Siemens Energy, SANS Institute, and National Academic and Non-profit Partners Announce Industrial Cybersecurity Apprenticeship Program

- Program will train next generation cyber defenders to protect critical infrastructure, filling critical skills gap - Modernized approach to learning will create a sustainable, future-ready workforce in an area of growing need

Washington, D.C., December 14, 2021 -- Siemens Energy, Inc., SANS Institute (SANS), and a group of non-profit and academic organizations today announced a consortium to establish a new industrial cybersecurity apprenticeship program to defend critical infrastructure. The Cybersecurity & Industrial Infrastructure Security Apprenticeship Program (CIISAp) was launched founding members Siemens Energy, ICS Village, Inc., Regional Economic Development for Eastern Idaho (REDI), MISI Academy, Capitol Technology University, SANS Institute, and Idaho State University (ISU), who will collectively design and run an apprenticeship program that links rigorous academic classes and educational training with real-world job rotations at leading industrial companies.

The Memorandum of Understanding (MOU) signed today between the founding organizations strengthens the education-to-workforce pipeline between industry, academic, and non-profit organizations to prepare the next generation of cyber defenders need to protect the digitally connected energy systems and critical infrastructure assets from the increasing threat of cyber threats. The four-year program will enable apprentices to apply their technical industrial cybersecurity education with moderate computer skills, and gain the hands-on experience and knowledge needed to fill existing cybersecurity vacancies that currently pay above $90,000 per year. The apprenticeship program is expected to accept its first cohort in fall 2022.

“We continue to see an increase in threats and breaches while the demand for cybersecurity professionals grows exponentially, so we are proud to be a part of the solution with Siemens Energy to train and certify cybersecurity professionals,” said Steve Peterson, Managing Director, SANS Institute. “This industrial cybersecurity apprenticeship directly addresses the need for new cyber talent with the specific skills to protect critical infrastructure.”

“There is a serious shortage of cybersecurity talent in today’s marketplace across a number of industries, and by working in partnership with likeminded organizations we can make inroads into building a strong workforce for the years to come,” said Rich Voorberg, president of Siemens Energy North America. “Critical infrastructure in the U.S. has digitized rapidly, and we need to move quickly to secure our future.”

The new consortium draws from organizations across the country and is designed to scale to meet the growing need for highly skilled industrial cybersecurity professionals as digitally connected infrastructure – such as energy assets, wastewater treatment facilities, and transportation systems - increasingly serve as the foundation for the U.S. economy and well-paying jobs. Capitol Technology University, based in Washington DC, and MISI Academy, based in Baltimore, will lead the apprenticeship’s Eastern US region, while REDI and ISU will lead the Western US. Nationwide partners, SANS, and ICS Village, Inc. will provide additional specialized experiential training options and offer certification pathways to apprentices in both regions. Siemens Energy is the first employer participating in the apprenticeship program and will bring its deep knowledge of operating equipment and cybersecurity best practices to the hands-on learning experience.

The current cybersecurity workforce gap comes as threats against critical infrastructure systems continue to escalate with attacks threatening the energy sector and municipal services in the United States in 2021. According to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), the U.S. cybersecurity workforce has only enough workers to fill about 68% of the current demand, with industrial sectors experiencing the workforce gap more acutely.  In a recent survey by SANS, half (56%) of companies reported experiencing difficulties implementing existing critical infrastructure security plans due to insufficient labor resources.

Cybersecurity for critical infrastructure differs from cybersecurity for information technologies. Securing critical infrastructure requires defenders to recognize anomalies that could be a sign of a cyberattack in both physical and digital technologies. Currently, there are fewer than ten colleges that have classes covering cybersecurity for operational technologies. The CIISAp apprenticeship program will help meet a growing need for cybersecurity professionals with cross-cutting skills that incorporate the training of a mechanical engineer, an electrical engineer, and a cybersecurity expert.

The new MOU lays the groundwork for the team that will design and coordinate the apprenticeship program. In the coming months, the consortium will select the companies that will participate in hands-on rotations, and the standards expected from those companies. The consortium plans to announce new private sector, academic, and non-profit consortium members looking to participate in the apprenticeship program ahead of its first cohort class.


[Quotes from additional consortium partners are in alphabetical order]

Dr. William H Butler, Chair of Cyber and Information Security, Capitol Technology University: “Cyber is a field you'll never be unemployed in. The government has recognized we're hundreds of thousands of students behind and we will be for a while. There is an unprecedented demand for cybersecurity professionals and educators. We need to increase our capacity to educate our future cyber professionals.”

Thomas VanNorman, CoFounder, ICS Village: “High profile Industrial Control System security issues have grabbed headlines and sparked change throughout all industries. This apprenticeship program will provide ICS Village another avenue to train and introduce people to Industrial Control Systems that are used within Critical Infrastructure and help close the gap on the shortage of skilled employees."

Kevin Satterlee, President, ISU: “As one of the first programs of its kind in the country, Idaho State University’s Informatics Research Institute has been a leader in creating cybersecurity professionals.  We are excited to join the consortium in extending that same leadership to this apprenticeship program.”

Armando Seay, Director, MISI Academy:  “MISI and the MISI Academy are excited about the opportunity to link our passions and energies towards the goal of closing the gap in the real world cybersecurity skills needed by the nation in support of our very critical infrastructure. The gap in industrial control knowledge is real and our team sees it daily as part of our internships with students at the high school level and from universities from across the U.S.”

Teresa McKnight, CEO, REDI: “The new apprenticeship program will help meet a growing need for cybersecurity professionals who can defend physical systems.  Nine out of 10 jobs that call for cybersecurity in defense of critical infrastructure remain vacant.  These jobs did not exist 10 years ago, but they will be essential to our modern economy for decades to come.”

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cybersecurity training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cybersecurity events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cybersecurity. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s and bachelor’s degrees, graduate certificates, and an undergraduate certificate in cybersecurity. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to manage their “human” cybersecurity risk easily and effectively. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community.