It\u2019s no secret that the world is facing a shortage of cybersecurity talent. The (ISC)\u00b2 Center for Cyber Safety and Education\u2019s 2017 Global Information Security Workforce study projects a deficit of over 1.8 million qualified cybersecurity professionals between now and 2022.Many industry analysts agree that the underlying problem is the lack of education in cyber skills \u2013 in high schools, colleges, post grad and on the job. While cybersecurity education is maturing and improving at all levels, there is still work to do, including attracting young students to cybersecurity careers, says David Shearer, CEO of (ISC)2 Inc., a global, not-for-profit that educates and certifies information security professionals throughout their careers.\u201cA lot of organizations are doing a lot of great work\u201d toward educating cyber talent, Shearer says. Here are five innovative ways that the public and private sectors are educating tomorrow\u2019s cyber professionals \u2013 and what\u2019s still missing.High school pathways capture students\u2019 interest early onAs with any field that goes from grassroots to being taught in schools, cybersecurity is in an apprenticeship phase right now rather than a purely educational phase, says Diana Kelley, global executive security adviser at IBM Security.IBM has been part of an effort to get high school students\u2019 hands on the keyboard and spark interest in technology since 2011 with one of the first Pathways in Technology Early College High Schools, or P-TECH programs. The six-year programs partner tech companies or government agencies with local school districts and community colleges to offer one-on-one mentoring, paid internships, a free associate degree and the potential for a job at a technology company for students who complete the program.In 2014, IBM helped launch the first P-TECH program focused specifically on cybersecurity training. Some 150 high school students at Excelsior Academy in New York are in their third year of the program. \u201cThey\u2019re learning hands-on activities, like network administration skills, how to manage a Unix box and set up users, forensic analysis, being able to look back through log files to understand what happened on a system, even developing and understanding legal issues associated with cybersecurity,\u201d Kelley says.Through the partnership with the Newburgh Enlarged City School District, IBM and SUNY Orange County Community College, students will graduate with an Associate of Applied Science degree from SUNY Orange.Today, three P-TECH programs focus specifically on cybersecurity. The P-TECH program at Carver Vocational and Technical High School in Maryland, in partnership with IBM and Baltimore City Community College, launched last fall with 50 students. \u201cWe have 87 IBM mentors for those 50 students,\u201d Kelley says. \u201cSome of them, we hope, will work with IBM when they graduate\u201d and work in cybersecurity, she adds.The program expects to enroll another 50 students this fall. The third program, in Newport, R.I., is a collaboration between Newport Public Schools, Community College of Rhode Island and the Southeastern New England Defense Industry Alliance.What\u2019s still missing?\u201cSometimes content or courses are available but increasingly I\u2019m convinced that we\u2019re just not messaging this correctly,\u201d Shearer says, citing that interest in STEM doesn\u2019t necessarily mean interest in cybersecurity. The message to young candidates should be \u201cthat cybersecurity is an exciting, stable career, and we need bright young kids coming in on the right side of the law and the right side of this fight we have globally."Boot camps offer crash courses in cybersecurityCybersecurity requires \u201cnew collar\u201d workers, those who have valuable skills over degrees, says Kelley. \u201cExplorers, problem-solvers, someone with a really strong ethical sense and wants to do guardian-type activities\u201d can do well in cybersecurity, she adds.The cybersecurity boot-camp model can provide those missing technical skills for professionals from other fields, veterans returning from duty or Millennials who don\u2019t want to attend a four-year college.Three-to-six-month training programs focus on practical hands-on experience. \u201cTeaching by solving practical cyber challenges with actual cybersecurity tools provides an opportunity for students to obtain up-to-date knowledge and skills in a condensed timeframe,\u201d says Algirde Pipikaite, vice president of information risk at Cybersponse, and an advocate for public-private partnerships and apprenticeships for cybersecurity talent.Boot camps could also help retrain workers in high unemployment states, she says. \u201cPlaces like Ohio and Michigan have very strong, talented people that were blue collar workers with skills in the auto industry or in manufacturing operations. Take three to six months to retrain them \u2013 they\u2019re smart, and they\u2019re going to get it. They\u2019ll have a well-paid, upper-middle class job.\u201dBoot-camp-style cybersecurity training is already being applied in both the Department of Defense and Department of Homeland Security. In less than six months, a person is trained to detect digital anomalies and defend a network using the most up-to-date cybersecurity skills and tools.In January, the DoD announced it will take that model on the road with a six-month cybersecurity boot camp at Chicago\u2019s Wright Junior College in 2018. The program will be based on training prototyped with military students at Fort McNair in Washington, D.C.The program, funded by the DoD and the city of Chicago, will enroll 20 to 30 service members and civilians who will learn skills in public and private-sector cybersecurity, culminating with the \u201cOffensive Security Certified Professional Certification\u201d test.Companies including Accenture, Allstate, Aon, ComEd, Keeper Security and Microsoft will offer students internships, mentoring and job placement.What\u2019s still missing?Pipikaite would like to see more government-sponsored boot camps like these developed through a cybersecurity presidential fellowship program where workers who complete the funded program would be required to work for the federal government for at least a year. The plan would benefit private sector businesses, too. \u201cHaving stronger government cybersecurity would automatically provide better private sector cybersecurity,\u201d she says.On the job \u2013 Certifications may be more valuable than degrees Industry certifications are considered by some companies to have more value than some degrees, according to Holly Zanville, senior adviser for credentialing and workforce development at the Lumina Foundation, a private foundation focused on increasing success in U.S. higher education.\u201cAs we\u2019re seeing more [certifications] get embedded in [higher ed] programs, we\u2019re hearing some students elect not to complete degrees once they pass some of these certifications. They go and find a good job,\u201d Zanville says.(ISC)2 awarded 10,130 certifications between 2015-2016, up from 9,017 certifications in 2014-2015. The number of years\u2019 experience required for some certifications used to confound some would-be candidates, but more people are turning to (ISC)2\u2019s associate program, where candidates can pass a certification exam to become an associate of (ISC)2, and then get an extra year to achieve the required experience.\u201cWe provide an extra year knowing that people could have a break in employment [while finding or changing jobs] or other life events while they\u2019re working to acquire the requisite experience,\u201d Shearer says. \u201cIt\u2019s an entry-level solution and a career-path change solution \u2013 so that experience does not become a barrier to entry.\u201dWhen the candidate passes the certification test, they get an associate digital badge to add to their signature block. (ISC)2 is accredited, so it can only award full certifications to people who have passed the exam, received endorsements and completed a background check of experience. More than 15,000 people have held the associate designation since the program began in 2003, and 85 percent have gone on to hold a full (ISC)\u00b2 certifications.What\u2019s still missing? The industry needs a way to vet and validate the many cybersecurity certifications offered by non-profits, institutions and private companies, says Evelyn Ganzglass, co-director of Connecting Credentials, a collaboration of 100 national organizations trying to make credentials and badges easier to understand. \u201cAll credentials are based on learning outcomes, but some are not transparent about what those outcomes are,\u201d she says. In 2015, the group launched a national dialog on ways to create equitable and fair credentialing models.Four-year cybersecurity degrees and graduate programs flourish Analysts have seen an uptick in the number of colleges and universities developing cybersecurity curriculum, many with the help of federal agency grants and collaboration.Universities in the U.K., E.U. and U.S. are taking frameworks created by NIST and from cyber centers in the U.K. intelligence world and offering master\u2019s level programs, says Mark Coleman, a research director at Gartner in London. \u201cBut the reality is, it\u2019s almost impossible for CISOs to get people out of their current, badly needed job and send them out to university for a year to come back with some qualification. It does build skills, but it\u2019s really slow.\u201dThe threat landscape changes quickly, and skills become obsolete. What\u2019s more, many companies are eager to poach skilled cybersecurity workers, \u201cso as soon as you\u2019ve gotten them trained, they go somewhere else, and you\u2019re back to square one,\u201d he says.What\u2019s still missing?\u201cAs colleges and universities continue to provide more curriculum that\u2019s cyber-related, we still need to see students in those seats, in those classes, receiving that education,\u201d Shearer says.What is still missing? Head to our Facebook page to let us know.