The first resource that I would point you towards is a map that was just produced by NIST. I guess it's the National Institute for Cybersecurity Education in the U.S. that actually maps out population density and the number of users. It's a good resource to look at how we're meeting the workforce challenge.
I would say master's level education and university level education to appropriate technical specifications like Security Plus or CISSP.... These are certifications to get people trained to do certain kinds of core cybersecurity functions. The degree to which community colleges or whatever the appropriate name is in Canada—you'll forgive me—the associate degree.... The sorts of institutions that can train people in cybersecurity tasks are incredibly helpful, and the degree to which the federal government can offer either some kind of incentive for universities to initiate those kinds of training programs we found to be very helpful.
It also helps if you have state universities that are clustered around industries that need to transition. For us, the manufacturing sector and large parts of the U.S. economy have gone through a massive transition. There are states like Michigan, for example, where Michigan State University should be investing in cybersecurity training for a lot of the auto industry. The auto industry itself is transitioning into cybersecurity. Finding these corollaries around clusters where you can then make investments in university training is very helpful.
The last thing I would say is about the evolution of the cyber mission force, which is our military force. It was initiated in 2012, and it achieved full operational capacity in 2018. These are the individuals who are sort of high end. There are 6,200, and the investment in this force is a major deterrent effort on behalf of the government. These hackers exist within the military—and they are hackers. It did take them five years to get fully trained, though, to get the whole group fully trained, because you had to move people through schoolhouses, and that takes time and effort.
There is a little bit of patience, and that's what ultimately leads me to say: Focus on securing your most important applications first.