/assets/images/CISO logo 2-color cropped.png Responding to Ransomware Series Part III: Addressing Our Collective Risk | True Digital Security

Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

Request a Consultation

Responding to Ransomware Series Part III: Addressing Our Collective Risk

Randy Roberts is a 30 year veteran of IT-Security, having led cybersecurity teams at international organizations including HP and Electronic Data Systems. He has also worked with one of the top 3 graduate level cybersecurity programs in the nation at the University of Tulsa, recruiting top talent from around the country, including Department of Defense candidates. Roberts is the founder of Cyber Oklahoma Foundation, a regional not-for-profit committed to driving K-12 cybersecurity programs in his home state.

You don’t need to be reminded of the 359,000 cybersecurity jobs in the U.S. that went unfilled last year due to a lack of trained, available talent. You’re probably already living that reality. On the one hand, your board is asking for better trained incoming cybersecurity resources who are also young enough (so the logic goes) to accept entry-level pay. On the other hand, reality has proven that even a talented but uncertified high school graduate can command $85-100K starting salary. We are at a bit of an impasse with supply and demand, and it’s yet another reason U.S. businesses are being taken to the cleaners by cybercartel ransomware attacks. If we want to make a serious dent in our collective risk profile, we have to grow our available trained workforce in every community, stat. Community boot camps are fine, but we also need to invest in local youth, because our top long-term talent is more likely to start as young talent. We recently caught up with someone who is staking everything on that effort. Lifelong IT-Security professional and TRUE partner, Randy Roberts, has launched Cyber Oklahoma Foundation with the express purpose of increasing access across his state for local youth to experience the perks and career possibilities of cybersecurity, and he has some ideas to help get you started in your own community.

How It Started: “I got my first computer back in ’79.”

Like many of us, Randy’s first IT experience was writing Basic on a trusty TRS 80. This is key to our discussion, because lifers in tech often have their first exposure as young people. When Roberts had a TRS 80, though, there was no UX interface. He literally had to write the code, himself, to get a computer to do anything of substance. Kids now have intuitive interfaces, which are very user friendly and make most people more comfortable with technology, but also hide back-end processes. Part of helping kids get into the most exciting parts of technology is demystifying those processes for students. The programs Roberts is driving pull back the curtain a little bit and show students how much more fun it can be to understand and control the processes, themselves. –And, yes, like any gamified program, these involve intuitive activities, interfaces, and animations to get them started.

Roberts knows you don’t have to be a college graduate to get hands-on experience in IT

While still in college, studying Computer Science, Roberts was recruited along with some other students to help write code for Perot Systems. Even then, executives knew the value of pulling in local students for tech futures. Becoming part of a fully functioning adult crew while still a student, himself, Randy built the confidence needed to help him strengthen his skills, finish school, and go on to lead whole IT-Security teams at the global outsourcing company, EDS.

This Was Never Easy

At HP, Roberts learned a thing or two about what one needs to staff a successful cybersecurity team. Even then, it was a challenge to fill seats with candidates who had a higher level of experience. To address this, he created a pipeline that would guide new hires from their first Cisco certification at Tier 1, through the training and mentorships they needed to become Tier 3 experts. The potential of losing one of your experts has always been a problem, so he wanted exactly what we all need now, that pipeline of talent that’s ready to step in. He notes the importance of having been in cybersecurity leadership roles, because “having LED these teams, I know exactly what people are up against…the challenges people are facing in trying to staff, and the pitfalls.” Especially in today’s ultra-competitive market, organizations can’t get away with just hiring 1-2 people at the top of and calling it good. Chances are, those people are also at the top of recruiters’ lists, and if one person leaves, you need folks who are already acclimated and can jump in. Again, there needs to be a regular influx of new talent filling that pipeline.

How It’s Going for Most of Us: Why it’s so hard to hire and keep cybersecurity professionals

Not only are we dealing with 1) a widespread shortfall in the allocated security budgets of privately held companies, 2) too few trained candidates, and 3) unrealistic expectations for incoming hires, but “if you look at the cyber workforce in America, DOD’s got a massive amount of that. And each of the branches has their own cyber piece that they’re quite good at.” So, many qualified graduates you would otherwise be able to hire go into military careers, due in large part to the funding available for their education when they take that route. Can you recruit them back to private industry? “Those folks are, quite frankly, very hard to reach because [the government is] really good about how they train their people. They’re not on social media.” In other words, even getting the word out about your job opening and getting in front of the potential trained job pool is going to be challenge number one, because a LinkedIn post won’t do. Pulling those folks away from their current roles is not very realistic. More importantly, though, it’s in everyone’s best interest to keep those experts in their roles, because they are protecting our national infrastructure. Beating that dead horse, we need a pipeline of fresh talent that brings you immediate value, but that you can also put into planned tracks for growth and development– people who are good enough when they start to be worth your investment over the long haul. Our programs need to take into consideration 1) how to get kids interested in cybersecurity early on and 2) how to ensure that your organization’s future entry level hires won’t be intimidated by the toolsets you use.

How It Needs to Go: We can build viable, local pipelines

Early exposure and hands-on experience is key, according to Roberts, but it doesn’t have to be corporate experience. In fact, following current gaming trends among teens, it seems somebody took that cue and decided to gamify training programs for youth. (What? High school cybersecurity training can even be fun?)

  • CyberStart America is one of the two programs Cyber Oklahoma Foundation is driving. In CSA, students can access everything they need, including online games that walk them through the growth process, from zero background to complex cyber skills, explaining and guiding as they progress through the games. This is a one-person, play from wherever you are, scenario, but on the back side, experts are watching to see who demonstrates skill. The program offers scholarships to high performing students. Yes, winning a game from the comfort of their bedroom can actually get your child/cousin/neighborhood teenager into a very serious career, and not as a professional Xbox-er.
  • CyberPatriot is the second program Roberts is involved with driving in Oklahoma. The Cyber Oklahoma Foundation website defines this platform and associated competitions as “the National Youth Cyber Education Program created by the Air Force Association to inspire K-12 students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation’s future. ​In this scenario, students work in teams, beginning with little to no knowledge, progressing through a plug-and-play curriculum that culminates with local, regional, and ultimately national competitions.”

18 Year-olds Who Are Very Recruitable

Can this really, actually get kids straight into high-paying jobs? Roberts points out, “You go to the CyberPatriot Nationals and who’s there? Northrop Grumman – they’re a big sponsor. Boeing. Microsoft. People who are involved in national programs. They’re there, and they’re watching these kids and tapping them on the shoulder.” It’s not just privately supported, though, because students who show skill are also high priority targets for government and military intelligence roles. “CyberPatriot was developed at the University of Texas, San Antonio by a team that does a ton of national work,” he explains. “It’s highly related to the Air Force Cyber Command that’s there.”

Transform Your Community in the Process

Increased access to cutting edge cybersecurity programs can change the future of local populations, especially in underserved areas. Roberts uses Drumwright, Oklahoma as the perfect example. With a population of 2,870, the town has traditionally struggled to fund much needed educational programs and college pipeline initiatives for local families that would be available to them in larger towns. Yet, their CyberPatriot team has gone to Nationals 3 of the last 7 years, setting up seniors for top-level jobs and university programs across the country. How is that possible? All it takes is a laptop, a school meeting space, an adult sponsor, and a few mentors. The curriculum is already written. You can download virtual machines onto an existing computer. So, quite literally, a 16 year old attending high school in a town that normally would not get the attention of colleges, can enter this program and very quickly become a viable recruit for one of the most in-demand, lucrative career paths in the world.

Whether it’s through the individual CyberStart America path, or the team-oriented CyberPatriot path, Roberts notes, we need support to get these programs into schools as quickly as possible. While they are both free and require very little resources to start, they do need some dedicated folks behind the scenes who can consistently provide resources to teachers, win the support of school administrators, pull in corporate sponsors for trips or competitions, coordinate mentors, partner with universities, and gain exposure for students with municipal and state leadership, which is where Cyber Oklahoma Foundation comes in.

It’s Okay to Be a Little Selfish

There are numerous reasons to support organizations like Cyber Oklahoma Foundation. On the altruistic side, you’re literally helping to secure our national economy, because at the rate we are going with ransomware and our lack of internal workforce availability to fight off cyber criminals, privately held organizations are more at risk than they have ever been. When corporations struggle, that directly affects jobs in our country, and coming off a pandemic, the last thing we need to see are companies having to shut their doors due to massive ransomware losses and fallout. Let’s be realistic, though. You need to think about your own organization’s bottom line in all of this, and there are selfish reasons to support organizations like the Cyber Oklahoma Foundation, or just back a team at your favorite high school. You need more people to hire who can hit the ground running.

We’re Getting Behind This Effort. You Should Too.

As a cybersecurity service provider, TRUE is invested in that talent development pipeline not only for ourselves, but for our clients. When we work hand-in-hand with them, our mission is to build secure, thriving communities, starting with our clients’ organizations. However, we also want to help build broader security communities where they can learn and share tips, tricks, or threat intelligence with others who are facing the same challenges. That means we need more cybersecurity professionals who are available to go work on the teams in the communities we serve. So, we are investing in what Randy Roberts is doing, and we invite you to do the same. These programs benefit individuals, communities, students, employers, universities, and our U.S. military/government agencies that work to keep all of us safe every day. We believe that what benefits one of us, ultimately benefits all of us.

Join the Cyber Oklahoma Foundation community today, https://cyberok.org/joinourcommunity/ and learn how you can support.


Ask A Question