Jordan Jueckstock and his wife Jessica applied to the University of Tulsa’s Cyber Corps Program after receiving an e-mail from a professor with the subject line “Do you want to be a MacGyver?”
References to the TV secret agent aside, the Jueckstocks got full scholarships and a stipend to attend the two-year master’s program, paid by the U.S. government. In return, the former software developers, both in their mid-20s, must work for a federal agency for at least two years after graduation.
The U.S. is beefing up its cybersecurity as more and more sensitive data -- from medical records to power grids -- go online, becoming vulnerable to attacks and viruses. By offering scholarships, the government aims to win the tug of war with private contractors, Silicon Valley and Wall Street for the small pool of qualified computer-security specialists. The recruitment strategy has been successfully applied to get more doctors and military officers into government service.
“If we can get these students to stay for two to five years, that’s a win,” Mischel Kwon, former director of the U.S. Computer Emergency Readiness Team, said in a phone interview. She now runs the Cyber Defense Lab at George Washington University.
The government is proposing to increase the budget for its Scholarship for Service program by 67 percent to $25 million next year, according to the National Science Foundation, which administers the program. Since the program began in 2001, about 1,500 graduates have joined 140 federal agencies, including the National Security Agency, Central Intelligence Agency and the Department of Homeland Security.
‘Best Draft Picks’
The global information-technology security market was estimated at about $35 billion, according to a study released in February by Forrester Research in Cambridge, Massachusetts.
The NSA and CIA try to get the top students for internships and then invite them back after graduation, Richard Schaeffer, a former NSA information assurance director, said in an interview.
“It really becomes a race as to who can clear them first,” Schaeffer said.
Before universities award scholarships, students are vetted to ensure their interest in government service, according to the National Science Foundation. Sujeet Shenoi, director of the Tulsa program who sent the MacGyver e-mail, compared the process to professional sports.
“I need to get the best draft picks,” Shenoi said.
About 145 universities have computer-science programs that qualify for the cybersecurity training program and about 40 of those colleges get scholarship funding.
Programs at George Washington University in Washington and Johns Hopkins University in Baltimore blend technical skills with health and public policy, according to the National Science Foundation. Idaho State University combines cyber expertise with a degree in business administration. Mississippi State University, like Tulsa, is focused on digital forensics, where electronic evidence is extracted from computers, phones and other devices.
Almost all students that go through the program get top security clearance, according to the foundation.
Graduates are in demand at the Department of Homeland Security’s National Cyber Security Division, which seeks to reduce cyber threats and responds to incidents, said Deputy Director Nicole Dean. In three years, the unit has grown to more than 300 people from 33, and there are plans to double the staff in the next two years, she said.
The scholarship program currently sponsors about 300 students, according to the foundation. Funding covers full tuition for as long as two years, lodging, and books, and comes with a stipend of up to $30,000. Graduates on average get five job offers from different agencies.
“The return on investment to the U.S. government I think is absolutely huge,” Schaeffer said.
‘Most Important Training’
Students also delve into corporate security issues as part of their training, helping companies that want to understand their cyber weaknesses.
Victor Sheymov, president of computer-security company Invicta Networks Inc. in Reston, Virginia, had a group of University of Tulsa students try to penetrate two company systems. The students broke into one of them, Sheymov said in a telephone interview.
Cybersecurity training “is the most important program, if not in the world, certainly in this country,” Sheymov said.
More experts are needed to protect vulnerable systems that connect cyberspace with physical space, such as networks that control oil refineries and chemical plants, said Sheymov, a former officer in the Soviet KGB security service. He defected to the U.S. in 1980.
After graduation this winter, Jordan Jueckstock will begin a job in government intelligence, he said. He declined to name the agency. He spent the summer gauging the abilities of hackers as an intern with the Defense Information Systems Agency, the Internet-service provider for the Defense Department. His wife Jessica hopes to land a job with that agency.
In a typical year, about 95 percent of Tulsa Cyber Corps graduates go to the NSA, CIA and DISA, and all have stayed in government jobs, according to Shenoi, the Tulsa director.
“The intelligence community loves my students” because they work on actual cases with secret-service agents and with the cyber-crimes units of the local and state police departments, Shenoi said in an interview.
Other schools’ estimates of government retention rates of graduates vary widely -- 30 percent to 40 percent from the cybersecurity program at the Polytechnic Institute of New York University, to 95 percent from Carnegie Mellon University’s CyLab in Pittsburgh.
Jumped to Microsoft
Some students leave after the two years if they want to live in a place where there are no federal job opportunities, said Kwon at George Washington. Some go on to research and development centers or work in security jobs with government contractors in private industry.
Microsoft Corp. offered about $80,000 a year to a cybersecurity undergraduate at NYU, double the amount of his government offer, said Nasir Memon, head of the NYU program. The student paid off his scholarship in installments and went to work for the software company, according to Memon. It was the only case out of about 70 or so people in the program where a student left without fulfilling the two-year work obligation, he said.
While the government’s goal is to retain as many skilled professionals as possible, the U.S. benefits from having more cybersecurity experts, even if they venture outside the government for employment.
The government “is training evangelists,” said Patrick Kelly, who went through the program at George Washington and is now with the Department of Health and Human Services. It’s “training people that know the technology and can teach it and bring it wherever they are going.”