Light Dark
November 14, 2018 By Kacy Zurkus 3 min read
CISO
Incident Response

Just as the field of cybersecurity grew out of information technology, cybersecurity education is evolving as an offshoot of the computer science field. The current state of cybersecurity course offerings as an underdeveloped computer science footnote is allowing the skills gap to grow. To change this, higher education has to address the theoretical and hands-on skills students need to do their jobs post-graduation.

Without sufficient expert staffing, security teams lack the resources necessary to do their jobs effectively; in this way, the skills gap itself is a significant security risk. How, then, can the industry educate the next generation at scale? While there is no one answer, let’s take a look at what’s going on in classrooms across colleges and universities to see how higher education can evolve to meet the needs of the industry.

How to Recognize Shortcomings in Cybersecurity Education

By taking a closer look at the actual cybersecurity training programs higher education currently provides, industry leaders can help draw the road map of where it needs to go. How can they improve its offerings without bankrupting students who are already spending tens of thousands of dollars on degrees that fail to prepare them for the real-world problems they will face?

Bo Yuan, professor and chair of the Department of Computing Security at Rochester Institute of Technology (RIT), acknowledged that many undergraduate degree programs in cybersecurity start out with common introductory courses in computing and mathematics, such as Computer Science I and II and Calculus, eventually ramping up to more specialized training.

“As they get further into the program, students at RIT take more cybersecurity-focused courses, including Introduction to Cryptography and Cyber Security Policy and Law,” Yuan said. “In master’s degree programs, courses often focus on the theoretical foundations of computing security and how to become leaders in the implementation of computing security and information assurance policies and practices.”

To ensure that graduates are able to successfully transition from the classroom to the security operations center (SOC), cybersecurity education leaders should expand and more deeply integrate their hands-on learning opportunities.

Why Student Outreach Is Crucial

With the hefty price tag on degrees these days, students need to be judicious in the programs they choose. But it’s also up to industry leaders to reach out to their future recruits and help connect them with opportunities. Although one-to-one engagement across school districts is impossible, any role security professionals can play is a significant investment in long-term cybersecurity strategy.

Steering students cybersecurity training programs that offer them the chance to detect, identify and respond to existing threats in a simulated environment will yield the best returns. Unfortunately, those opportunities are not equally available to all students, and many won’t have the exposure they need to recognize their specialized interests within computer science early enough to plan effectively to get there.

Collaborate to Offer Experiential Learning

Hands-on learning opportunities are essential for cybersecurity students, and many academic institutions, including RIT, enable students to gain experience through simulated real-world exercises. But the students need to know what’s out there before making career-defining decisions to specialize one way over another.

To that end, some security companies have already parterned with educational organizations to extend opportunities for such immersive training.

“We have a heavy hands-on component to the degree programs with labs and project assignments,” Yuan explained. “Additionally, RIT computing security students are required to do two terms of co-ops (paid internships) before graduation.”

Yuan noted that RIT students have engaged in cooperative educational experiences with organizations such as IBM, Eaton Corporation and government agencies. These experiences often lead to job offers before graduation; both students and recruiters are reaping the benefits of these arrangements.

Why It’s Important to Make Connections Early

Through internships and co-ops, students can develop strong cybersecurity skills in the field, which hiring organizations desperately need to keep up with the evolving threat landscape. The Advanced Cyber Security Center (ACSC) and the University of Massachusetts created the Cybersecurity Education and Training Consortium (CETC) to bring industry leaders and students together. According to a press release, “The CETC will connect higher education leaders with business leaders to promote academic programming in cybersecurity that aligns with the needs of Massachusetts employers.”

Higher education programs around the world should partner with the cybersecurity industry to learn more about the needs of students and professionals. Through these innovations, students and enterprises can gain efficient access to both learning opportunities and talent. By working together with institutions of higher learning, businesses can ensure that students come out of learning programs armed with an understanding of the existing threat landscape and how to monitor its constant change so that they are fully equipped to do their jobs.

 |  |  |  |  | 
Kacy Zurkus

More from CISO
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature