Jeff Gatz, New2Cyber Curriculum Director, SANS Institute: Closing the Cybersecurity Workforce Gap

In the United States, there are around 879,000 cybersecurity professionals in the workforce and an unfilled need for another 359,000 workers, according to a 2020 survey by (ISC)2, an international nonprofit that offers cybersecurity training and certification programs. Globally, the gap is even larger at nearly 3.12 million unfilled positions, (ISC)2 says.

We spoke with Jeff Gatz, New2Cyber Curriculum Director, SANS Institute, to discuss the New2Cyber Program and how it aims to help to solve the cybersecurity workforce shortage.


What is New2Cyber and what does the program aim to solve?

New2Cyber is a new curriculum developed by SANS Institute to help non-technical professionals enter the cybersecurity field. Created to help fill the growing cybersecurity workforce gap and increase the pool of cybersecurity talent, New2Cyber creates a pathway for professionals seeking to enter the field for the first time and provides organizations with the tools needed to reskill employees for careers in cybersecurity. The foundational knowledge and skills professionals receive through New2Cyber courses will help strengthen the global cybersecurity posture and better position organizations with the talent needed to protect and secure critical information and technology assets.

What types of professionals can pursue New2Cyber curriculum?

All professionals can pursue courses in the New2Cyber curriculum. The aim of the curriculum is to help all professionals kickstart careers in cybersecurity regardless of industry, from first-time cybersecurity professionals interested in reskilling to enter the cybersecurity workforce to those looking for a refresher on the cybersecurity basics.


We continue to face a huge shortfall of cybersecurity workers in the United States and globally. How important is it to get non-technical professionals to transition to the cybersecurity field?

It is extremely important to invest in educating non-technical professionals for careers in cybersecurity. With over 464,000 open cybersecurity positions nationwide, it is critical to help professionals make the transition to cybersecurity. As an in-demand career that pays over 82K per year for entry level roles, the cybersecurity field is ripe for professionals seeking out cybersecurity training opportunities for the first time and provides a great opportunity for individuals looking for a new career path.

Creating a strong pipeline of cybersecurity professionals is key to combatting the increase of ransomware attacks and high-profile breaches. SANS’ New2Cyber curriculum provides employees with real-world cybersecurity skills taught by the top experts in the industry.

Why is it important for organizations to retrain their own employees to cybersecurity careers?

It’s important for organizations to invest in training their own employees for cyber careers because it can help address the shortage of tech talent from within their own walls. Helping employees make the transition to the cybersecurity team within an organization also helps improve retention. Solving the cybersecurity workforce shortage requires innovative solutions, and retraining employees internally for cybersecurity careers is key to closing the talent gap. There is tremendous opportunity for organizations to help their professionals pivot to cybersecurity, and this program is key to making that happen.

What does the New2Cyber curriculum entail?

The New2Cyber curriculum features a set of three courses designed to help first-time cybersecurity professionals build foundational cybersecurity knowledge and train for critical industry certifications through the Global Information Assurance Certification (GIAC). The three core courses include:

  • SEC275: Foundations – Computers, Technology & Security empowers students to learn fundamental computing, foundational IT and security skills through browser-based learning modules and hands-on labs. This course prepares students for a new GIAC certification, GFACT.

  • SEC301: Intro to Cybersecurity covers a broad spectrum of security topics, from core cybersecurity terminology to how computers and network’s function. This course prepares students for the Global Information Security Fundamentals (GISF) certification exam.

  • SEC401: Security Essentials – Network, End Point and Cloud covers the most effective steps to preventing attacks and detecting adversaries. This course provides students with the essential information security skills and techniques needed to protect and secure critical information and technology assets, whether on-premise or in the cloud. This course prepares students for the GIAC Security Essentials Certifications (GSEC) exam.

###