Shane Simmons – South Carolina Department of Employment and Workforce

While Shane Simmons knew the demand for cybersecurity analysts  was high, he didn’t predict how many people would be interested in the career path.

Earlier this year, 86 people applied for 10 spots in an internship program that he created with the South Carolina Department of Employment and Workforce.  Simmons, the organization’s chief information office r, selected participants based on how they answered questions about their interest in the program.

“One person was working a minimum wage job and wanted to change his path in life,” Simmons says. “We already have companies that plan to offer some of our  participants a $60,000 salary when they’re done here. This program will create generational change for people.”

Shane Simmons | Chief Information Officer | South Carolina Department of Employment and Workforce

That’s exactly what the DEW aims to provide. The state agency offers training and certificate programs to help residents develop skills for in demand jobs, especially within the technology industry. It also manages resources and assistance, such as workforce development, employment services, unemployment insurance benefits and labor market information.

Simmons was asked to develop the cybersecurity analyst  program after the agency’s executive director, Dan Ellzey, saw   the “critical skill gap” for the role, not only in South Carolina, but across the country. The only requirement participants need is a high school diploma; no IT experience or certifications are needed.

“This type of job is best to learn hands on, so it’s been great having people excited to learn,” Simmons says. “It makes me feel good to see so much interest in the program.”

Growth phases

Simmons, who’d only been with the agency for a month when he began developing the program late last year, drew on his experience building cybersecurity programs at other companies.

He worked with a small team to develop the year-long program, which is broken into four three-month phases. The first cohort of the program started in July, with participants ranging from a recent high school graduate to people in their fifties looking for a career change. A new cohort will start every three months, always staying one phase behind the cohort ahead.

Phase one of the program focuses on developing core security operation center analyst  skills, including identifying suspicious emails and stopping them from causing harm. Participants will also learn to investigate files and links across the agency’s network and handle data loss prevention incidents.

In the second phase, which will focus on log analysis, participants will learn to read computer logs and identify incidents. Phase three will focus on threat hunting, vulnerability management, security audits and privacy assessments.

The fourth phase will be somewhat different and will use a “train the trainer approach” in which participants will teach phases one through three  to the newest cohort. During this phase, Simmons and his team will also help participants apply for jobs.

“The way we’re designing this program isn’t for our own advantage,” he says. “Our goal is to line them up for a job with a private business or other government agencies .”

Model example

Another goal is to help other agencies implement the program, Simmons says. When he and his team shared the details of the program with their contacts at Microsoft, they were told most agencies spend two to three years developing similar programs.

“They told us it was a model example of a workforce development program in the technology space,” Simmons says. “I think not having a lot of cooks in the kitchen helped us execute on specific ideas more quickly.”

He plans to package the details of the program, including training resources and the structure of each phase, in a downloadable zip file next year after the first cohort is finished. He says it will be available to any government agency, whether in South Carolina or not, looking to duplicate the program or use it as a model.

Aside from the internship program, Simmons has been working on a network refresh that will be completed by mid-2023. The agency has 52 locations throughout the state, and he’ll be going to each one to install new products, such as backup services for call centers.

“This will ensure our systems can never go down and will improve our resiliency tremendously,” he says.

In the past, when a website or phone line has gone down because of weather or technical issues, residents haven’t been able to access services, such as unemployment benefits. Situations like this also create stress for the agency’s employees, Simmons says.

When the system refresh is complete, it’ll not only be more secure and stable, but faster, too. Looking ahead, Simmons wants to create a data warehouse so the agency can become a more data driven organization.

“I’m always trying to learn something new and jumping into a CIO role has allowed me to be a leader and use my security background to make decisions,” he says.

Being of service

While becoming a CIO had been a goal of Simmons’s, he’s also dreamed of being a cyber officer with the South Carolina Army National Guard.

He joined the U.S. Army Reserves in 2013 and then its signal  division in 2014. In February 2020, he was accepted into the Cyber Protection Battalion with the South Carolina Army National Guard and in June 2022 began the Officer Candidate School to become a cyber officer . He’ll finish the program and become commissioned  in August 2023.

The designation means that Simmons can work on cyber military operations, including stopping cyber attacks targeting government agencies in South Carolina and other parts of the country. He says the skills and experience he’s gaining will also benefit him in his work with the DEW.

Simmons, who spends his free time with his four daughters and playing guitar, has always been civic minded, he says. He was introduced to cybersecurity while serving in the Army and earned his bachelor’s degree in the subject from Western Governors University.

After working as chief information security officer for over a year at Berkeley Electric Cooperative in South Carolina, he decided to work for the state. In 2019, he became CISO for the South Carolina Department of Social Services. He applied to be CIO of DEW so he could take on a larger leadership role.

“I want to give back and I want to help,” Simmons says. “My mindset is that if I don’t do it, who will? That drives me.”

View this feature in the Fall I 2022 Edition here.