With cyberattacks at an all-time high and what seems like weekly reports of major organizations falling victim to ransomware gangs, Info Security groups around the country are in an all-hands-on-deck situation.

Amid these attacks it is natural for organizations to focus internally; there is always more work to do, more patches to install, more logs to review, more vulnerabilities to assess and remediate. But, with the current state of cyber threats, we need to take a full-court-press approach and not only look inward, but also focus outward to help our community protect itself and help develop the next generation of cybersecurity experts.

In late 2020 Hawaiian Telcom was approached by the University of Hawaii to see whether we could provide help with a Cyber Security Internship program. With COVID-19 lockdowns in full swing at the time, traditional internships were out of the question, and this posed a challenge for UH programs that generally relied on them as part of program criteria. We were given a lot of freedom in designing the program to meet the challenges we believed existed in the Info­Sec space, specifically related to those just looking to get started in the field.

We designed the program to address two big problems we see in the space:

Most people who want to get started in cybersecurity have a narrow view of the available roles. The jobs they believe exist are generally based on TV and movie hackers. While “red teams” (the groups that pretend to be attackers to look for weaknesses in networks) exist, they are almost universally not entry- level positions and account for only a small fraction of open security roles.

Many students see the path to an information technology career as becoming an information and computer sciences major in college and don’t know that other paths exist. The reality is that a portion of ICS curriculum is programming, which many people dislike and often results in students changing their major and their career path. Ultimately, this creates an unnecessary barrier to entry into the IT field. Overall, if the field is smaller, then the subset who want to be security-focused shrinks as well. UH has done an excellent job of implementing cybersecurity-specific tracks; however, problem one still remains.

To address these problems, we decided to take a different approach to our program and cover as wide a range of topics as possible to ensure that when the students completed the program, they were aware of the available options in the future. From a technical perspective, we chose the following areas: Network Operations Center (NOC) and Security Operations Center (SOC) Operations, Network Engineering, InfoSec Engineering and Systems Engineering.

For each section, we covered information in­cluding team roles and responsibilities, career progression and certifications relevant to the roles, plus critical concepts for those positions. We then assigned homework for the students to do between sessions, ranging from tasks like writing a post- mortem report on security breaches that have been in the news based on publicly available information to turning up virtual machines in Azure and implementing backups for them. We then rounded out each week with a recap of the homework, a Q&A and a deep dive into areas that caused confusion. We did our best to keep each section engaging with the students and interactive, and the students impressed us with their willingness to contribute to the discussion as well as their ability to consider feedback and adjust their perspectives.

But InfoSec goes be­yond technical skill sets, so we included sections on Project Management where we reviewed best practices, how it applies to InfoSec and how it typically works in organizations of different sizes. We also completed a section on Human Management and Organizational Leadership to help drive the importance of company culture, building relationships and becoming true leaders, not just engineers. Then, to wrap up the program, we took the interns through the Hawaiian Telcom hiring process and what we look for in resumes, in interviews and in the people we hire.

After 6-1/2 weeks the program wrapped, and we felt accomplished in our goals. The students had gotten a taste of all aspects of InfoSec and the careers that surround it. They had a better view of what options were available to them and, hopefully, the confidence to pursue these careers. We’re going to need all the help we can get to keep Hawaii businesses safe from the current and future cybersecurity threats.

In his book “Outliers,” Malcolm Gladwell said, “Outliers are those who have been given opportunities — and who have had the strength and presence of mind to seize them.” The students who joined the internship program showed they had the strength and presence of mind, but for them to reach their potential, it’s up to organizations like Hawaiian Telcom and other local providers to make the opportunities available.

Hawaiian Telcom is grateful to be in a position to provide these kinds of opportunities and to invest in our local community like this. We are already starting to prepare for the next group in early 2022 and challenge other local security providers to find ways to do the same.

———

Jordan Silva is senior manager of service delivery at CBTS/Hawaiian Telcom. Reach him at jordan.silva@cbts.com.