last beyond the $25 million.
“Our whole goal was to make sure that CECOR was something lasting because funding like this never stays forever,” Tommie Kuykendall, program coordinator for CECOR at Sandia, told The Plug.
By creating curricula that gave students the classes and experience they would need to get hired at labs like Sandia and Lawrence Livermore and exposing them to research opportunities, CECOR helped usher a new group of HBCU students into the cybersecurity workforce.
Many CECOR students have also gone on to pursue graduate degrees. Jasmine Bowers, a former CECOR intern at Lawrence Livermore, became the first Black person to get a doctorate in computer science from the University of Florida in 2020.
But CECOR had more intangible impacts, too. For the University of the Virgin Islands, it led to a collaboration with the national labs that continues to this day.
“The support provided by this grant has exposed and elevated UVI at the national stage,” Marc Boumedine, Chair of the Department of Computer and Computational Science at the University of the Virgin Islands, told The Plug. “This exposure affords Virgin Islanders the opportunity to demonstrate their preparedness to enter the workforce.”
At Sandia, human resources have gotten on board with the effort to increase recruiting from HBCUs, Kuykendall said.
But the work is not finished, though CECOR has ended. Black and African American employees made up three percent of Lawrence Livermore’s workforce and at Sandia, they made up two percent, according to a February press release from Lawrence Livermore.
Overall, CECOR created a new model for a diverse cybersecurity workforce.
“It enabled this model that enriched the relationship to be more than just a summer internship, but a collaboration with the faculty, students and the universities,” Matarazzo said. “This experience has been one of the highlights of my career.”