Co-authored by Prof. Danilo Caivano, Prof. Teresa Roselli and Prof. Donato Malerba.

The cybersecurity skills shortage is getting worse — a November 2017 study by the Enterprise Strategy Group (ESG) and Information Systems Security Association (ISSA) confirmed this statement.

But this probably isn’t news to you — especially if you’re among the 70 percent of security professionals who claimed their organization suffers from the talent crisis. Exacerbating this problem is the fact that many top universities have been slow to catch up to the needs of corporations when it comes to cybersecurity education.

Fortunately, at least one school is working to close the gap between what the market needs and what educational systems are delivering.

Closing the Cybersecurity Skills Gap Through Education

The University of Bari Aldo Moro in southern Italy is working closely with IBM to develop a specialized curriculum to help students work toward a bachelor’s degree in cybersecurity.

Founded in 1925, this institution on the Adriatic Sea serves the 1 million-plus residents in the metropolitan area of Bari and also draws students from around the world. Under the beautiful arches of its Roman architecture, students will study application security controls and processes to orchestrate tools, such as vulnerability management and security information and event management (SIEM) tools.

They’ll learn the practices necessary to drive a security unit, such as a security operations center (SOC) or computer security incident response team (CSIRT), with a focus on prevention, detection and response.

How Simulation Exercises Teach Essential Cybersecurity Skills

With IBM’s help, the university is creating a realistic, hands-on lab environment where students are assigned specific roles, such as chief information security officer (CISO), security analyst and security administrator. Through exercises like capture the flag — where defending teams attempt to identify and isolate bad actors breaching the infrastructure — students get a taste of what they might encounter in a real-world cyberattack.

But this is a partial view: In the real world, good and bad are more nuanced, depending on roles, processes and technologies. The lab enables students to test out various roles using the same software and solutions they would find in a real SOC — taking simulation exercises to a new level.

From the Ivory Tower to the Real World

University professors Danilo Caivano, Teresa Roselli and Donato Malerba have been the driving force behind this program, acknowledging the critical role universities can play in alleviating the cybersecurity skills shortage.

The goal is not only to turn out well-informed security professionals but also to leverage the lab as a competency center for the industrial and research communities and provide cybersecurity services in partnership with private companies and public administrations.

Read more: There’s Never Been a Better Time to Consider Security Careers

More from CISO

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…