Scholarship for Service OpportunitiesSFS Program Director Offers Advice for Students
The Scholarship for Service Program has increased its funding this year, and that means there are more opportunities for students interested in training for cybersecurity roles in government, says Victor Piotrowski of the National Science Foundation.
Funding for SFS has increased to $45 million for fiscal 2012, which reflects the importance of building the cybersecurity professional workforce, says Piotrowski, SFS program director.
Also, the mission has grown to include not just federal government, but also state, local and tribal, Piotrowski says.
"Another change is that we look carefully at the recruitment of students," Piotrowski says in an interview with Information Security Media Group's Tom Field [transcript below]. In order to be eligible for the SFS program, students must be U.S. citizens, achieve a top-level security clearance and be strong in STEM - science, technology, education and mathematics.
How to Get Involved
Students interested in SFS can visit www.sfs.opm.gov, the program's official website.
"The website contains frequently asked questions [and] the list of participating universities," Piotrowski says. Also available is the contact information for the universities, so students can reach out through e-mail or phone.
And for government agencies interested in looking for cybersecurity professionals, they can go to the same website, Piotrowski explains. "They can see students' resumes and they can start [searching] even outside of our official job fair," he says. "They can see the pool of students and they can approach them individually."
In an exclusive interview about the Scholarship for Service program, Piotrowski discusses:
- The expansion of the SFS program;
- Success stories for students and agencies;
- How to get involved in Scholarship for Service.
Before joining NSF, Piotrowski served as a Professor and chair of the Computer Science Department at the University of Wisconsin. He previously held faculty positions at the North Dakota State University and at the Institute of Informatics in Poland. He has a 10-year experience in research, teaching and consulting in Information Assurance (IA) and holds several IA certifications including Certified Information Systems Security Professional and SANS Institute GIAC Incident Handler. He also serves on the SANS GIAC advisory board.
Expansion of SFS Program
TOM FIELD: Let's talk about the Scholarship for Service Program, or SFS. What's new for 2012?
VICTOR PIOTROWSKI: Well the biggest news is that we have more money, much more money. Last year we had $15 million. This year we have $45 million. I think it reflects the importance and the shortage of the cybersecurity professional workforce and building capacity in the higher-education enterprise. That's the big news - $45 million.
We currently have a solicitation that's asking academia to submit proposals. The solicitation deadline is April 17 and can be found on the NSF website. What new things are happening in the solicitation? First, the mission has expanded. In earlier years, we were targeting only federal government. Now the mission is federal, state, local and tribal government. We were doing this on a limited basis, but this is the first solicitation when we explicitly extended this mission that's consistent for what's happening in cybersecurity bills on the hill. You probably have seen some of them; the recent one, [Sen. Joseph] Lieberman's bill, has exactly the same language. That's one of the big changes.
The cybersecurity infrastructure is as secure as the weakest link, and security, the federal government part with all those interconnections to local, state and tribal, doesn't make too much sense, so we literally have to send a lot of the work force to the other governments too.
Another change is that we look carefully at the recruitment of students, the pathways of how they're educated and our program has a relatively small pool of students from which we think we can draw. The students have to be U.S. citizens. The students have to be clearable on most cases, so the top security clearance. The students have to be very strong in STEM - science, technology, education and mathematics. We extend the scholarship lengths from two years to three years when the student crosses the boundary of a degree.
For example, a student is in the fourth year program getting a bachelor's degree and then passes to move to the master's degree level, [they] can get to the first year of the scholarship during the bachelor program and then two additional years to complete the master's degree, and the same for other combinations. Also, PhD students will be funded for three years.
The capacity-building program, our mission is two-fold. First is to bring the direct work force to the government, but also to build capacity and also we change the amounts in capacity-building proposals. Those projects can be longer and on a little bit larger scale. We want to achieve some kind of sustainability; direct funding and attracting students is one way, but it's short term. Building sustainability, the curriculum implemented and helping to start cybersecurity programs is helping to create the cybersecurity profession with all the aspects as the long-term program is sustainable, and that's the other funding we have which is much more aggressive this year.
FIELD: You talked about how the program has evolved. What are some of the success stories that you've seen come out of the Scholarship for Service program?
PIOTROWSKI: That SFS has a very high marking. We especially get praises from left and right. Quotes are that this is the best investment, the most efficient way of creating cybersecurity workforce. ISC2 - the professional international organization giving CISSP certificates - in their survey of federal CIOs in 2010, we got very surprising numbers that they mentioned cybersecurity Scholarship for Service as the feet for their hiring needs, and, to some extent, quite unrealistic from our end because the survey essentially said that about 20 percent of the hires in the near future will be coming from SFS. If you look at this, we graduate about 150-160 students a year. Then you have a three million people government enterprise. Obviously there's a mismatch here. But this is an example of our high visibility. We are mentioned almost in each cybersecurity enhancement ad that you've seen in the last two or three years. Allan Paller, who's the director of SANS, mentioned SFS as a "drop in the bucket but a wonderful drop."
We realize that we're small, we're growing. We produce a sizeable workforce, but the biggest pride is the quality. We send our graduates to 140 agencies and branches within the government. We have alumni associations [with] the sense of community. It's really the nickname we use for the workforce - cybercore.
If I can add maybe a couple of successful stories from the field, let me mention just one university, the University of Tulsa, where we have extremely high-end forensic laboratories that are funded by the Secret Service; our SFS students can work in the laboratory. They work on digital phones that they send from Afghanistan that were destroyed in an explosion and they try to recover data. They work with the local police departments. For example, last year, they helped to solve a triple homicide by getting data from the telephone that was in the soil for several years, and it was very difficult to get anything from this. This is the example of a local success of the program.
FIELD: What have you found to be some of the unique challenges for either the students or the organizations that participate in the program?
PIOTROWSKI: The challenge for students - the most critical challenge that they have - is to be able to obtain high-level cybersecurity clearances. That means the little small things that happened, say, in high school might especially be preventing them from obtaining top security clearance. For example, a drug used in high school and this kind of thing, so obtaining top secret clearance, passing lie detector tests. A lot of our students work for agencies like the National Security Agency, the Secret Service, CIA, FBI - there's a very high standard for obtaining security clearances. So I would say the challenge for students is be sure that they have an extremely clear and honest record. That includes things like, for example, the illegal downloading of a copyrighted material and other things. Another challenge for students is cybersecurity is very interdisciplinary, but nevertheless the core competence is heavily based on mathematics and computer science, so there's another challenge for students to maintain a very high level of these competencies.
In terms of participating organizations, do you mean government organizations or academia?
FIELD: Either, honestly.
PIOTROWSKI: The challenges for participating organizations, I think we work in very long cycles. Those students that have just graduated need to go through a very long process of security clearances, and we work in very unstable and economical situations, so we have a long time window when we try to obtain internships for a student with a specific agency and then we have a job fair that we want to match students with agencies. This is a long, long time before the actual starting date because the clearance process is long, and then a lot of agencies cannot really say that much in advance into their situations, how many students they will be hiring. It's a challenge this long-term planning in very unstable or unpredictable economical conditions.
In terms of academia, I think the major problem is if you look for computer science programs, the majority of students in graduate computer science programs, for example, are non-US citizens. Our program specifically restricts scholarship recipients to citizens and I think that's a big problem. That's why we're working on those pipelines, working from company to college, from university to graduate programs, maintaining high-quality students who are U.S. citizens.
How to Get Involved
FIELD: We've got time for one more question here. What advice would you offer to individuals or organizations that would like to participate in Scholarship for Service going forward?
PIOTROWSKI: First, I would point them to a very good website that we have at the Office of Personnel Management. We maintain the SFS website. If I can maybe give the URL for this, it's www.sfs.opm.gov, and that website contains frequently asked questions, the list of participating universities. So a student can go there. We have about 14 universities currently in the program and they can apply. There's contact information for principal investigators at those universities. They can send an e-mail or give them a phone call.
In terms of government agencies that are looking for cybersecurity professionals, it's the same website. There's an area in which they can obtain a password and user name [through the] human resources department and then they can see students' resumes and they can start even outside of our official job fair. They can see the pool of students and they can approach them individually. For academia, my advice would be this. We have, as I mentioned, increased budgets so this is a good year to apply to NSF for cybersecurity grants. The solicitation has been published in January. It's on the NSF website and the deadline for submission is April 17.