It is no secret that we face a significant global cybersecurity skills shortage, with 1.8 million open and unfilled positions expected by 2022. As global leader of academic outreach for IBM Security, I am often asked what steps we can take to address the shortage and accelerate skills.

My response is unwavering: There is no single answer, no silver bullet. We must act tirelessly, remain dedicated to the cause and engage in many different types of activities. One such activity involves corporate sponsorship of competitions such as the Collegiate Cyber Defense Competition (CCDC), which wrapped up this past weekend with the national finals taking place at the University of Texas at San Antonio.

What Is the CCDC?

The CCDC aims to provide an educational experience in which students can apply theory and practical skills in a controlled, competitive environment, all while fostering teamwork, ethical behavior and effective communication both within and across teams. Over the course of several months, teams from higher education institutes across the U.S. compete in virtual qualifiers, regional competitions and, ultimately, the national finals.

In a CCDC competition, student teams assume administrative and protective duties for a fictitious commercial network. Teams begin the competition with identical sets of hardware and software, and are scored on their ability to detect and respond to outside threats, react to business injects and maintain the needs of the business.

Read the IBM X-Force Report: Using gamification to enhance security skills

The Importance of Industry Sponsorship

According to Stephen Keim, principal architect and program manager at IBM Security, it’s important for industry sponsors to be involved with CCDCs. For one thing, it gives them access to a hotbed of talent, with over 1,000 highly skilled security and computer science students from top U.S. schools looking for employment. These competitions also offer students visibility into products and people.

While theory has its place, nothing beats hands-on skills when it comes to being employable upon graduation. In fact, aside from the shortage of talent itself, the most common complaint of hiring managers is the lack of hands-on skills demonstrated by applicants. Competitions like the CCDC provide a wonderful environment for hands-on learning.

“I enjoyed seeing the strong level of interest and enthusiasm the student competitors have toward IBM Security,” said John Wheeler, vice president of services strategy at IBM Security. “I believe students really find IBM Security attractive given the broad range of experiences we can offer given the vast range of our solutions, global presence and leading direction in cognition.”


Bob Kalka, vice president of IBM Security, networking at NCCDC in San Antonio.

Furthermore, volunteering at the CCDC presents an opportunity to speak with department heads and other faculty members to understand their needs. They provide perspective on what we, their industry partners, can do to help them teach the skills necessary to make the world a safer place.

Nurturing the Cybersecurity Talent of Tomorrow

This year, for the first time, IBM sponsored the CCDC regionals in the Northeast, Southeast and Western regions, as well as the national finals in San Antonio. IBM Security employees volunteered in various capacities, but they overwhelmingly favored white team membership.

White team members judge teams and monitor their performance, attitude and technical skills very closely throughout the competition. White team members also have the opportunity to provide feedback to the students, to share what went well and what could be improved upon next time. Overall, CCDC competitors remained calm and displayed incredible enthusiasm and professionalism, leaving quite an impression on the IBM team.

“As a white team member, you really get to see who is going to perform under pressure,” said Rhonda Childress, IBM Fellow. “By watching the teams, you really get a feel for how they will react to situations. I wish they had this competition around when I was going through university!”

In addition to monitoring and judging the teams, IBM volunteers had the opportunity to share their passion for IBM, explain what they do, and talk about the breadth and depth of IBM Security solutions. According to Nat Prakongpan, integration lab manager for IBM Security, students across the U.S. are now aware that IBM does cybersecurity, and does it well.


The IBM Booth, with Nat Prakongpan, at SECCDC.

Our IBM volunteers had such a wonderful time meeting and observing the young talent of the future in action that many are already asking if they can go back next year. Congratulations to all the teams who competed in the 2017 CCDC qualifiers, regionals and national finals. Competing in events such as the CCDC takes a special kind of passion and dedication. The IBM team sends a big shout out to the team from the University of Maryland, Baltimore County, which took the 2017 National CCDC championship title.

As they say in show business, that’s a wrap! See you at CCDC 2018!

Read the IBM X-Force Report to learn how gamification can enhance security skills

More from Intelligence & Analytics

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…

What Can We Learn From Recent Cyber History?

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…

When Logs Are Out, Enhanced Analytics Stay In

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question. “Because SIEMs are hard to use. A SIEM purchase is just a checked…

4 Most Common Cyberattack Patterns from 2022

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we…