Maryland's New Cyber Blueprint: Skills, Not Just Staff, Are the Mission

BETHESDA, MD – June 09, 2026 – In a move that signals a seismic shift in how we approach cybersecurity workforce development, the SANS Cyber Workforce Academy has opened applications for an expanded Maryland program. This isn't just another training initiative; it's a strategic response to a redefined crisis. The industry's primary challenge is no longer a simple headcount shortage, but a profound and dangerous skills gap. Supported by the state's EARN Maryland grant, the venerable training institute is adding specialized tracks in Industrial Control System (ICS/OT) security and Artificial Intelligence (AI) security, directly targeting the economy's most vulnerable and advanced frontiers.

This expansion is a direct answer to a stark reality laid bare by the SANS 2026 Cybersecurity Workforce Research Report: 27% of organizations have suffered security breaches as a direct result of their teams lacking the right capabilities. As Maryland doubles down on building a cyber-resilient workforce, it’s providing a blueprint for how to move beyond simply filling seats and start building the specific competencies required to defend a nation.

From Headcount to Capability: Redefining the Cyber Skills Gap

For years, the narrative has been dominated by a single metric: the millions-strong global shortage of cybersecurity professionals. But the ground has shifted. According to the latest SANS research, for the first time, skills gaps have decisively overtaken headcount shortages as the industry's top workforce challenge. A staggering 60% of organizations now report their teams lack the right skills to defend against current threats, compared to just 40% citing insufficient staffing. This isn't a statistical blip; it's a fundamental change in how the industry defines its crisis.

This competency deficit has tangible, costly consequences. IBM’s 2024 breach analysis found that security skills shortages added an average of $1.76 million in additional costs to a data breach. The message is clear: an under-skilled team is nearly as dangerous as an understaffed one. This is the problem the SANS Academy, backed by the Maryland Department of Labor, aims to solve.

"This investment reflects Maryland's understanding of what's at stake," noted Rob T. Lee, Chief AI Officer and Chief of Research at the SANS Institute. "The challenge across the industry is lack of clarity: which training, which credentials, which skills actually match what employers need. This program provides that path for a state that sits at the intersection of national security, critical infrastructure, and emerging technology. Get the training right, and you build a workforce that can actually defend it."

Corroborating reports paint a similar picture. The 2024 (ISC)² Cybersecurity Workforce Study identified a global gap of 4.8 million professionals, with 59% of existing cyber pros reporting that skills gaps significantly impair their organization's security posture. The problem is one of both quantity and, increasingly, quality.

Maryland’s Strategic Play: Securing AI and Critical Infrastructure

The Academy’s new tracks are not arbitrary additions; they are precision-guided investments in Maryland's—and the nation's—most critical sectors. The ICS/OT Security track is designed for professionals who will defend the machinery of modern life: power grids, water treatment facilities, and manufacturing plants. As these operational technology environments become increasingly connected to IT networks, they become prime targets for sophisticated adversaries seeking to cause physical disruption. This track will equip a new cohort of defenders with the highly specialized skills needed to secure SCADA and PLC systems, turning a critical vulnerability into a hardened asset.

The AI Security track addresses the double-edged sword of artificial intelligence. While AI is being deployed to augment cyber defenses, its rapid, often insecure, adoption across every business function has created a vast new attack surface. The SANS 2026 report found that while 54% of organizations have AI security policies, only 38% provide the comprehensive training needed to implement them. This new curriculum is designed for incumbent IT professionals, training them to secure AI/ML models against adversarial attacks, ensure data privacy, and build secure AI development lifecycles. For a state like Maryland, home to the National Security Agency and U.S. Cyber Command, building this capacity is a matter of national security.

A Blueprint for the Nation: The Public-Private Partnership Model

Underpinning this entire initiative is a powerful public-private partnership model that other states should watch closely. The funding comes from EARN Maryland, a state grant program that is both industry-led and regionally focused. Its core principle is aligning workforce training directly with employer demand, ensuring that state investment translates directly into jobs. This isn't a 'train and pray' model; it's a 'train the committed' strategy that has proven its worth.

Since its inception in 2018, the Maryland academy has placed more than 310 residents into cybersecurity roles, boasting an impressive 87% placement rate for graduates within 12 months of completion. The story of Tim Nordvedt, who transitioned from working two full-time jobs with no cyber background to becoming a Director of North American Solutions Architects, exemplifies the program's transformative potential. His experience highlights that success is built not just on technical training, but on a holistic support system of interview prep, networking, and career coaching.

This model demonstrates how a state government and a private training leader can collaborate to address a critical market failure. By de-risking the training investment for both the individual and the employer, they create a powerful engine for both economic mobility and enhanced security resilience.

Opening the Door: Accessibility and Economic Mobility

Crucially, the program is engineered for accessibility. All training is delivered virtually, removing geographic barriers and opening the door to working adults, veterans, military spouses, and individuals from under-resourced communities across Maryland. By offering the comprehensive training package—including SANS courses, GIAC certification attempts, and hands-on labs—completely free of charge to eligible residents, the state is making a profound statement about who gets to participate in the modern economy.

The Core Cybersecurity track continues to serve as a vital on-ramp for career changers, while the new specialized tracks provide upskilling pathways for existing professionals. With applications open through June 30, the program is set to onboard 60 or more participants into a rigorous curriculum running through spring 2027. This initiative is more than a line item in a workforce development budget; it is a strategic investment in human capital, designed to build a more secure and prosperous future for the state by empowering its residents to fill the most critical jobs of the 21st century.