Emulating Teaching Hospital Concepts in Cybersecurity Hiring

As part of the 2024 SANS | GIAC Cyber Workforce Research Report, we spoke with individuals responsible for attracting, hiring, and retaining cybersecurity roles for major organizations and government agencies to get a detailed view into the challenges they were facing. One of those individuals was Sharifa Bernard, Learning & Development Program Manager at Amazon Web Services (AWS). Sharifa provided insights into the innovative strategies in use for cultivating AWS’s cybersecurity workforce.

There are three specific areas Sharifa spoke to: assessments, apprenticeships, and a cyber teaching hospital concept.

Approaching Assessments

Specifically, Sharifa spearheads pioneering initiatives at Amazon aimed at sustainable growth and development within the cybersecurity domain. Sharifa advocates for the implementation of performance- and lab-based testing application assessments. Because such assessments emphasize the importance of real-world and aptitude-based training, she believes they offer a more accurate gauge for predicting success or failure in high-pressure cybersecurity environments.

Leveraging Apprenticeships

To help deal with the cybersecurity workforce shortage, AWS implemented a pilot apprenticeship program for cyber. Although cybersecurity and training management recognized the urgency of overcoming this shortage, they faced a challenge in gaining upper management buy-in due to the substantial investment in mentoring senior employees and the necessity of cultural shifts.

The apprenticeship model – blending on-the-job experience with external training from organizations like SANS – provides early-career employees a practical view of navigating a dynamic corporate cybersecurity environment, whether supporting internal systems or catering to client needs. This approach allows novices to learn critical job skills from seasoned mentors, grasp human behavior nuances, and comprehend the intricate landscape of cybersecurity’s high-risk business.

Implementing a Cyber Teaching Hospital Concept

As an extension of the apprenticeship program, AWS adapted the teaching hospital concept to its environment. The concept mirrors an environment where aspiring doctors are consistently trained to approximate their eventual workplace. Mirroring this approach, AWS cybersecurity staff are trained in an environment closely resembling real-world scenarios, which mitigates risks while workers are primed for “actual” work experiences.

This fail-fast methodology fosters rapid learning in a consequence-free environment, resembling the pace and challenges of cybersecurity. By cultivating a robust generalist cybersecurity foundation in early-career staff, AWS aims to facilitate smooth transitions to specialized roles within the dynamic cybersecurity landscape.

More Insight into Cyber Workforce Trends and Challenges

The 2024 SANS | GIAC Cyber Workforce Report includes six unique case studies from top cybersecurity leaders from leading organizations across the US. In addition, the report paints a full picture of the challenges and opportunities for building cybersecurity teams that are backed by successful hiring and development practices. To read the report in full, download it now.