How Sentara Healthcare is building a pipeline of cybersecurity talent
The information security department at Sentara Healthcare knows that the ongoing infosec talent shortage is expected to get worse so it’s taking matters into it own hands.
Sentara created the Cyber Student Staffing Program, in fact, to recruit students in its home state of Virginia to be future cybersecurity workers.
With a recent report from The Center for Cyber Safety and Education predicting a shortage of 1.8 million information security workers by 2022, health systems across the country are already grappling with the constraints of fewer people to defend and protect crucial hospital and patient data.
To that end, Sentara’s program recruits students from around the region – mostly college, some high school – to work in the Sentara Healthcare information office as junior cyber risk analysis, junior cyber security analysis, and junior security development and operations analysts. These students work side by side with information security professionals to gain valuable first-hand experience.
“Our typical student staffing is filled by college students – both undergrad and graduate students. We also brought in a handful of high school students for summertime internships that were 3-4 weeks in duration,” said Dan Bowden, vice president and chief information security officer at Sentara Healthcare. “Our college students aren’t actually interns in the typical sense of the word. They are ongoing part-time staff.”
It’s not just young students. The age range of ongoing part-time college student staff is late teens to early 30s. Sentara looks for students who are good communicators and demonstrate a coachable disposition and the capacity to learn.
“Our junior cybersecurity analysts work in our operations and risk analysis teams,” Bowden explained. “Those in operations assist our MSSP with Tier 1 and 2 event triage, identify and respond to malware callback events, and assure our time-based compliance requirements are checked off. Those who work in risk analysis assist with inherent risk surveys, awareness and training programs, and support of our asset-based risk management tools.”
The Sentara cybersecurity program can greatly benefit students. Participants focus on tedious tasks that are difficult for FTE staff to spend a lot of time on, such as helping solve problems, advance projects, and manage responsiveness to requests and incidents more efficiently.
Experience is crucial for these students as they grow their knowledge and prepare to enter the workforce.
“Students can gain a lot of knowledge in class about cybersecurity,” Bowden said. “Experience turns knowledge into wisdom. The students learn to work within a team to execute effective incident response, provide detailed forensic analysis, and write comprehensive documentation. The team experience teaches our students what to expect in the real world and how to apply their wisdom in many work settings.”
When Bowden did a similar program as CISO at University of Utah Healthcare, the health system hired some of the students, Bowden said, and others went onto careers with Goldman Sachs, Symantec and U.S. Cyber Command.
“We have been doing the program for six months now at Sentara,” he added. “I expect similar success for our students and our organization. I emphasize to our leadership team that success is a student moving on to a better job in cybersecurity or further academic advancement.”