Good news: The high demand for information security jobs has been heard by academia. Bad news: Academia is in dire need of help from information security professionals such as yourselves in order to shape the next generation of security talent. We’re all in this together — the sooner we realize it, the better for all of us.

Cybersecurity educators whose expertise spans information security topics are increasingly being tapped to create new security courses, launch new security degree programs, mentor students in the field and continue to keep the curriculum in their courses relevant. Yet the same market forces also mean that educators with experience and certifications can easily make 50 percent to 100 percent more than their academic salary by making the jump to industry. Unfortunately, this would only further exacerbate the problem of growing the next generation of security professionals since there are not enough qualified teachers to serve the growing population of students in the field.

So how can current information security professionals help support the growth of future security talent and keep the curriculum fresh?

Responding to the Demand for Degrees

Academia has heard the call for more security-related courses and degrees thanks in part to documented demand data from the U.S. Bureau of Labor Statistics (BLS) which shows a “much faster than average” expected growth rate of 37 percent for information security analysts for the period of 2012 to 2022. Such data is key to making a successful request for a new course or degree program. Higher education has responded by creating new courses and degree program options both at the undergraduate and graduate level.

However, changes in academia are often measured in years, not months or weeks, due in part to the slow process of getting programs or courses approved through the curriculum review process. This slow pace means that it is important for cybersecurity educators and academic administrators to build in flexibility when designing new information security tracks. It’s also critical to receive input from industry experts on topics that are just now peaking on the security horizon.

Here are some questions that should be top of mind when considering how the current security landscape should impact higher education — and what you can do to further that aim.

How can the security industry help important topics find their way into the curriculum?

Offer to serve on the advisory board of relevant academic departments in your area and seek input into the curriculum development process to ensure topics that are only just appearing on the horizon are included for consideration.

How can the security industry nurture and support students’ interest in security professions?

Connect with student groups interested in security or help create one together with a faculty adviser. Provide guest lectures (free pizza always helps boost attendance), career advice and, perhaps most importantly, remember to send some of your recent hires back to their almae matres to share stories about the life of a security hire with their former classmates. This will also help with a key performance metric for academia: retention. Students who see themselves with the potential for thriving careers are much more likely to stay enrolled in the same field at the same institution.

How can the security industry help keep curriculum content fresh and relevant for students?

Partner up with local academic institutions and offer to give a guest lecture. Often, the easiest way to make an initial contact is either via the institution’s career services center or by contacting the chair of the relevant department directly. Once the contact is established, identify some key faculty members who usually teach the security courses. At my institution, we have had long-serving industry partners, some even jokingly referred to as honorary faculty since they’re interacting with our courses and students so frequently.

Unsurprisingly, these industry partners often know the best students well ahead of official career fairs and can extend solid job offers to them. Classroom time is precious, however, so don’t expect your offer to come speak a week before final exams to be received warmly. It’s best to make the connection early in the academic term (e.g., August/September and January/February for institutions on academic semesters) rather than at the end of a term when students and educators are stressed.

Retaining Qualified Teaching Talent

One of the issues facing academic institutions is the highly competitive salaries offered to qualified information security professionals. How can an educational institution compete with $100,000-plus salaries in the security professions when the average faculty salary might, at best, only reach two-thirds or three-fourths of that?

While BLS data reports mean salary for information security analysts in 2014 at $91,600, other reports put salaries of seasoned security professionals well above the $100,000 mark. In the U.K., a recent survey found that one-sixth of security professionals earn at least 100,000 pounds a year. A Dice Jobs analysis of the highest-paying jobs in security reported average salaries well above the $100,000 mark for seasoned security professionals, including those who work as a lead software security engineer ($233,333), chief security officer ($225,000), global information security director ($200,000), security consultant ($198,909) and chief information security officer ($192,500). Similarly, Robert Half’s “2016 Salary Guide for Technology and IT” predicted the following salary ranges for security jobs in 2016: $113,500 to $160,000 for data security analysts, $140,250 to $222,500 for chief security officers and $129,750 to $182,000 for information systems security managers.

However, there is more to consider than just money. As an industry leader, you’ll have to think about several areas of concern that impact your relationship with students and academic institutions.

How can the security industry help cover the many security topics that need teaching?

Security employers can make sure prime topics are taught by being flexible and encouraging their employees to seek adjunct teaching opportunities at nearby colleges or universities. This benefits the employee — after all, there’s no better way to really learn something than to teach it — and benefits students by exposing them to professionals in the field that practice what they preach. It also helps employers by creating connections with academic institutions and students who might just become their next hire.

How can the security industry help faculty stay up to date with changes in the security world?

Partner with the educator directly or via the institution’s administration to provide a faculty internship. You will find that academics do know what a nondisclosure agreement is and are very amenable to protecting the information shared with them. Alternatively, you could offer to sponsor the faculty’s living expenses while they shadow some of your security professionals for a week or two. This will directly impact the educator’s professional development in the field, which in turn will have an immediate and long-lasting impact in the classroom.

How can the security industry help retain talented faculty in academia?

Enterprises could partner with the institution and offer to sponsor a course, training opportunity or even a job-shadowing grant for the educator with whom you’ve established a solid relationship. Few faculty members ever make the switch from academia back into industry. However, most have a thirst for more knowledge and richer experiences that can be achieved in collaboration with an industry partner without formally leaving academia. By giving faculty members an out-of-academia experience, you might not only help keep them in the classroom, but also contribute to making them a better teacher.

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…