All of the training materials came from the California Cyberhub, which is available to CyberPatriot teams any time they need it. Interest in the program has grown so much that students no longer fit into a high school classroom or computer lab.

Woods said Coastline Community College has been great a great partner in lending its labs and equipment to support CyberPatriot.

“We’ve outgrown our classrooms and we can’t be running back and forth across campus while the competition is happening,” Woods said. “The colleges have been great about letting us use their computer labs working with their IT departments to make sure the computers have the images we need.”

The October 14 training also provided an opportunity for new CyberPatriot coaches to see the program in action and learn more about how their students can benefit from cybersecurity education.

“As a first-year coach, I was amazed at the CyberPatriot program and the career opportunities our students could get into,” said Ryan McKernan, a teacher at Fountain Valley High School. “I never knew something like this program existed. As an educational facilitator, it was enlightening to see all the students’ faces light up as they began practicing on the images this weekend. “

Fountain Valley High School has 30 students participating in CyberPatriot this year, and it is already making an impact. McKernan sees it as a supplement to the school’s AP Computer Science courses and something that can attract more students to the field.

“I envision CyberPatriot as a key component in increasing the number of students at our school interested in a technology pathway,” McKernan said.

The first round of the national CyberPatriot competition for this year will be held November 4 at Moreno Valley College.

The cost and number of companies offering cyber products has also grown. A Govini study showed that for fiscal 2018, the number of vendors offering cybersecurity products and services has grown by 55.1 percent. On top of that, the opportunities and need for vendors to work in the federal market have also increased by 78.8 percent.

“A lot of people are gravitating towards this market, but at the same time, the way the federal government is emerging its digital footprint is cyber is pervasive, anything that requires data or any digital component has to have a cybersecurity aspect to it,” Hummer said.

This increasing need opens up areas for competition and contracts for vendors. In its study, the data was split into five broad categories related to mission or objective for each agency. From there, 13 segments were identified

reflecting the capabilities of the agencies. Lastly, it was broken down into 59 subsegments defining the approaches that were specific to each available technology.

“When it comes down to it, our category cyber defense accounted for the largest share of spending and that makes sense,” Hummer said. “But the challenge with cyber defense is we believe that it’s reached a point of diminishing returns.”

While it accounted for more than 40 percent of overall spending, its growth began to slow when compared to other categories, such as cyber resilience. Cyber defense is the act of doing everything to prevent an attack, but cyber resilience gives an agency the capability to continue operations, even while under attack.

Every agency has to keep their eyes open for potential insider threats, especially with the increase of cloud space. Training federal employees in cyber compliance and data analytics will help agencies learn the trends in cybersecurity, and could help them prevent or repel attacks, Hummer said.

Analytics, in the long run, will help agencies understand their cyber defense better, and learn to rely on software and not just hardware.

“Of course, we’re seeing a lot of huge proliferation in cyber capable software. But at the core root of a lot of the software, it’s analytics,” Hummer said.

“People aren’t buying appliances and putting them in their data centers.”

Everything depends on how defense and civilian agencies embrace software and hardware managed by vendors.

“They’re going to have to install a lot of that hardware themselves. And when we see this coming wave of IT modernization weaving in, [it will be a] challenge, because a lot of that infrastructure is going to be [fresh].”

An even bigger issue arises when looking specifically at the information that

agencies, such as the Veterans Affairs Department and Defense Department, have to keep under protection. So, agencies have to be careful which vendors and programs they accept.

On the other hand, a vendor also needs to understand who’s doing what, when, where and how with its products. Understanding this from a competitive point of view and identifying different markets in order to install vendors’ products is very important. In fact, the federal government relies a lot on these partnerships with civilian organizations, Hummer said.

“Nobody has an end-to-end solution, especially when it comes to cyber,” Hummer said.

Defense agencies such as the Army, Navy, Air Force and Defense Information Network, as well as the Department of Homeland Security, are leaders in cybersecurity because their networks are the largest and most comprehensive.

However, all agencies must look deeper into how they can prevent both insider threat attacks and outside threats to their information.

Hackers are often focused on obtaining information, such as medical records, in order to publish it on the dark web. Because of this, the federal government has a direct need to protect that information, Hummer said.

That increase in stolen information and medical records within the Veterans Affairs Department has the agency worried. Because of this, the VA alone is set to spend almost half a billion dollars on protecting its data and networks, Hummer said.

The event’s goal was to provide an overview of how the CyberPatriot program works and the opportunities available to educators through the California Cyberhub.

“What we’d like to do is be able to emulate this type coaching throughout the state and create a program that Deputy Sector Navigators can utilize throughout their regions,” Woods said.

Participating in CyberPatriot competitions can help students become interested in cybersecurity and provide educational pathways from middle school to high school to community college. Stubblefield said the key is to get students involved early so that they can grow into leadership roles on the team and cement an interest in cybersecurity as a career path. 

There are thousands of cybersecurity jobs that are going unfilled due to a lack of qualified workers. The supply and demand issue also leads to higher starting salaries — a point that typically resonates well with students and parents.

“I have eighth graders saying that this is what they want to do after college, which is cool to be around,” Stubblefield said. “They like what they’re doing and are part of a digital generation so they’re very comfortable with technology and not afraid to fail.”

In order to make that success happen, though, a school needs a cyber champion who can organize competitions, camps, and other events to promote cybersecurity. Resources are available through the Cyberhub to make that happen as long as someone has the time and willingness to invest.

One the Cyberhub’s long-term goals is to provide resources that high school and college instructors can implement without an extensive IT background. Teachers can learn cybersecurity technology right along with their students, and everyone benefits from an increased understanding of how to stay safe online.

“40 percent of our high schools in the country offer computer science, but that means 60 percent don’t,” Stubblefield said. “We are trying to figure out how we can structure curriculum so a science or math teacher can teach cybersecurity. We’re trying to make it as a simple as we can.”

To do that, Woods said she hopes to utilize a train the trainer model to create cyber ambassadors at high schools and colleges who can work with their colleagues at other schools to set up their own teams and events.

“Schools can jump in at any time during the year, they are not locked into certain dates,” Woods said. “They can set up a quick cyber event or shadow another team in their experience. What we showed them was just the beginning of what they can do throughout the year.”

“CDT is proud of this new and critically beneficial capability as it is believed to be one of the few SOCs of its type in state government within the United States,” reads a CDT announcement.

The center is set to be built and released in phases. The first phase, that began at the start of California’s fiscal year in July, dealt with the initial installation of equipment and software to protect and defend the California Government Enterprise Network (CGEN), a state network that allows agencies to access the Internet, servers and applications hosted by the CDT and other departments.

The next phase will expand the center’s protection and defense services to cover additional systems and IT assets controlled by the CDT, while final phases of the project are expected to see the center partner with a state agency in a cybersecurity pilot that will evolve into an official program that can be offered to any interested California government entities.

The state said the center will be manned by the CDT’s IT employees but will also rely on active staff from the California Military Department — organizations connected to the state’s Army National Guard, Air National Guard and Military Reserve. Officials said that this was done to make sure the center was well staffed.  

“As is widely known, acquiring and retaining IT security specialists is difficult due to the vast shortage of individuals with these skills,” the CDT stated. “This innovative model allows for tapping multiple sources for those skills.”

At the National Association of State Information Officers mid-year conference in April, California Deputy Chief Information Officer Chris Cruz told StateScoop the center would be milestone for cybersecurity that would not only protect mission critical systems, but would encrypt data both in transit on the web and at rest on network servers.

“We are going to protect our security endpoints here and protect all mission critical data that comes in and out of the state’s firewall through the statewide data center,” Cruz said. “Then [we’re] looking at endpoint encryption, intrusion detection, and putting intrusion prevention services throughout other networks that come in and integrate with our statewide network.”

Cruz said the state is also intended to increase the center’s impact through partnerships with California academic institutions including California State University systems, K-12 education systems, and “any peer-to-peer relationships” to provide greater protection. On top of these, the CDT says it’s working with the California Cyber Security Integration Center, which delivers curated IT threat intelligence and large-scale IT incident response.