Good news: The high demand for information security jobs has been heard by academia. Bad news: Academia is in dire need of help from information security professionals such as yourselves in order to shape the next generation of security talent. We’re all in this together — the sooner we realize it, the better for all of us.
Cybersecurity educators whose expertise spans information security topics are increasingly being tapped to create new security courses, launch new security degree programs, mentor students in the field and continue to keep the curriculum in their courses relevant. Yet the same market forces also mean that educators with experience and certifications can easily make 50 percent to 100 percent more than their academic salary by making the jump to industry. Unfortunately, this would only further exacerbate the problem of growing the next generation of security professionals since there are not enough qualified teachers to serve the growing population of students in the field.
So how can current information security professionals help support the growth of future security talent and keep the curriculum fresh?
Responding to the Demand for Degrees
Academia has heard the call for more security-related courses and degrees thanks in part to documented demand data from the U.S. Bureau of Labor Statistics (BLS) which shows a “much faster than average” expected growth rate of 37 percent for information security analysts for the period of 2012 to 2022. Such data is key to making a successful request for a new course or degree program. Higher education has responded by creating new courses and degree program options both at the undergraduate and graduate level.
However, changes in academia are often measured in years, not months or weeks, due in part to the slow process of getting programs or courses approved through the curriculum review process. This slow pace means that it is important for cybersecurity educators and academic administrators to build in flexibility when designing new information security tracks. It’s also critical to receive input from industry experts on topics that are just now peaking on the security horizon.
Here are some questions that should be top of mind when considering how the current security landscape should impact higher education — and what you can do to further that aim.
How can the security industry help important topics find their way into the curriculum?
Offer to serve on the advisory board of relevant academic departments in your area and seek input into the curriculum development process to ensure topics that are only just appearing on the horizon are included for consideration.
How can the security industry nurture and support students’ interest in security professions?
Connect with student groups interested in security or help create one together with a faculty adviser. Provide guest lectures (free pizza always helps boost attendance), career advice and, perhaps most importantly, remember to send some of your recent hires back to their almae matres to share stories about the life of a security hire with their former classmates. This will also help with a key performance metric for academia: retention. Students who see themselves with the potential for thriving careers are much more likely to stay enrolled in the same field at the same institution.
How can the security industry help keep curriculum content fresh and relevant for students?
Partner up with local academic institutions and offer to give a guest lecture. Often, the easiest way to make an initial contact is either via the institution’s career services center or by contacting the chair of the relevant department directly. Once the contact is established, identify some key faculty members who usually teach the security courses. At my institution, we have had long-serving industry partners, some even jokingly referred to as honorary faculty since they’re interacting with our courses and students so frequently.
Unsurprisingly, these industry partners often know the best students well ahead of official career fairs and can extend solid job offers to them. Classroom time is precious, however, so don’t expect your offer to come speak a week before final exams to be received warmly. It’s best to make the connection early in the academic term (e.g., August/September and January/February for institutions on academic semesters) rather than at the end of a term when students and educators are stressed.
Retaining Qualified Teaching Talent
One of the issues facing academic institutions is the highly competitive salaries offered to qualified information security professionals. How can an educational institution compete with $100,000-plus salaries in the security professions when the average faculty salary might, at best, only reach two-thirds or three-fourths of that?
While BLS data reports mean salary for information security analysts in 2014 at $91,600, other reports put salaries of seasoned security professionals well above the $100,000 mark. In the U.K., a recent survey found that one-sixth of security professionals earn at least 100,000 pounds a year. A Dice Jobs analysis of the highest-paying jobs in security reported average salaries well above the $100,000 mark for seasoned security professionals, including those who work as a lead software security engineer ($233,333), chief security officer ($225,000), global information security director ($200,000), security consultant ($198,909) and chief information security officer ($192,500). Similarly, Robert Half’s “2016 Salary Guide for Technology and IT” predicted the following salary ranges for security jobs in 2016: $113,500 to $160,000 for data security analysts, $140,250 to $222,500 for chief security officers and $129,750 to $182,000 for information systems security managers.
However, there is more to consider than just money. As an industry leader, you’ll have to think about several areas of concern that impact your relationship with students and academic institutions.
How can the security industry help cover the many security topics that need teaching?
Security employers can make sure prime topics are taught by being flexible and encouraging their employees to seek adjunct teaching opportunities at nearby colleges or universities. This benefits the employee — after all, there’s no better way to really learn something than to teach it — and benefits students by exposing them to professionals in the field that practice what they preach. It also helps employers by creating connections with academic institutions and students who might just become their next hire.
How can the security industry help faculty stay up to date with changes in the security world?
Partner with the educator directly or via the institution’s administration to provide a faculty internship. You will find that academics do know what a nondisclosure agreement is and are very amenable to protecting the information shared with them. Alternatively, you could offer to sponsor the faculty’s living expenses while they shadow some of your security professionals for a week or two. This will directly impact the educator’s professional development in the field, which in turn will have an immediate and long-lasting impact in the classroom.
How can the security industry help retain talented faculty in academia?
Enterprises could partner with the institution and offer to sponsor a course, training opportunity or even a job-shadowing grant for the educator with whom you’ve established a solid relationship. Few faculty members ever make the switch from academia back into industry. However, most have a thirst for more knowledge and richer experiences that can be achieved in collaboration with an industry partner without formally leaving academia. By giving faculty members an out-of-academia experience, you might not only help keep them in the classroom, but also contribute to making them a better teacher.