Even though we’re all aware that Watson can read millions of pages per second, you and I are still limited to one at a time. One book at a time, one lesson at a time, one skill at a time — education, like everything else, is subject to prioritization.

As a result, academics and universities have hard choices to make when it comes to choosing a curriculum, especially in a burgeoning topic like cybersecurity, which continues to grow in depth and breadth every semester. According to a study on cybersecurity education carried out by the IBM Center for Applied Insights, problems seen on the industry level are a major influence shaping cybersecurity academic programs.

The center’s study, a follow-up to its recent CISO assessment, “Fortifying for the Future,” consisted of interviews with cybersecurity professionals who held a range of responsibilities within the academic world. First and foremost, the interviewees did what many of our CISO assessment respondents have over the years: point out the various imperfections, concerns and issues afflicting today’s information security practices.

But the interviewees didn’t stop at identifying problems. They also offered ways in which these challenges could be addressed through actions within academia. This structure — academic solutions as remedy for business problems — breaks down into four key concepts, derived from the collective musings of the dozen interviewees:

1. Know Your Enemy

An oft-bemoaned shortcoming of information security, and one that was echoed throughout our interviews, is the feeling of always being two steps behind cybercriminals, who are constantly imagining new ways to attack companies. As a result, people in the academic world are looking for new perspectives on threats that are less prone to an endless game of cat and mouse. Understanding the behavior and motivations of hackers is one way of beating your enemy to the punch, which calls for complementing technical topics with courses in economics and psychology. On the technical side, this shift means focusing less on the how of an attack in favor of trying to predict the where and the when by characterizing attack flows using big data analytics. Teaching students to think like an attacker, along with the predictive power of big data, will help turn traditionally defensive strategies into offensive ones.

2. Don’t Get Lost in Translation

Security solutions are only as effective as the person advocating for them since nontechnical executives need to understand and adopt the defenses. Adoption is far from assured in many companies, where the communication between security leaders and their C-suite peers can be anything from unclear to antagonistic. With this corporate hurdle in mind, security academics are trying to train their students to be as skilled in communication as they are in cybersecurity. By emphasizing classes in areas like business, governance and policy, security programs hope to produce experts capable of bridging communication gaps. On the flip side, cybersecurity needs to be taught in schools of business and public policy, not only in computer science programs.

3. Be Decisive on Devices

Ten years ago taking work home with you might have meant packing a briefcase with some printouts. But today, employees often have their full suite of IT capabilities at home, on the road and everywhere outside the office through company-supplied mobile phones or even their own devices. While such interconnectedness gives employees more flexibility, it also increases the responsibility of security teams, who must figure out how to provide ubiquitous protection for employees and their devices. As a result, universities are adding more classes on mobile security to prepare their graduates for the challenges they’ll face in business. The interviewees estimated that the number of classes on device and Internet of Things security has proliferated in the last couple of years alone.

4. Speak Up Outside of Academic Settings

If communication within a company can be lacking, it can certainly be just as insufficient externally, as well. Interviewees lamented the poor collaboration among businesses when it comes to security. While extreme privacy might seem like a rational approach in an era of intense media scrutiny, organizations are missing out on chances to inform each other about threats and build stronger defenses based on collective intelligence. Universities are helping out both by hiring industry experts as professors and allowing them to share their experience in the classroom, and also by hosting events where business leaders can convene and converse in an academic setting. As a result, schools not only coordinate the exchange of information, but can also adjust their curricula based on areas of need dictated by visiting executives.

Information security is never complete. The act of continuously building walls around your company’s or country’s information can feel like a Sisyphean task, but answers may lie in the world of academia. “The only fence against the world is a thorough knowledge of it,” said John Locke, who may not have been familiar with data breaches or DoS attacks, but whose advice still rings true today. Thankfully, there are dedicated individuals at universities offering advice and educating the CISOs and security professionals of the future.


More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…