SANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in partnership with Google, to help provide training and certifications to women, ethnic minorities, Indigenous people and other groups that are currently underrepresented in the cybersecurity sector.
A 2022 report by Cybersecurity Ventures found that women make up only 25% of the cybersecurity workforce globally, while an Aspen Digital Tech Policy report from the same year found that only 9% of cybersecurity experts are Black, about 8% are Asian, and 4% are Hispanic.
In order to reach potential students, SANS Institute conducted extensive media outreach in the tech industry as well as diversity-focused publications, while also working with over a dozen community partners, such as Women in Cybersecurity, Black Girls Hack, Women’s Society of Cyberjutsu, and Cyversity, to help spread the word, according to Max Shuftan, director of mission programs and partnerships at SANS Institute.
He said that the institute also uses social media, partnerships, and has a referral process in place to reach potential students.
While the (ISC)² professional cybersecurity association estimates that the overall global cybersecurity workforce gap currently stands at around 3.4 million people, SANS and Google have designed this academy specifically to focus on providing participants with the skills to secure cloud infrastructure and sensitive data.
“SANS Cloud Diversity Academy will be placing a particular emphasis on developing skills related to the unique threat landscape of the cloud,” Shuftan said. “While we recognize that there are many important skills needed to succeed in cybersecurity, we believe that a deep understanding of cloud security is critical given the increasing reliance on cloud computing and the unique challenges it presents.”
He said that the academy will be focused on providing scholarship-based training programs of up to three SANS courses and the associated GIAC certifications. These will specifically address the challenges of securing cloud environments, such as those related to cloud architecture, identity and access management, and data protection.
Applicants can currently be employed in an entry-level IT or STEM role, but priority may be given to those unemployed, underemployed, or interested in a career change. Applicants must also be able to demonstrate an aptitude and passion for security, currently reside in the US and be authorized to work there.
The core curriculum for SCDA provides training for GIAC Cloud Security Essentials (GCLD) and GIAC Public Cloud Security (GPCS) certifications and successful program particpants must first pass the GCLD exam before proceeding.
“[The GCLD] course covers real-world lessons using security services created by Google Cloud Platform, Amazon Web Services (AWS), and Microsoft Azure, as well as open-source tools,” Shuftan said, adding that each section of the course features hands-on lab exercises to help hammer home the lessons learned.
After passing the GCLD Examination, students will then take the GPCS Certification exam, which provides cloud security practitioners, analysts, and researchers with an in-depth understanding of the most popular public cloud providers, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform.
In total, SCDA plans to offer a minimum of 25 scholarship places.
The announcement comes just as the White House unveiled its National Cybersecurity Strategy. The strategy is the result of months of discussions among more than 20 government agencies and consultations with private sector organizations and ultimately outlines a number of fundamental changes in how the US will allocate “roles, responsibilities, and resources in cyberspace.”
The fourth pillar of the strategy calls for a strengthening of the US’ cybersecurity workforce, to tackle the lack of diversity among cybersecurity professionals through the implementation of a National Cyber Workforce and Education Strategy.
Shuftan said that SCDA directly supports the US government’s objective of developing a national strategy to strengthen the country’s cybersecurity workforce and tackle the lack of diversity in the field head-on.
“We are committed to reducing the talent shortage and driving greater diversity, equity, and inclusion, ensuring careers in cybersecurity are well within reach for all Americans,” he said.