When Minneapolis-based U.S. Bank looks for job candidates to fill critical cybersecurity positions, it isn’t enough for them to know their zeroes and ones.
As a senior vice president of information security at the bank, Marcia Peters said the institution needs candidates with practical experience in protecting computer networks from attack. Those workers are hard to find in Minnesota, which according to Cyberseek.org has more than 5,400 cybersecurity job openings but ranks in the bottom tier of states for computer science education.
But a new Metropolitan State University program called MN Cyber — backed by U.S. Bank and other major Minnesota companies — aims to begin producing those qualified, experienced candidates.
Although MN Cyber did not receive $10 million in the state bonding it requested in the recent state legislative session for a facility, organizers say it’s a necessary step toward creating a home-grown cybersecurity workforce.
“It’s difficult to convince people from either coast they’d like to move to Minnesota, especially given the winter,” Peters said in an interview. “We’re trying to build our own cybersecurity base in the Midwest.”
MN Cyber has two components. The MN Cyber Academy teaches students technical, analysis and investigation skills to receive U.S. Department of Defense-approved certifications in system administration, networking or cybersecurity.
As part of their curriculum, the students use the MN Cyber Range, a network simulator in which students can tackle threat scenarios and even try to repel attacks staged by instructors.
MN Cyber’s executive director, Metropolitan State associate professor Faisal Kaleem, has much more ambitious goals for the future.
“The idea is, we will establish a fully operational security operation center on the Metro State campus,” Kaleem said.
Such a center would offer 24/7 network monitoring services and threat response services to small- and mid-sized companies and organizations. The center would be operated by a private partner and would employ several senior cybersecurity experts. But the majority of the team would be MN Cyber’s own senior and graduate students through a program Kaleem likens to a medical doctor’s post-graduate residency.
“Instead of the students going and looking for an internship, we will provide them opportunities in their senior year,” he said.
A fourth leg of MN Cyber will be what’s called “Pathways,” a National Science Foundation-funded curriculum designed for kindergarten through 12th-grade students to start them down the path to computer science and cybersecurity.
Minnesota does not have state standards, dedicated funding, teacher certification programs or high school requirements for computer science, according to national computer science education nonprofit Code.org. Kaleem said very few students are exposed to possible careers in the field by the time they graduate high school.
“The pipeline is broken. There is nothing that is being offered,” Kaleem said. “There are so many positions available, and if we are not going to provide proper mentoring, proper awareness, we’re going to simply lose them.”
The Cyber Academy will be integrated into Metropolitan State’s degree programs, but also caters to adult learners, and even the military. Col. Lyle Shidla, director of strategic warfare planning for the Minnesota Air National Guard, said in an interview that the program will raise training standards for both military and civilian network defenders.
“It’s by far the best, most advanced training you can have in this space, and it’s going to be open to everybody,” he said. “I think there’s going to be a lot of potential for use.”
Currently, the MN Cyber Range is set up in a temporary space at Metropolitan State, but the university plans to build a dedicated space for the program and the eventual security operations center in a former cafeteria in the New Main building of its 700 E. Seventh St. campus in St. Paul.
Although the bonding request failed, Kaleem said the school will ask again next year. In the meantime, Metro State will launch a fundraising campaign this summer and look into private investment opportunities.
“What the Legislature doesn’t understand is $10 million is nothing when it comes to the cost of a cyber breach. That could be $100 million,” he said. “The mindset is a reactive basis. That is the problem.”
Cybersecurity breaches cost companies worldwide almost $600 billion in 2017, according to security company McAfee. Attacks can range from the theft of financial details, such as the 2013 Target customer data breach, to hacks designed to render websites unusable and even “ransomware” that disables systems until the owner pays the hackers what they demand. If an attack like that hits a hospital, Peters said, patients can die.
Efforts to improve cybersecurity have broad support from the business community. U.S. Bank’s Peters is an advisory board trustee for MN Cyber, as are senior security officials from Maplewood-based 3M Co., Richfield-based Best Buy, Minneapolis-based Target Corp., Medtronic of Fridley, and other state-based Fortune 500 companies, nonprofits and government institutions. Peters said all are committed not just to training future workers, but creating a new foundation for the local tech industry.
“We’re really talking about how you ingrain cybersecurity in Minnesota,” she said.