On November 2, Intelligence and Security sector president, DeEtte Gray, delivered the following keynote speech during the National Initiative for Cybersecurity Education (NICE) 2016 Conference and Expo held in Kansas City, Missouri. The event brought together leaders in government, academia, and the private sector to discuss important issues regarding cybersecurity education, training, and workforce development.
The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our nation secure.
Transcript of BAE Systems Intelligence & Security sector President, DeEtte Gray’s, speech at the NICE 2016 Conference and Expo.
First, let me thank the entire NICE organization and LifeJourney for the opportunity to speak with you today. I’m excited to share with you how we in Industry are building our cyber security workforce that will ensure our future success and as a business and, most importantly, protect our nation and our people.
As you all are well aware, we have a shortage of cybersecurity experts in the workforce. Some estimate that there are more than 200,000 cybersecurity jobs unfilled in the US. That figure is up 74% from five years ago. This is not just an issue for the US. Cisco estimates that in 2016, more than 1M cyber job were vacant globally, and that number is projected to grow to 1.5M by 2019. The issue is simple: The demand for cybersecurity experts outweighs the supply, and the only way we are going to reverse this trend, is if everyone in this room – educators, administrators, public-sector and private sector – work together. So today, I’m going to talk to you about some of the things I’m doing in my business to develop the skills of my employees and grow our cyber security workforce.
Before I get there, it’s important to share a bit of background about myself and why cyber security is so important to my business. At BAE Systems, we are in the national security business. We are the third largest defense company in the world, with more than 80,000 employees worldwide, but my sector is specifically focused on supporting the U.S. government in protecting our national infrastructure and its secrets.
The Intelligence and Security sector I manage specializes in software development, IT, cyber operations, and intelligence analysis. This work enables the U.S. military and government to recognize, manage and defeat threats that help protect our nation and those who defend it.
As a business leader, I strive to stay ahead of my competitors to recruit and develop the best talent. I go to work each day seeking to empower more than 7,000 amazingly talented people to succeed in advancing our business while helping our government customers solve some of the world’s most challenging national security problems.
The Defense industry is very different than the academic or non-profit environment in which some of you work, so I thought it might be helpful to show you a quick video of some of the amazing work our employees do around BAE Systems.
When you hear the term “defense company”, one might assume I’m a veteran. I’m not. One might assume I was chosen to speak to you because I’m a cyber-security expert. I’m not. Actually, my story is probably more similar to some of yours. That’s because I started my career as a teacher.
I majored in math and science education at North Carolina State University. After graduation, I taught math and science to middle school students for several years in North Carolina. When I was teaching, computers and the internet were just beginning to be integrated in to the curriculum. We used our state-of-the-art McIntosh computers to do science experiments. Anyone here remember those?
During the day, I would teach students how to use spreadsheets, databases and search the internet, and in the afternoon I would teach my fellow teachers how to do those same things.
My passion for teaching and my expertise in math, science and computers led to an opportunity that I never expected. After several years of teaching, I was offered a job as a software developer for a local county. Talk about a stretch assignment. I was working on Geographic Information Systems, think mapping before MapQuest, and way before Google Earth.
After a few years, another unexpected assignment came along when I was offered an opportunity to go into business at a large defense company, Lockheed Martin. I had never worked in this type of environment nor did I have a business background. But I took a leap, finding myself in an unfamiliar industry - the defense industry. I had to quickly learn all kinds of new lingo and acronyms, since they all talked in code. Just like teachers do. I started as a software developer managing a team of six people. Before long, I was managing a team of 50, then 150, and before I knew it I was a vice president managing 3,000 employees. After 13 years at Lockheed, I was offered an opportunity to be the president of BAE Systems Intelligence & Security Sector – where I have been for the last four years.
Some might say my career path was unconventional. The reality, is that my story is becoming the norm, thanks in part to organizations like NICE.
I’d never be where I am today if my employers didn’t invest in my skills development. Sure, I had the basics in programming from college, but I had a significant learning curve to apply that to mapping.
My diverse professional experiences were also embraced by my employers. In fact, I still tell everyone the best leadership training I ever had was standing in front of a group of middle school students. Trust me, I’ve been through a lot of executive training over the years, but what I learned in that classroom cannot be “taught.” It has been extremely valuable to me in my role today. Educators in the audience know what I’m talking about. You’re on stage from the minute you walk into the school, to the minute you walk out. You have to absorb an array of complex information and turn around and teach it a group of individuals with a variety of learning styles. And you have to do this while you remain calm – no matter what challenges are thrown your way. That’s my job every day. That’s why I tell everyone, if you can command a classroom, you can command any boardroom.
I also had several managers and mentors along the way who helped guide my career, and help me grow as a professional, and as a business leader.
So, I know first-hand just how important the mission of NICE is. That’s why I’ve instilled these same core values into my business today. This strategy affects the way we recruit talent, the way we develop our talent, and the way we position our business for growth.
In my business, we are looking for people who are motivated by the incredibly important work that we do. They are inspired by challenge – and each other – and driven to deliver game-changing solutions for our customers.
My people are analyzing data and transforming information into intelligence that is being briefed to the President of the United States.
We are re-engineering military vehicles to provide them with the latest soldier protection systems.
We are helping to sustain and maintain the facilities and weapon systems responsible for our nation’s nuclear defense.
We are revolutionizing the IT infrastructure for the entire US Intelligence Community.
And, we’re developing and enhancing a range of cyber security, intelligence products, and defense services to stay ahead of the evolving threats posed to the connected world.
A BAE Systems employee is a problem-solver. And the competition for problem solvers in cybersecurity could not higher.
The Global Information Security Workforce predicts the demand for personnel with relevant security skills may rise 13% each year – over the next three years. In the U.S. alone, the market for cyber security professionals may be growing 12 times faster than the job market as a whole.
Let me put this into perspective. In order to grow my business, a business that offers professional services to assist government missions, I have to have a workforce that matches my customer’s needs. Right now, the number of software jobs we have available exceeds the available talent in the marketplace. And, the number of open positions in this field is expected to increase by 46-percent year-over-year through 2025. These positions are critical to our nation and its ability to develop the advanced capabilities and solutions we need to stay ahead of our adversaries.
The amount of malware and number of cyber-attacks are only increasing. The networks used by the US Department of Defense, our Intelligence Community agencies, and every agency with a hand in protecting our commerce, security, infrastructure and way of life, must withstand millions of attempted intrusions each day by terrorists, rogue states and cyber criminals. Our cyber experts are stretched thin, and unfortunately you’re beginning to see cracks in our defense.
These attacks hit home for many of my own employees, myself included, when hackers breached the Office Of Personnel Management databases – compromising the personal information of more than 22 million government workers and contractors.
At the same time, the private sector is facing its own cyber pressures. Criminals are actively targeting companies of all sizes for valuable data ranging from intellectual property and industrial secrets, to sensitive financial and banking information. The total cost of cyber attacks to U.S. companies and consumers is now estimated at $100 Billion annually. But the potential impact to a business’ brand and reputation is something no business can put a price on.
In many ways, the threat of cyberwarfare is now overshadowing the physical battlefield when it comes to protecting our nation. So, it’s no surprise that concerns over growing shortages of cyber professionals and the need to invest in STEM education initiatives have become key issues in our Presidential debates. Our nation’s investment in cyber education and workforce development has become a key factor in determining how great our nation will become – well beyond the next four or eight years. Investing to ensure our nation has the pipeline of workers skilled in cyber competencies is a workforce issue, an economic-development issue, and a business imperative. That’s why government, industry, academia, and organizations like NICE, must work together to ensure we have the next generation of problem solvers in the pipeline – ready for our nation’s next challenge.
Our National Security depends on building, retaining and maintaining a trusted cyber workforce, and we won’t have that workforce if we can’t interest more students in becoming science, engineering, math and cyber experts.
We need students that can analyze data, look for patterns and solve problems. They are not all from traditional computer science fields. Many of our employees are data scientists. Think about the show NCIS. The characters all have different backgrounds and skillsets. They work together as a team connecting the information they find as they investigate and analyze. Typically their information is from the physical world. Our cyber security analyst works in a similar fashion just in the virtual world. They are analyzing data, looking for patterns to catch the bad guy in the virtual world.
This work must start in our middle schools and high schools. But we have to creative. Unlike most other classes, we can’t rely on a textbook to teach cyber. The information and technology changes so quickly, it's virtually impossible to write a book that will remain relevant the minute it’s printed. We need cyber training that adapts to security threats – as fast as our adversaries invent new methods of attack. And, we need agile cyber education initiatives that are capable of educating students about the impact cyber-attacks pose worldwide. We need mature, tested curriculums that can effectively serve as feeder programs into our cyber-focused U.S. institutions.
There are already several great programs that are helping teachers expand their lesson plans and bring cyber security education into the classroom. These are a great start, but we need more schools to be implementing such courses.
We just wrapped up National Cybersecurity Awareness Month in October. This is a phenomenal opportunity to talk with students about cybersecurity. The Department of Homeland Security has created a number of outstanding student resources as part of the initiative. The materials include fun games and workshops around the history of cyberspace, and there are several resources available to help you explain the need, and use, of cybersecurity. In addition to providing foundational cyber education materials, these tools and resources provide important tips to help our kids stay safe online. These tools can also generate interesting classroom discussions around the many ethical and social issues related to cyber security.
There are also excellent after-school initiatives you can participate in, like the programs developed by the organization For Inspiration and Recognition of Science and Technology – or FIRST, as many of you may know it. FIRST engages students in exciting mentor-based programs that build technical skills, while inspiring Innovation, self-confidence, communication and leadership – the building blocks of future cyber security professionals.
Our company has long been a supporter of STEM education initiatives like FIRST, and our employees love volunteering to support these initiatives in their local schools. Programs like FIRST play an important role in getting the next generation excited about innovation and cyber security as a career.
One way I get my employees excited about innovation and problem solving is what we call the “Mission Impossible Challenge.” The Mission Impossible Challenge tests employees to think creatively to solve challenges under tight deadlines using only office and household items. Here’s a look at the video we used to kick off this year’s Mission Impossible Challenge.
Did you recognize anyone in the video (it’s Peder)? Yes, Peder is everywhere…
Mission Impossible sounds fun, right? Not only is it a fun exercise in engineering and teamwork, is based on a real-world challenge my experts face today. So has spurred excellent discussions cybersecurity.
Increasing student interest in cyber is only part of the solution. The U.S. has about 4,700 colleges and universities across the country, but, as you know only 200 of those institutions have been designated as cyber centers of academic excellence by the Department of Homeland Security and National Security Agency. Part of the problem is our institutions don’t have enough trained cyber experts to meet their needs. This is why public and private partnerships are so important. We must work together to fill knowledge gaps.
I encourage my top cyber experts to visit local universities and give guest lectures on cyber issues. My business participates in programs where cyber scholars are encouraged to visit our company and learn about our many career opportunities. Lastly, many of our cyber professionals also volunteer and serve as cyber mentors at each level of the academic system. Across BAE Systems, we have employees supporting STEM education exercises that challenge students to think outside of the box to solve complicated real-world problems. These experiences are invaluable for students, and insightful for our volunteers. Our people often do these extra-curricular activities on their own time, because they share the same concerns and passion that we all do in this room.
Industry must also step up and make investments to help incentivize college students to pursue cyber careers. BAE Systems, like many companies, invests in cyber scholar programs to train and prepare the diverse pool of students in the skills needed to protect our country from serious cyber threats. One program I’m particularly proud of is our collaboration with the University of Maryland-Baltimore County on a program to increase the representation of women and underrepresented minorities in the cybersecurity field. Students receive essential support to complete degrees in Computer Engineering, Computer Science or Information Systems. They also receive real-world experiences such as internships that help them succeed after graduation. There is outstanding talent coming out of this program – often students receive job offers from us before they even graduate.
Only by working together to improve cyber training initiatives at each level of our education system can we hope to be able to scale our cyber workforce to meet the market demand.
Today, the competition to hire qualified cybersecurity professionals with skills in areas like cloud, cyber, software development, and virtualization is intense. Our company is currently in a period of increased hiring. The advantage for the government and its contractors in recruiting has always been the ability to appeal to an individual’s sense of mission. Unfortunately, we’re seeking to hire the same highly-technical staff and advanced IT subject matter experts that leading commercial companies are pursuing – and often they pay more. With the supply of talent being so limited – cyber professionals are valued at a premium by employers.
Even the government is being forced to change the way it recruits. Just this year, the Department of Homeland Security rolled out a new series of incentive payments to lure cyber experts away from the private sector and keep them in the civil service. The bonuses can provide an additional 20 to 25% on top of an employee’s annual pay, depending on the certifications they’ve earned and the position they occupy.
Bonuses and incentives are great ways to lure people to join your business, or stay on, but as I mentioned with my software developer example earlier, the pool of available, trained cyber talent looking for career opportunities is shallow, which means many of us are just hoping to lure talent away from other companies.
My biggest challenge and priority – as a leader of a cyber-company – is building a sustainable, growing business, and that starts by identifying and developing a pipeline of talent.
To accomplish this, we’ve had to adapt. Due to the nature of our work, and the fact that many of our programs require government security clearances, we created a feeder program by launching a new attractive and competitive internship program.
The program we created is called LEAP which stands for Lead, Engage, Apply and Perform In launching our LEAP program, we created a formalized internship learning experience, where our recruits are given important business research projects and challenged to develop new capabilities to enhance our business operations and create new market discriminators. The program also provides mentors, training, career path discussions and facilitates networking activities.
Several of our LEAP students who have graduated have taken full-time positions with us. Several others who are still in school are continuing to work with us on projects and gaining valuable work experience that will allow us to easily transition them into permanent roles upon graduation. We’ve found our LEAP students are outstanding brand ambassadors, who are going back to their universities and telling their colleagues that BAE Systems is the place where an internship can launch your career. That word of mouth is the best marketing we can ask for, and it will help us increase the number of college applications we receive each year.
Within my business we promote a culture of continuous learning among employees. We’ve developed an entirely new skills and development training program within our sector, called Intelligence & Security University. Or, as we call it, I&S U. I&S U is a skills enhancement and career advancement training program that offers specialized technical courses and certification training. The courses are developed in-house by I&S employees and are closely aligned with guidelines set by customers and organizations such as the National Institute of Standards and Technology. This ensures our workforce is properly trained and prepared to help our customers address their current and future cyber security challenges. We put together a video I wanted to share with you that explains a bit more about the value and impact I&S U is having across our business.
More than 1,300 employees have participated in I&S University training courses this year, and over 100 have earned new industry certifications. That number will continue to grow as we make courses more easily accessible. I’m really excited about the future of the program.
The career development initiatives mentioned in the video are helping individuals transition to completely new roles across our business. We’re not talking one box moves either. It’s the equivalent of switching majors! We have intelligence analysts taking courses in cyber security, and IT help desk professionals training on cyber defense.
I&S University is allowing our employees to expand their skills and enabling them to pursue new career opportunities within BAE Systems. It’s creating a well-rounded workforce, where those who take our courses get to learn new skills. It’s giving our cyber experts a chance to teach and share their knowledge with their peers, and helping them fulfill leadership roles within our business. I&S University is also helping us ensure that the cyber experts we already have, have a formalized training framework available to them, so they can stay on top of industry changes and earn the important certifications our customers desire.
If you look across the business world, you will find the best business leaders in each market recognize their people are their greatest asset, and they are dedicated to hiring and developing a workforce that is constantly innovating and generating the best technologies and ideas.
Whether you’re in academia, a non-profit, industry or government, we all have a stake in protecting our nation’s infrastructure. That’s why we all must work together to ensure we have a robust pipeline of cyber professionals that our country needs to endure and overcome the challenges of our world.
I want to thank you for the opportunity to be with you this morning. I look forward to hearing about the ideas and the solutions that come from this conference.
I especially want to thank Rodney Peterson, Rick Geritz and George Heron for the invitation to be a part of this important event.