Technology

Ambitious Project will Address Workforce Needs, Security Issues in the Supply Chain

Creating Cyber Solutions

Tom Loper says the ‘supply chain’ project will benefit the region

Tom Loper says the ‘supply chain’ project will benefit the region and its manufacturing sector while also giving cybersecurity students a leg up on jobs.

A group of regional partners, led by Bay Path University, has been awarded a $250,000 grant from the Mass. Technology Collaborative for a pilot program that will address a host of identified issues — from a critical shortage of workers in the cybersecurity field to the need for smaller manufacturers to become more cyber secure if they are going to keep doing business with their customers in the defense, aerospace, and other sectors.

The project’s name is long and quite cumbersome.

‘Engaging Student Interns in Cybersecurity Audits with Smaller Supply Chain Companies to Develop Experience for Entry-level Positions While Improving the Cybersecurity Ecosystem in Massachusetts.’

Yes, that’s really what it’s called. And while that’s a mouthful — not that anyone actually recites the whole thing anyway — it really does capture the essence of an ambitious initiative spearheaded by Bay Path University and its emerging cybersecurity programs, and also involving Springfield Technical Community College, Paragus Strategic IT, the Economic Development Council of Western Mass. (EDC), and other area partners.

Breaking down that long title into its component parts certainly helps to tell the story behind the $250,000 grant awarded recently by the Mass. Technology Collaborative. The program, set to commence early next year, will indeed engage students in Bay Path’s cybersecurity programs in internships with smaller supply chain companies across the region. They will be working with employees at Paragus to undertake cybersecurity assessments of these small manufacturing firms, essentially identifying holes where intruders can penetrate and possible methods for closing them.

And the program will provide needed experience that is difficult for such students to attain, but very necessary for them to land jobs in the field. And it will put more workers in the cybersecurity pipeline at a time when there is a considerable gap between the number that are available and the number that are needed — a gap approaching 9,000 specialists in this state alone. And it will bring more women into a field that has historically been dominated by men and is struggling desperately to achieve diversity.

That’s a lot of ‘ands.’

Which helps explain why the Mass. Technology Collaborative, which was planning to divide $250,000 among several entities, gave that entire amount to Bay Path’s proposal and then found another $135,000 to award to two other projects, said Tom Loper, associate provost and dean of the School of Arts, Sciences and Management at Bay Path, who started with the small supply-chain companies, as he explained the project’s importance.

“These companies have a cyber vulnerability, in many cases, because they don’t have sophisticated systems and they don’t have sophisticated staff that can help create a cyber-safe environment,” he noted, adding that he took what he called a “Western Mass. approach” to the process of applying for the grant.

By that, he meant a focus on smaller businesses, as opposed to the larger defense contractors like Raytheon in the eastern part of the state, and also on schools like Bay Path (and its online component, The American Women’s College) and STCC that are graduating cybersecurity students but struggling to find them real-world experience to complement what they learn in the classroom.

Matthew Smith says that among the many potential benefits from the ‘supply chain’ project is much-needed gender diversity in the cybersecurity field.

Matthew Smith says that among the many potential benefits from the ‘supply chain’ project is much-needed gender diversity in the cybersecurity field.

Thus, the project is a potential win-win-win, with maybe a few more wins in there as well, said Rick Sullivan, president & CEO of the EDC, noting that winners include the individual students at Bay Path, the emerging cybersecurity industry, individual small manufacturing companies, and the region as a whole, which counts its precision manufacturing sector as a still-vital source of jobs and prestige.

“The large customers, the Department of Defense, the Department of Transportation … they’re really requiring, and rightfully so, very strict compliance with the highest cybersecurity techniques out there,” Sullivan said, referring to the requirements now being placed on smaller supply-chain companies. “When they go to the bigger companies, they have to certify their entire supply chains, and we have a lot of companies in this region that feed into that supply chain.”

Overall, the pilot program is a decidedly proactive initiative aimed at helping these smaller companies become aware of the requirements they will have to meet to keep doing business in such fields as defense and aerospace, and then help them meet those thresholds, starting with an assessment of their cybersecurity systems and immediate threats.

For this issue and its focus on technology, BusinessWest takes an in-depth look at the Bay Path-led project, its many goals, and how, if all goes as planned, it will close gaps in cybersecurity systems as well as gaps in that sector’s workforce, while also making the region’s manufacturing sector stronger and more resilient.

Day at the Breach

The project summary for the Bay Path initiative, as authored by Loper and others, does a very effective job of summing up both the many types of problems facing the state and its business community with regards to cybersecurity, and also how this pilot program will address several of the key concerns.

“Entry-level job postings for information security analysts and related cybersecurity positions typically require one to two years of experience in the field, making it challenging for recent college graduates with cybersecurity degrees to fill these positions,” the summary begins. “Bay Path University, a women’s university in Western Mass., will lead a project that will engage 30 undergraduate and graduate cybersecurity students, primarily women, in a full year of challenging experiences as paid interns on cybersecurity auditing teams.

Rick Sullivan

Rick Sullivan

“The large customers, the Department of Defense, the Department of Transportation … they’re really requiring, and rightfully so, very strict compliance with the highest cybersecurity techniques out there.”

“Teams will provide cybersecurity audits at a lower cost for small to mid-sized companies in the region,” the proposal continues. “Undergraduate cybersecurity interns from Bay Path University and Springfield Technical Community College will be assigned to auditing teams led by a graduate intern from Bay Path’s M.S. in Cybersecurity Management Program. Teams will be supervised throughout the audit process by seasoned cybersecurity specialists from Paragus Strategic IT. Through the internship, students will gain insight into the breadth and scope of challenges to the cyber ecosystem and hands-on experience working with employers to implement options for addressing these challenges. Project research and evaluation will be undertaken to confirm that the internship will meet the needs of employers who require prior experience.”

Like we said, that pretty much sums it all up — at least from the student intern side of the equation. In addition to classroom learning, experience in the field is necessary to break into the cybersecurity sector, said Loper, and such experience is difficult to attain. This pilot program will help several dozen students get it.

Meanwhile, the program will address the other side of the equation, the needs of small manufacturers in the supply chain — and this region has dozens, if not hundreds of them, who face many challenges in their quest to become safe (or at least much safer) from security breaches, a pre-requisite for being able to do business these days.

For an explanation, we return to the project summary:

“The majority of cybersecurity breaches occur in smaller supply chain companies, threatening the entire supply chain. Yet these companies often cannot afford the staff or resources to address ongoing needs for ensuring a cyber-safe ecosystem,” the solicitation notes. “Partnering with the MassHire Hampden Workforce Board, the MassHire Franklin Hampshire Workforce Board, and the Economic Development Council of Western Massachusetts, the project will engage 45 small to mid-size supply chain companies in the advance manufacturing sector in western Massachusetts in cybersecurity audits. This strategy will be disseminated as a model for how other Massachusetts higher education institutions with cybersecurity programs can partner with employers and their regional planning teams to strengthen the cybersecurity ecosystem across the Commonwealth.”

Elaborating, Loper said the cost of a cybersecurity assessment (that term is preferred over ‘audit,’ is approximately $1,500, an amount that challenges many smaller companies and is the primary reason why relatively few are done.

The pilot program will pay roughly two-thirds the total cost of an assessment, thus bringing assessments within the reach of more companies, which need to ramp up their cybersecurity systems and methods if they are going to keep doing business with most of their clients.

“Things are starting to change,” said Sullivan. “Cybersecurity and the threats that are out there are real, and this pilot program is an attempt to get ahead of all that, to educate and assess the smaller businesses here, with the next step being to hopefully address those needs so they can stay compliant, because that’s an extremely important part of our economy here.”

Sullivan said the EDC and other agencies will work to build awareness of this program and sign on participants. There has already been interest expressed by many of these smaller manufacturers, and he expects it will only grow as awareness of the project — as well as the need to be cyber secure — grows.

What the Hack?

For the record, and as noted earlier, the Mass. Technology Collaborative came up with another $135,000 to award for other pilot projects to help prepare entry-level cybersecurity job seekers to both meet the needs of employers, and address the growing cybersecurity job crisis.

The first, a $61,178 grant, involves an entity called STEMatch, which proposed a creative collaboration between community colleges, Massachusetts-based cybersecurity service and technology providers, and end-user businesses to expand the pool of potential cybersecurity to under-represented groups and displaced workers. The other, a $74,690 award, was given to the MassHire Greater New Bedford Workforce Board to advance a public-private partnership between the regional workforce boards of Southeastern Massachusetts, Bristol Community College, and the South Coast Chamber of Commerce, and employers in that region. The pilot is designed to help address the lack of skills and work experiences affecting Massachusetts employers and will utilize best practices developed in Israel to create training and work experiences for students in grades 10-12.

“The majority of cybersecurity breaches occur in smaller supply chain companies, threatening the entire supply chain. Yet these companies often cannot afford the staff or resources to address ongoing needs for ensuring a cyber-safe ecosystem.”

Those projects, as well as the Bay Path initiative, drive home the fact that there is not just a gap, but a real crisis when it comes to filling jobs in this emerging and now all-important sector.

“Companies are craving talent,” said Matthew Smith, director of Computer Science & Cyber Security Programs at Bay Path and assistant professor of Computer Science & Cyber Security in the School of Science and Management, as he attempted to qualify a problem that’s difficult to quantify.

That’s because while there are posted positions within this sector — many of them lacking candidates — many of the jobs are not posted, increasing the size of the gap.

Closing it requires not merely people with degrees in Cybersecurity, although that’s essentially a pre-requisite, said Smith, but individuals with what could be called real-world experience on their resumes, he said.

The pilot program will allow students at Bay Path and STCC to put five cybersecurity assessments on their portfolio, which should certainly help open some doors for them.

“Our students won’t just be getting a degree, but also the necessary talent to be contributing to the workforce on day one,” Smith told BusinessWest. “Once they have these assessments and use these tools that are industry standards, they’re going to be thrown right to the top of the application pool, because most of those are search-engine driven, so once they put these key words in there, they’re going to be very marketable.”

This marketability should only help further develop the graduate and undergraduate cybersecurity programs at Bay Path (both traditional and online) that are already seeing explosive growth, said Smith, adding that the industry needs not only workers, but gender diversity as well.

“Only 11% of the jobs in the field are held by women,” he said. “The gender imbalance is very real, and it’s our main mission to provide these women the skills and get them their degrees, so they jump into the cybersecurity workforce and start taking those unfilled positions and close that gender imbalance; many companies are craving diversity in their workforce.”

Securing a Better Future

As noted earlier, the name on this project is long and cumbersome. But it breaks the problem and one possible solution into one highly efficient and effective phrase.

The pilot program will set a high bar when it comes to potential outcomes and goals for achieving progress with the many significant challenges facing the cybersecurity sector and the cyber safety of individual companies.

But a high bar is necessary because the problems are real, they are growing, and solutions are needed.

This program was conceived to not only help this region clear that bar, but provide a roadmap for other regions to follow. If it can do all that, the state’s sizable investment will yield huge dividends.

George O’Brien can be reached at [email protected]