VETSOPPORTUNITY IN CYBERSECURITY CHALLENGE UPDATE How might we provide pre-deployment experiences that simulate the real world to prepare veterans for apprenticeships?
Prepared by Trestles February 26, 2014
Education Design Lab
P. 4 - INTRODUCTION
P. 10 - JOURNEY MAPS
P. 72 - PROTOTY
TABLE OF CONTENTS P. 8 - PROCESS MAP
P. 20 - RESEARCH INSIGHTS
YPES P. 84 - SERVICE BLUEPRINTS
Image: GRW: View at an EDL Drop-In Day
PROJECT OVERVIEW Targeting a uniquely diverse, under-served, and underrepresented population, The Veterans to Cybersecurity Careers Challenge aims to increase the number of undergraduate students securing professional cybersecurity qualifications and workforce-readiness skills along their degree pathway. The challenge focuses on providing a highly flexible degree pathway that provides marketable workforce skills and certifications along the way. The project is built around the complex financial, pedagogical, workforce preparation, and other needs of Veterans and similarly situated adult learners; a degree pathway that addresses the extreme needs of this learner group is more attractive to and better serves the existing and prospective students. The project’s main goals are attracting more candidates into and expanding the number of students graduating from a combined AAS/BAS cybersecurity IT degree pathway. George Mason University (Mason), the project lead, designed this pathway with their partner, Northern Virginia Community College (NVCC). NVCC currently supplies 60% of the GMU student pipeline. Both Mason and NVCC have been designated by NSA and DHS as a National Center of Academic Excellence of Cybersecurity Research (CAE-R). This innovative pathway grants students credit for real world experience and links classroom experience and real-world experience via a capstone course and other interactions. Education Design Lab (Lab), a non-profit and Mason’s partner in testing new models in higher education, has been selected to engage the business community and to design, pilot and test curriculum-linked workforce readiness experiences and employer-student interaction enhancements to the degree pathway for Mason and NVCC, and which will then be shared nationally. WORK TO DATE (FEBRUARY 2014) The Veterans to Cybersecurity Careers Challenge began in Summer 2013 as one of three initial design projects of the Education Design Lab. From its inception, the challenge has explored how to better prepare veterans and other adult learners to attain careers in cybersecurity, how to encourage local cyber-security employers to hire veterans and other adult learners, and how to ensure that veterans working in the cybersecurity field are highly-skilled at their jobs and well-adjusted to typical working life. From the beginning, the Lab has taken a design thinking approach to addressing its challenge question: “How might we better prepare veterans for careers in cybersecurity?” Work on the challenge began with an intensive period of research, whereby the Lab and its partners conducted research interviews and networking meetings with over 20 different individuals and/or companies working in the cybersecurity field and/or with veterans. These interviews included conversations with Google, Mitre, DHS, the National Counterterrorism Center, Fidelis, SOCOM, IBM, and Raytheon, to name a few. They also included in-depth meetings with potential education partners at George Mason University, a local institution currently building a new cybersecurity program that is set to launch in fall 2014. In November, the Lab hired a team of service designers (Trestles) who helped the Lab conduct some additional research within higher education and explore ways to move the challenge forward through Ideation and Prototyping activities. Trestles research involved 13 additional research interviews, including conversations with traditional students, veteran students (e.g. students who had previously been in the military for 10 years), adult learners, veteran and career counselors, and two recruiters who focus on the cybersecurity realm. After wrapping up the additional research, the Trestles team helped the Lab explore potential solutions to the challenge question by developing a series of Insights Statements (condensed versions of the Lab’s findings from its research interviews); facilitating a number of gatherings involving Ideation (the generation of
design ideas by giving participants an understanding of the context, challenges, and potential user needs) and Prototyping (the development of light models, mock-ups, and scenarios to explore potential solutions in greater detail and discover flaws or challenges in the initial ideas); and developing a booklet of design concepts, intended to help the Lab shop ideas around with potential implementation partners. Between December and January 2014, the Lab ran four design sessions, including two “Design Days” and two “Drop-In Days” specific to the cybersecurity challenge. The first Design Day occurred in December and involved a small group of individuals, including a local start-up founder, a design thinking consultant, and an education researcher. At this Design Day, we explored the challenge question, showed participants a map of the steps that we believed veterans must take to attain careers in cybersecurity, and talked about some potential solutions to the challenge. In January, we conducted three more design sessions: A Drop-In Day in early January, a second Design Day in mid-January, and another Drop-In Day in late January. At the early January Drop-In Day, we presented some of our initial work to participants from a local coworking space and invited them to help us come up with some potential ideas for addressing the challenge question, using the “Insight Statements” that we developed in December, based on findings from our research. Then, at the second Design Day, we continued exploring solutions through Ideation and Prototyping. Finally, at the late January Drop-In Day, we invited participants to help us explore potential solutions in greater detail using a service design tool known as service blueprinting. From there, we took the resulting ideas and packaged them in a concept booklet. The pages that follow present the outputs from November to December in greater detail. This book contains several key items, which will be of interest to Lab partners, Lab funders, and potential Lab vendors. These include: a Process Map documenting all of the work to-date in a simple visual format, Journey Maps used to articulate the steps that veteran users must take to attain careers in cybersecurity, Insight Statements developed by synthesizing data from our research interviews, One-Page Prototypes that illustrate the “best in class” ideas generated during Drop-In Days and Design Days, and Service Blueprints that showcase the beginning of our work to explore ways to implement the prototypes. This book is intended to orient readers to the work completed to-date and help them gain a fuller picture of how the ideas resulting from challenge activities might live on in the world through live offerings funded by Lab partners. As of February 26th 2014, the challenge question has gone through several revisions, and now reads as follows:
How might we develop a cybersecurity degree pathway for veterans that gives credit for training and experience during service, develops workready skills, and launches careers in cybersecurity? Future work exploring ways to implement the ideas generated during Ideation and Prototyping activities should focus on answering this question through viable, feasible, and new-to-the world businesses or programs that help GMU and the Lab further the mission of helping students find passions, lighten future debt burdens and build regenerative skills to prepare them to thrive in a chaotic knowledge economy.
Image: GRW: View at an EDL Drop-In Day
Journey mapping is a process commonly used in design thinking and/or service design projects to help organizations better understand the steps that a user must take to complete a particular goal or milestone. For the cybersecurity challenge, we used journey mapping as both an illustrative tool and an exploratory tool. Initially, we used a detailed journey map to illustrate our perceived sense of the veteran to cyber-employed pathway. Later, we developed high-level journeys that did not include step by step details but were intended to provoke design ideas around alternate ways for veterans to attain cyber careers that stepped outside the norm. In early November, we developed a detailed step-by-step journey map that outlined the specific steps that we thought veterans would have to take to attain a degree and later work in the cybersecurity field. We then brought this journey map into high-level meetings and research interviews with students and career counselors to determine what aspects of it were correct and what aspects needed refining. After conducting a number of interviews with the initial journey map in-hand, we learned that our perceived veteran journey actual bore little resemblance to the journeys of real students. While on the one hand, faculty and administration at George Mason, with whom we had spoken with heavily up until that point, viewed the most significant steps in a students’ experience to be things like degree completion, attainment of a job, or milestones that take place throughout a degree program, we heard in student interviews that the transitions that happen before and after higher education are perceived by students to be the most substantial aspects of their experience. For example, we heard from three students who transferred from NOVA to GMU that they were still “paying the price” for taking certain classes like Geology at NOVA that did not transfer to Mason and felt ill-equipped to jump into an IT-focused degree program because they did not find a soft landing at Mason. Similarly, one veteran student that we spoke with told us that his career search has defined his entire educational experience. Since day one of pursuing an IT degree at Mason, he has been looking at employer opportunities and seeking to align his education to employers’ needs; yet he said that he found little support from either Mason students or career advising in discerning which opportunities would best fit his background and interests. His search for a “good fit” has been largely selfdirected and informed by his peers who were already in the workforce, rather than shaped by the community that surrounded him at Mason.
The pages that follow contain four different journey maps developed by the Lab during the course of the challenge. The first is the illustrative journey map that the Lab developed in November. The second, third, and fourth journey maps are exploratory journey maps developed in late December in preparation for our January Design Day to help us inspire creativity regarding ways to reimagine the veterans present-day experience.
ILLUSTRATIVE JOURNEY MAP Education Design Lab
en sio ci de
on isi cy
Pathway This journey map was developed in November for a meeting between the Education Design Lab, George Mason, and NOVA and represented the Lab’s “best guess” as to the steps that veterans were taking to pursue additional education in and eventually find careers in cybersecurity. We used this journey map to convey the Lab’s work in exploring possible opportunities for design and in interviews with veteran and non-veteran students to validate and update the journey steps to better reflect students actual experience. Later pages document the way that this journey map was moved forward after conducting student interviews to adapt it into an exploratory tool that inspired design by individuals working with the Lab to create new-to-the-world concepts that addressed the challenge question.
y Notes es
sm :e en xa t m ed in at :e io xi n t w or k: se ar w ch or k: ch oi w ce or k: hi re w or k: de ve w or lo k: p/ re re ta to in ol
Veterans to Cyber Security Jobs Challenge
transition 2 cyber employed
This journey map represents the perceived steps that veterans must go through to make the transition from military service to work in cybersecurity. More or less, it is a high level view of the journey map provided on the previous page. It is based on initial research conducted with employers in the cybersecurity field and with higher education administrators designing curricula and programs for veteran students pursuing careers in cybersecurity-related fields. The circle with the line through it, used throughout the journey map represents an individual touchpoint in the journey. Touchpoints are used in journey maps to indicate moments in time or steps taken towards a particular outcome. For the purposes of this journey map and those that follow it, we define a touchpoint as “a point of interaction involving a specific human need in a specific time and place.” This definition comes from Chris Risdon, of UX firm Adaptive Path, and captures the nuance of the term for the purposes of this discussion. Note: This journey map is very linear in its to achieve career readiness are “set” and Additionally, this journey reflects a one size for veterans (an approach that we will later
process: the steps that an invidual must go through staged over time in a clear, step-by-step fashion. fits all approach to the military to career transition challenge in subsequent states of the journey map).
We developed this journey map as part two of a three-part exploratory framework. This journey map represents the actual steps that veterans must go through to make the transition from military service to work in cybersecurity. We developed this journey map to reflect the nuances inherent in reallife experience, where steps are rarely clear-cut, and where the reality of a veteran’s transition to higher education from the military, and later from higher education to a career, is actually quite lengthy. Whereas every college student must “transition” from pre-college life to college life and later college life to life in the “real world,” the journey for a veteran is an extreme case. Transition is possibly the best way to typify the veteran’s current experience, as part of the post-military process for veterans is unlearning old ways of doing things, or perhaps even learning to forget the past altogether (where the past is too traumatic to keep top of mind).
The steps in transition one can range from acclimation back to typical American life to the adjustment of being in school for the first time in many years. For some veterans, this transition is quick; whereas for others it takes a period of years. In certain cases, an injury or the necessity of providing for a family may prolong the process of transitioning back to school, and perhaps even make the â€œtransitionâ€? a permanent shift, drastically distinguishing the veteranâ€™s experience from that of an average college student. Meanwhile, the steps in transition two cover a different breadth: that of the often-boggling shift from school to the real-world. For veterans, this step not only involves discovering and exploring a career path (a step that may start as early as day one of higher education), but also adjusting to a different type of work culture than that of military service.
We developed this journey map as part three of a three-part exploratory framework. This final journey map respresents an ideal state for the veteran transitioning from military service to work in the cybersecurity field. Our research and initial ideation around the topic of veterans in cybersecurity suggests that all of the steps that fall between the beginning and end of the journey are, in one sense or another, optional. The ideal journey is customizable and adaptable to each individual’s needs and lifestyle. Offered below are just a few examples as to why a “coiled journey” might make sense. Some veterans who leave the military are ready for work in the cybersecurity field and do not need any additional training to attain that work. For those veterans, it might make sense for them to move three quarters of the way up a “ladder” that quickly allows them to prepare for “real world” work and explore career opportunities. For other veterans, education might make sense but family or financial obligations might dictate a “quick path” to paid work or a work-study option that allows them to work in the cybersecurity field while pursuing part-time studies to advance their skills. For yet still other students, an initial exploration of higher education in the cybersecurity field may not suit their interests, and a bit of basic onboarding to cybersecurity work may be enough for them to secure jobs in product sales or marketing at a cybersecurity firm. Finally, some veterans who pursue work in cybersecurity may determine that they need additional education once they get to the workplace, but because of the “opportunity cost” of leaving the workforce, may need a pick and choose their course of study approach to higher education. We believe that the ideal transition from military service to cybersecurity work is fluid. The imagery of a coiled spring is used here to suggest that the journey might be compressed or stretched out to suit an individual’s preference, and to further suggest that non-linear movement throughout the different touchpoints would more readily prepare veterans for fulfilling and successful cybersecurity careers.
This section details the initial research leading up to the Lab’s Vets to Cybersecurity “Design Days,” which explored potential solutions to the challenge question. Over the course of four months, the Lab conducted over thirty research interviews with veterans, higher education administration, cybersecurity recruiters, cybersecurity employers, veteran and non-veteran students, and peers who work with veterans in the cybersecurity field. We spoke with 14 different cybersecurity employers (Google, IBM, the Pentagon, and Symantec, to name a few), 3 veteran students studying cybersecurity-related topics, five nonveteran students studying cybersecurity-related topics, one representative from the Department of Veteran Affairs, two cybersecurity recruiters, two GMU student advisors, three veterans working in cybersecurity, one veteran working outside cybersecurity, and a number of higher education administrators from GMU and NOVA. The results of this research shed light on the areas of the challenge topic where the Lab could deliver the most impact and find quick wins. The pages that follow unpack some of the insights from our research in a visual format, with each page involving a single insight and then an “opportunity statement” derived from the insight. Each insight represents findings from at least three research interviews and is intentionally written “in the user’s language” to signify real input. Data corresponding to each insight is provided after the insight pages to show where the insight came from and underscore its significance.
For ease of access to the insights, we have color-coded them to correspond to three key phases in the journey maps: Blue insights correspond to the transition from military to higher education, Red insights correspond to the educational experience, and Yellow insights correspond to the transition from higher education to the workforce. We believe that these three key ‘leverage points’ represent the sweet spots for the Lab’s ongoing intervention to address the challenge topic. Following the insights statements, we have included a SWOT analysis that we conducted following our review of all of the Lab’s research in December. This SWOT highlights key areas for growth and improvement that GMU and the Lab might target through solutions. Overall, we found through our research that veterans’ lack of preparedness for careers in cybersecurity goes well beyond skill gaps. Veterans who go back to school after military service often face tremendous challenges, ranging from: culture shock to family life, financial duress to rusty study skills, social stigmas to cultural mismatches. Can you imagine going back to school after nearly ten years in the workforce or with two kids at home? Those are pretty accurate examples of the obstacles many veterans face in pursuing the additional education necessary to take on complex cybersecurity work. We believe that veteran students represent an extreme user population, with unique needs, which (if met) might have a spillover effect for a variety of students such as: other adult learners, and learners with unique schedules, lifestyle challenges, or even learning disabilities.
The shift from NOVA to George Mason is a huge “missed opportunity.” I wasted money on classes that didn’t transfer and no one gave me advice on how to transition well.
OPPORTUNITY How can we smooth the process for students transfering from NOVA to Mason who donâ€™t know where to look for advice or general guidance?
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT “NOVA doesn’t tell you what university life is going to be like and what credits will transfer, so you have to take some classes again.” –Adult learner at GMU It would be smart to look at the GMU/NOVA RN to BS program as it has been a successful model – the challenge right now is that GMU has a rule that requires at least a quarter of coursework to be completed at Mason, so something would need to change. – GMU employee
Even the 300 level classes at NOVA only transfer as 200 level courses at GMU because NOVA is a community college. –GMU employee “My IT classes did not transfer from NOVA to GMU.” –Adult learner at GMU “I wanted more tailored classes at NOVA to add to my major and less frivolous credits that were a waste of time and money.” –Adult learner at GMU
I need a program that is adaptable to my pace and my lifestyle-which sometimes involve part-time work or a family.
OPPORTUNITY What if we made the IT education experience more interactive and adaptable to studentsâ€™ individual paces and lifestyles, allowing the course flow to be sped up or slowed down depending on a studentsâ€™ need.
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT “I work 24-40 hours a week at my retail job to help pay for school, I don’t have time to teach myself things at home that I should be learning in class.” –Adult learner at GMU Family and financial pressure are two outside stressors that are two major reasons for dropping out. –GMU Employee “I live in Dumfries, VA so the proximity of George Mason was a big factor in where I went to school, but the commute and having a family add a lot of stress.” –Veteran student at GMU 28
Some students do more than just school – One student worked until 2:30pm then had class from 4pm-7pm, then a conference group at 8pm and could only study at night; his lifestyle did not permit the same level of attention as someone who is just a full-time student. –Veteran student at GMU “Getting started was the biggest challenge for me. There has been a 10 year gap between High School and college, so getting back into school was difficult at first.” –Veteran student at GMU
I want more real-world exposure while iâ€™m still in school.
OPPORTUNITY How might we develop and structure more opportunities for hands-on training, earlier on, that expose students to the diversity of career paths and help them determine how to move forward after school?
Image: BMW Guggenheim Lab via Flickr
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT “This program (IT) needs a lab to show how to implement real things and work through them, more practicality is majorly necessary.” –Student at GMU “We don’t need money, we just want the experience that employers prefer.” –Adult learner at GMU “How do I communicate that I am a good worker? I am interested in the field but baffled by the certification and expertise that employers are looking for, particularly in IT.” –Veteran 32
“Many people come out with book learning, but not experience.” –Senior manager at a US government agency Other students coming from cyber security programs, they tend to be missing core fundamentals, they can talk about fuzzying and vulnerabilities but are missing core conceptual low level knowledge to understand memory mapping layout, OS systems integration. –Employer
We wish that institutions would use technology or mock environments to simulate real-world scenarios. -Employer perspective
OPPORTUNITY How might we use technology or even other low-fidelity mock-ups to simulate real-world scenarios that cybersecurity employees will face in their jobs?
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT “Get them out in front of systems and give them real world experience.” -Senior Manager at a major cybersecurity employer “I wish there were a live-attacker scenario format game to learn from.” -Student at GMU
Incorporate online capture the flag activities into coursework. Such as a secret hidden inside a computer that the student must use hacks to identify in an attempt to get the ‘flag.’ These can work in free, open and teamed competitions to help stimulate interest and share knowledge among students. –Employer
I want to learn from others who have already been down this path.
OPPORTUNITY What if every veteran had a mentor?
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT In apprenticeship programs, many employers have internal veteran mentorship programs, to help them acclimate. Strong veteran programs could do pre-deployment mentoring and the Veteran could have a mentor inside the company. â€“GMU Employee Mentorship is critical; a key thing people making that transition are doing is building a network of close people, including mentors and guides, in a way that they can build an advisory board of mentors as they go through the apprenticeship. â€“Employer 40
“I have been a member of the International Counsel of Engineering at GMU and the Washington Area for two years now in an effort to expand my network and develop professionally.” –Veteran student at GMU Veterans come from an environment where they are part of a group and do not know how to sell themselves as individuals in the private sector. One Veteran noted that, “It is hard to go from a ‘we’ mindset to an ‘I’ mindset.” –Insight documenting findings across several employer interviews
I need a little freedom to make mistakes, where they donâ€™t make a difference in my academic record or ability to progress.
OPPORTUNITY How can we create more â€œsafe spacesâ€? where those interested in IT careers have more freedom to fail before it counts against them?
Image: Resonant Felicity via Flickr
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT “I want more labs but less strict labs that give me more time to work and I want them to be more about learning and less about the competition and end deliverable.” –Adult learner at GMU “I feel dumb in class because other people have been doing IT for years and it takes me a longer to learn the concepts.” –Adult learner studying IT at GMU “They’ll learn by doing, by tinkering with everything, by practical hacking.” –Pentagon employee who works in cybersecurity 44
“The lab exercises are not conducive to actual learning because we don’t have enough time to complete the challenges and if you can’t complete the challenge in an hour, you are penalized.” –Adult learner at GMU Teach people how to fail, that is all cyber is about!!! Teach people how to learn and fail from practical a standpoint [Lab and experiment]. “People come out academically equipped and so afraid of making a mistake...” –Employer
Employers want to hire veterans who are not just â€œcapableâ€? but who are prepared for novel problems.
OPPORTUNITY Some in the industry view veterans as â€œchimps with basketballs,â€? ill-equipped to handle the everyday demands of careers in cybersecurity. How can we reverse this stereotype by enabling veterans to become known for their problem-solving and creative thinking skills?
Image: HackNY via Flickr
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT “When you consider cyber, it is like putting together puzzles. You need to be able to link, find patterns, determine whether they are part of something you need to pay attention to. People can write code or configure, but that doesn’t mean they can solve problems.” –Principal engineer at a cybersecurity company “Be known for creative problem solving, which could get you praised or reprimanded. Those kind of people are perfect because they don’t turn to blind eyes when they see a gap; they are proactive.” –Employer 48
It is not just about computer science, employers want other things like patterns. Other computer science technical skills can be outdated quickly, so it is not just about specific applications but the analytic and problem solving skills. People need overall skills. –Veteran who owns a DCbased design firm “The biggest missing skill is the ability to solve problems, writing code and configuring aside, people need problem solving skills.” –Employer
Itâ€™s not just what happens in the classroom that matters for a studentâ€™s success, but non-traditional students rarely have the time to get involved in extracurricular offerings.
OPPORTUNITY How might we develop and promote social and extracurricular activities that complement the in-classroom experience for adult learners with demanding schedules?
Image: Ramiro Chanes via Flickr
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT Technical and Engineering students at GMU do internships over summer breaks with specific organizations to try to get jobs with said organizations after they graduate – the proximity of GMU and these companies helps. – Recruiter for government/ cybersecurity/defense companies “GMU is missing a club for people who are interested in cybersecurity.” -Student studying IT at GMU
“I helped start VETS, Veterans Engineering Technology Students, through the Engineering School at GMU to assist people with the transition after school, help mentor with plans after graduating, spread resumes and connect alumni. We now have about 5060 members.” –Veteran student at GMU “I wish I had heard about the GMU Vets Society earlier so that I could have gotten involved.” –Veteran student at GMU
The culture shock that most veteran students face, both in shifting back to being in school and in shifting back to â€˜normal life,â€™ really cannot be overstated.
OPPORTUNITY How might we ease the culture shock for veterans transitioning from active duty to a classroom environment?
Image: Diana Mehres via Flickr
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT “I don’t think they need help at the end (of the journey), they need help at the beginning because they want a career as soon as possible.” –Professor at GMU who advises veteran students “The lack of structure during the job application process is often difficult for veterans.” –GMU employee It is hard for Veterans to seek out apprenticeships – they don’t know how to approach them; the whole structure about how to find the list of potential employers. –GMU employee 56
“I do prep work with veterans about how to answer questions more thoroughly during interviews and help them break down some of those cultural barriers between military and civilian life.” - Recruiter for government/ cybersecurity/defense companies “One of the biggest challenges you’ll face is what we call Veterans in new positions... because most people can’t interact in that environment.” –Pentagon employee who works in cybersecurity
Just because a student drops out of an IT program doesnâ€™t mean that theyâ€™re no longer interested in the field.
OPPORTUNITY How can we create an alternate route for students who drop out of cybersecurity programs but might still be fits for entry-level jobs in the field?
Image: grapefruit moon via Flickr
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT “I am playing catch-up in terms of understanding technology, but I have been interested in this field for a long time, even while in the military.” –Veteran student at GMU Some of my friends have dropped out, but it wasn’t because they were no longer interested in the field, they just couldn’t handle the intensity of the classes -Adult learner studying IT at GMU
“Although cybersecurity is not a major at GMU, a lot of students pursue application-based IT programs because they have a background in intelligence and this is a natural continuation.” –Employee at GMU One of our strongest needs is for sales positions, which only require a baseline level of technical knowledge. –Chief Engineer, cybersecurity employer
A cybersecurity employer needs help finding candidates with not only the right skills, but also the right personality and ethical framework for the company.
OPPORTUNITY How can we develop/inform a pre-screening process that better matches job candidates with potential employers?
Image: Kazyel via Flickr
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT “Cyber has so many different aspects, so the majority of students are going to be able to find a place where they are happy, and it is a matter of finding that connection.” –Senior Program Manager, cybersecurity employer “There is a lack of preparation from the employee’s side for interviews, less technical and more life skills planning, so I ask them to assess themselves and know their value, do research before an interview and ask questions.” -Recruiter for government/ cybersecurity/defense companies 64
Soft skills are one of the five key components of one US company’s systems engineering competency model, but a manager noted that these are often lacking in new employees. –Employer “I felt as though some employers didn’t know exactly what systems engineering was, so I wasn’t hearing back from these companies.” -Veteran student at GMU “We don’t take resumes at face value. They need to demonstrate they can do the work. A lot of people pursue certifications, which are about taking a test.” -Employer
I love people who are disciplined, driven, who have integrity and a personality...I want to hire someone who is excited about the work and not going to leave in six months.
OPPORTUNITY How might we cultivate a sense of passion and excitement for cybersecurity work through industry partnership and collaboration?
Image: Dellâ€™s Official Flickr Page
INDIVIDUAL QUOTES AND RESEARCH FINDINGS THAT LED TO THE PRECEDING INSIGHT Another US company looks for a “creative analytic blend” in candidates and prizes a combination of intellect and passion. –Employer “I have my clearances, I have everything that I want.” –Veteran student at GMU “I sometimes talk to people two years before they get out of the service because they know that they want a specific job when they leave and they value building those relationships over time.” – Recruiter for government/ cybersecurity/defense companies 68
“I wish I had the opportunity to work with local employers, so I’m doing work on my own to find career path opportunities.” –Veteran student at GMU “I have some potential, I don’t want to waste this opportunity.” –IT student at GMU “I wanna get out and make a difference.” –Senior IT student at GMU “I prefer the smaller companies, because there is better communication and more freedom.” –IT Student at GMU, interning at local cybersecurity firm
SWOT As we began unpacking our design research and some secondary research that we conducted online, we organized many of our findings in the form of a SWOT Analysis. The Strengths, Weaknesses, Opportunities and Threats associated with the “current state” of veterans studying cybersecurity include the following:
STRENGTHS • Freedom to fail • It’s easier for employers to trust veterans • Veterans are more disciplined and mature in their thinking • Attention to detail is common in veterans • A lot of veterans join the military to make a difference
• Veterans are more concerned about ethics than typical hackers/programmers • Veterans have been around the block • Soldiers tend to have a higher bar • Nature of wars means “need to be flexible” to achieve
WEAKNESSES • It’s hard for students to know which organizations and support systems exist • Lack of ‘life skills’ in veterans • Many candidates lack the technical chops • Lack of non-computer skills (e.g. psychological, philosophical, problem-solving) • Lack of connection between internship opportunities and career pathways (can’t offer jobs) • Potential hires need more polish/presentation skills • Not many new hires have exposure to the issues they’ll be dealing with • Hard for veterans to know how to get started when returning to civilian workforce • Veterans have good tech skills but struggle to translate them • People who are new to the field of computer science are slower to learn than those who
started in high school • Veterans are siloed off into veteran-specific or military-focused roles • Need for more machine learning skills • Veterans need more direct feedback on performance • Veterans don’t have time to look through the GI Bill • Veteran students lack awareness on what their benefits are and how to use them • Veterans tend to have trouble in math • Many credits from community college don’t transition as anticipated • Lack of confidence (in veterans), re: technical abilities • Veterans often have atypical use, patterns and family situations
OPPORTUNITIES • Practicum needs to give equivalency • Veterans need to learn how to learn, not just how to program and hack • Need for multiple mentors across military to work journey • Veterans seeking more ‘hands on’ learning (i.e. not alone behind a computer all day) • Veteran students want to feel like they’re a part of something - camaraderie • Need for more non-linear thinking skills • Employers want to see more of a blend of
software and hardware skills • Focus in on passion • Need for more training on “behavioral elements” • Veterans need a modular curriculum • “Need to make them excited about doing it” • Employers want hires to be collaborative and effective communicators • Need more opportunities for mentoring potential and new hires
THREATS • Outside stressors (family, money) sometimes cause veterans to drop out • Dramatic transition to classroom environment • Students often working on side to pay way through school
• High school-trained computer science grads compete for some jobs • Transition is a culture shock for veterans
PROTOTYPES The primary output of our two challenge Design Days was six robust concepts that helped the Lab explore ways to move forward. These prototypes represented the best of over 100 design ideas generated during the first Drop-In Day and second Design Day, hosted in January 2014. Initially, our six prototypes included the following concepts: a veteran-focused TedX conference; a cybersecurity simulation program that used drones called SecureSIM; a degree program codesigned by students, employers, and a university partner; a project-based mentorship program for students interested in cybersecurity careers; an employer matching program run on an online platform like OkCupid; and an â€˜employer previewâ€™ program that allowed freshmen and sophomore students to explore fields of interest before committing to a specific degree path. After some initial discussion, we decided that the TedXVets concept was outside of the Labâ€™s intent to work with higher education partners and so we whittled the list of potential concepts to five evolving prototypes. Once we determined which concepts were of interest to the Lab, we developed one-page overviews of each concept, designed to function as light prototypes. Each one-pager contains a bit of detail about the concept and a simple visual or storyboard illustrating how the concept might work. The pages that follow provide the one-pagers in their original form and include a bit of annotation about each concept recommending next steps for the Lab to explore how to move it forward or test it with various implementation partners.
THE CODESIGNED DEGREE DESCRIPTION: One thing that the Education Design Lab has learned from talking to a number of veterans who are interested in making a career pivot after the military is that they rarely have the wherewithal to pursue a four-year degree after being in the workforce for several years. The codesigned degree will provide an option for students, employers, and learning institutions to cocreate a degree pathway that is custom-suited to employer needs and student interests. HOW IT WILL WORK: To facilitate the development of the co-designed degree, a local learning institution will bring together an “employer roundtable” that will help create a curriculum based on their workforce needs. Students will be able to pick individual “tracks” within the co-designed curriculum that are suited to their employer preferences and long-term career interests. The employer roundtable will be involved not only in the design of the co-designed courses, but will also volunteer time and energy to help teach course. In exchange for getting a stake in the course design and access to the resulting talent pipeline, each employer will be required to either teach or sponsor a single course each school year. ADDITIONAL BENEFITS: Because the co-designed program will involve so much employersponsored learning, the learning institution will be able to build up a case study library that it can monetize through publishing agreements in various academic and business publications. Meanwhile, employers will gain exposure to student talent earlier on and have the opportunity to “custom fit” employees to their workplace long before they even apply.
HOW MIGHT THE LAB MOVE THIS IDEA FORWARD?
Who to prototype with: The codesigned degree should be explored in further detail in meetings with potential employer “sponsors” who would like to spearhead the development of the program. The Lab will need to determine what institution might like to “host” this program as well. For example, is George Mason an ideal fit or should the Lab work with a technical institution like NOVA? What to prototype: format, delivery timeline, method for gathering employer input on degree requirements, tools for measuring impact/success, methods for getting students involved in the codesign aspect. A medium fidelity version: an employer-sponsored course run at Mason during the fall semester. Ease to implement (1-5, 1 being very easy, 5 being very difficult): 4
SECURE SIM: DRONE SIMULATIONS DESCRIPTION: Virginia is one of a few states with the proper FAA regulatory status to conduct drone flight simulations. Due to George Mason’s positioning within Northern Virginia and its plans to launch a new cybersecurity program, we believe it provides a unique testbed for running drone simulation programs through its cybersecurity capstone course. HOW IT WILL WORK: Secure SIM will begin through a program that will start on GMU’S Fairfax campus, which will involve setting up a drone testing/simulation environment that covers a small radius of the campus and allows the university to run employer-sponsored capstone courses that invite students to use drones to solve real-world challenges. To facilitate the management of Secure SIM, the Education Design Lab’s technology partners will develop a software platform to allow colleges to run the course off-theshelf, when plugged into a physical testing lab that fulfills the specifications set forth in the SecureSIM coursepack. The off-the-shelf version will have three options: one that is fully customizable, one that is suited to institutions that find an employer or industry sponsor to provide a course’s subject matter, and one that can run without an employer sponsor. GMU will serve as the Lab’s pilot campus for the Secure SIM. Challenges run through the simulation environment might include: hacking/protecting commercial drone systems or defending/attacking a virtual power substation.
LAUNCH: SecureSIM could be marketed through a test flight in spring 2014, which pulled in potential employer sponsors and drew community attention. Student participation in co-creating the program and building buzz could begin immediately.
HOW MIGHT THE LAB MOVE THIS IDEA FORWARD?
Who to prototype with: SecureSIM should be prototyped with a technical partner, a prospective employer sponsor, and an institutional lead from a major university with a cybersecurity or cybersecurity-related program.We believe that the cost associated with developing SecureSIM will be the biggest barrier to entry for taking the idea live. To build momentum and support for the idea, the Lab should explore ways to build buzz around the notion of cybersecurity simulation with its institutional partner, perhaps running â€œtest launchesâ€? or demos that invite employers to the table to explore ways to partner with and/or fund simulation projects. What to prototype: Rather than prototyping the software platform on which SecureSIM will run, the Lab should first explore ways to prototype university-led and employer-sponsored simulation. A small-scale version of SecureSIM could be conducted over the course of a weekend or single-day using a small grant or funds from an employer sponsor. Building momentum behind the idea will be key to its success. A medium fidelity version: Employer-sponsored mini-project embedded in an existing GMU course run fall 2014. Ease to implement (1-5, 1 being very easy, 5 being very difficult): 5
SOARING EAGLE: CAREER MATCHING
DESCRIPTION: Playing on the success of recent online dating sites such as OkCupid for matching couples, Operation Soaring Eagle is a matching system for employers and job seekers interested in the cybersecurity field that uses the power of algorithms to identify ideal matches. HOW IT WILL WORK: To find a career match using Soaring Eagle, employers and students will complete profiles, and answer questions about their personality traits, skills, and interests. Job seekers will use the profile system to upload work samples, complete skills-based assessments, and highlight their key traits. Meanwhile, employers will set thresholds for the types of matches that they are seeking in job candidates. Then, OSE will compare inputs from both parties and suggest matches that are a student/employer fit. When both employers and job candidates see a potential match, they will have a chance to rate the match on a 1-5 scale using a simple star rating; this rating will help other employers and job seekers vet â€œtop opportunitiesâ€? across the pool of candidates/employers without letting top candidates know their star ratings. The messaging platform built into OSE will allow job candidates (and employers!) to upload short video messages that offer additional information prior to the beginning of a more formal interview process. ADDITIONAL BENEFITS: Operation Soaring Eagle will cut down on the amount of time that both students and employers spend seeking an ideal fit. Employers will have a chance to view a wider range of potential job candidates and students will be able to find ideal careers that are suited to their skill levels and interests without having to spend countless hours looking through job postings and conducting informational interviews.
HOW MIGHT THE LAB MOVE THIS IDEA FORWARD?
Who to prototype with: An existing career matching service or job posting service, possibly Monster.com with a unique licensing arrangement through OkCupid. Gathering employer and student feedback on potential matches will be key to this programâ€™s success and the matching component is the likely differentiating factor for this platform. What to prototype: Use wireframes and/or card sorting tools to explore the matching and communication aspects of the site. A medium fidelity version: Mock-ups of the site that run using mouse clicks and can be tested with real users. Ease to implement (1-5, 1 being very easy, 5 being very difficult): 2
TRI-MENTOR DESCRIPTION: In order to create more enticing opportunities for both peer and employer mentoring, George Mason will develop a project-based mentoring system within its new BS in cybersecurity program. This mentoring opportunity will build on an already-existing non-profit model for mentorship that exists at the high school level called The Future Project. HOW IT WILL WORK: For the period of one semester, senior students will work with an industry mentor and a freshmen student on a “passion project.” The freshmen participants will work on this project as a secondary learning component of one of their foundational courses, whereas senior students will take this course as the primary focus of one of their two “Advanced Design Project” requirements. The senior student and employer mentor will take the lead in designing the passion project and will customize tasks and learning opportunities for the more junior student, whose participation will be lighter than that of the senior student. Throughout the Tri-Mentor program, the senior student will serve as project director, managing the tasks of thefreshmen student, seeking advice from the employer mentor and keeping the team on track. Employer mentors will be required to dedicate approximately three hours per week to participating in the program, and must be based out of a local company and available to meet students at least two times per semester in-person and otherwise (at a minimum) available to meet the students over Google Hangouts or Skype once weekly. We believe that employers will be enticed to participate in this opportunity for multiple reasons: one to “give back” to the community, and two to recruit and vet top talent from local institutions and test out the potential fit of a senior student who may want to work for them after graduating.
HOW MIGHT THE LAB MOVE THIS IDEA FORWARD?
Who to prototype with: This idea could be piloted through an existing GMU course to determine its viability and the necessary components for its success. What to prototype: The relational aspects of this program should be prototyped early on. What types of students are ideal for the program? What types of students will struggle with such an open-ended course? What types of employers might be a good fit and be able to devote substantial time to student projects that may or may not benefit the employer? It is not necessary to have any type of software to prototype this program in the early stages, all that is necessary are willing participants and a professor who will allow the Lab to plug a prototype into his or her course. A medium fidelity version: Software that facilitates the running of Tri-Mentor could be brought in at this stage or a university could prototype this program end-to-end without software for the first iteration. Ease to implement (1-5, 1 being very easy, 5 being very difficult): 2
EMPLOYER PREVIEW DESCRIPTION: Far too often, students invest vast amounts of time and money pursuing one course of study only to find out that its not a great fit when it is too late to change their minds. The Employer Preview program will allow students to gain exposure to employers in their field of choice during their first year of study and at select points throughout the education journey. HOW IT WILL WORK: Through this program, students will have the option to spend one week of their fall semester of study “shadowing” at multiple employers in their discipline (up to three employer previews per student). Employers interested in participating in the “preview” program will have the opportunity to sign up for shadowing slots through an online application that determines their availability and briefly gathers information about the types of work opportunities they have available. Students will select their top shadowing “area of interest” preferences and will be matched with employers whose job opportunities fit within their top fields and suit their schedules. Participating employers will be invited to attend a bi-annual careers panel where they will talk about their work cultures, give students a glimpse behind the curtain of what it’s like to work at their companies, and have access to a “first cut” of the university’s recruiting class. ADDITIONAL BENEFITS: Because of the number of students attending preview opportunities, employers will gain exposure to potential hires and/or intern talent without having to much legwork to recruit students to their companies. Meanwhile, students who may not be a good fit for careers in a particular field will be weeded out long before they graduate.
HOW MIGHT THE LAB MOVE THIS IDEA FORWARD?
Who to prototype with: Employers, students, a university partner, career services. What to prototype: There are many aspects of Employer Preview that the Lab could prototype at low cost. For example, the Lab might consider running mini-preview opportunities as part of an upcoming career fair at GMU or NOVA. Additionally, the Lab could explore a small-scale version of the employer panel as part of an upcoming career fair as well. A medium fidelity version: A pilot version run with a small cohort of students where the Lab gathers data and measures outcomes (both from students and employers). This could occur as early as fall 2014 with a fairly minimal budget, as long as an institutional partner assisted the Lab in running the program and facilitated connections with students. Ease to implement (1-5, 1 being very easy, 5 being very difficult): 3
While we were busy developing the five prototype one-pagers, we hosted another Drop-In Day in late January to begin exploring how the five concepts might live in the real-world. We used a service design tool, the service blueprint, in a collaborative setting to flesh out each of the protototypes in a bit more detail. The blueprints remain as yet unfinished, but offer a good starting point for exploring ways to pilot each of the concepts either in the coming months or during the fall 2014 semester. At the service blueprinting Drop-In Day, we were able to make headway on three of the five concepts: SecureSIM, the CoDesigned Degree, and Tri-Mentor. This section details the outputs of the Drop-In Day blueprinting exercises around each of these three concepts, offering photos of each blueprint and snippets of the discussions around each idea and recommendations of ways to roll them out strategically.
CO-DESIGNED DEGREE BLUEPRINT We spent a bit of time exploring the components of the co-designed degree program, but never got to an initial blueprint. In beginning to discuss the idea, we decided that the program could center around a twice per year employer panel, that brought together leaders and experts in the cybersecurity field to discuss ways to develop and strengthen an employer-informed cybersecurity program.The panel would involve student and university participation, perhaps even involving students as moderators or co-designers of the actual gathering. To inform the development of these panels, we determined that it would be best to schedule a meeting with whomever deals with or manages employer partnerships at the institution where the Lab would like to run the Co-Designed degree. From those conversations, the Lab could determine whether it needed to build the codesigned option as an alternate pathway, or whether it might fit inside some of the programming already in effect at local institutions. One of our interview contacts, Matt Myers, would be a great person to sit down with to explore whether and how this idea might have legs and even receive funding from George Masonâ€™s Career Services department. Additionally, we explored some ways to frame the co-designed degree program to have appeal to employers. We determined that it might be best to describe the program as an opportunity to help employers meet their business and staffing needs. Employers could begin to value the co-designed degree opportunity more and more over time if they saw it as a means for validating their own recruiting engine and/or measures of career readiness Furthermore, employers might also see value in the twice-per-year panel opportunity as a way to increase their brand recognition, both amongst potential job candidates and in the cybersecurity field at large. Finally, we decided that a simple survey or online data collection platform might be all that was necessary to run the co-designed degree in its initial stages. At a minimum, the Lab could develop a rough survey instrument to assess employer needs, gather data from the employers that it already has relationships with, and turn that information into actionable input for a local institution.
SECURE SIM BLUEPRINT
Participants at our Drop-In Day suggested that the Lab could start immediately generating momentum behind SecureSIM by running brainstorming events with students exploring: â€œhow drones can be used for good.â€?
Courseware development should not start until the Lab has validated that GMU has enough community and employer support to sustain the SecureSIM idea. Investing in an initial prototype should mean investing in a test flight, rather than the development of a full-scale software solution. The test flight will teach the Lab invaluable lessons about the courseware needs and might also provide an opportunity for the Lab to showcase potential use cases of SecureSIM. The best approach to this particular solution, Drop-In Day participants suggested, involves widespread buzz around SecureSIM before it even launches-making it feel like a tailored, exclusive offering that both students and employers should clamor to participate in.
One of the largest outputs of our second Drop-In Day was the beginning of a detailed service blueprint for SecureSIM. Several of the participants from our second Design Day attended the DropIn Day and helped us envision the roll-out of SecureSIM through a collaborative blueprinting exercise. The largest ‘aha’ moment from the blueprinting exercise was the discovery that building courseware did not need to happen until George Mason had effectively built buzz around the idea of Secure SIM. The call-outs on this page should help orient viewers to some of the initial ideation around how to build momentum and support for SecureSIM to help GMU garner funds and community-support for the program before beginning to build courseware. The Lab’s long-term role in managing Secure SIM should be strategic. Rather than managing courseware development, the Lab should partner with educators and experts who can guide the development of curriculum. The Lab can support its university partners by leveraging its exisiting relationships with students and employers to develop use cases for the software, generate unique marketing tools (such as a livestream video created at a test flight of the drones) and developing a platform for selling case studies from the SecureSIM course (what cybersecurity employer wouldn’t want to buy IP resulting from the testing of drones in a controlled environment?). In the earliest stages, the Lab can help GMU develop a collaborative team to manage SecureSIM’s development and solicit the involvement of potential employer sponsors. Just because the cost to build SecureSIM is high does not mean that work cannot start soon. While buzz-building events are happening, the Lab can work behind the scenes to develop a coherent business model for the long-term success of the concept. Case studies resulting from the use of UAVs are one powerful way for GMU and the Lab to make money off of SecureSIM and fund its future sustainability. PhD students from other disciplines might be invited to join the SecureSIM course as researchers to help develop these case studies as part of their thesis work.
PROJECT-BASED MENTORSHIP BLUEPRINT During our second Drop-In Day, we began exploring the Tri-Mentor idea in greater detail. Specifically, we looked at how long before starting a course a university would need to begin prepping for the mentorship program to make it successful. As we began to “backwards map” the first day of classes, we determined that students might sign up for the Mentorship like a traditional class, meaning that they would need to have information about the program at least one semester in advance of the program’s start date. Additionally, matching work to pair students with one another and with a mentor would need to start at least four weeks prior to a class’ start date to ensure a smooth start on day one of class. We also determined that the Lab might begin prototyping the Project-Based Mentorship idea by developing a matching tool to effectively connect employer mentors, and freshman and senior students. A university partner might be able to help the Lab vet this matching tool as early as March of 2014. The blueprint to the right is still incomplete; however, it shows some of our initial thinking on what the Tri-Mentor program might involve programmatically and the necessary steps to put it into place. -
Education Design Lab