As security vendors, we talk a lot about how technology can help maintain our way of life in the digital age by providing the mechanisms to prevent attacks. The other two pieces of that prevention story, however, rely on people and processes.
In the past there was a real shortage of people skilled in the basics of cybersecurity, which meant that cybersecurity roles weren’t filled anywhere near as quickly as they were needed, or inexperienced people were hired and forced to learn on the job, both of which posed huge risks to organizations. I think this is still somewhat true today — there are more cybersecurity roles needed than there are seasoned cybersecurity professionals — but we’ve made progress in solving this problem.
A growing number of universities in the U.S. have added cybersecurity-related degree programs to their educational offerings.
- University of Southern California
- Carnegie Mellon University
- Pennsylvania State University
- Johns Hopkins
- University of Maryland University College
- Massachusetts Institute of Technology
- University of Denver
- Northeastern University
- Dakota State University
- San Jose State University
- Utica College
- Maryville University
Most of these programs offer online courses, including virtual lab environments and an array of different security technologies. A few offer both bachelor’s and master’s programs.
Courses offered teach network management and security, web security, data privacy and regulations, forensics and gathering data from multiple sensors, applied cryptography, and offensive security (pen-testing), to name a few.
The eventual impact of formalized cybersecurity education, despite concerns, should be positive in the following ways:
- At a minimum, formalized cybersecurity courses should raise the general public’s awareness level around how to more safely use the Internet. I don’t expect that the average person will be able to describe the OSI layers or know what SQL injection is, and I’m certain that this increase in general knowledge will be slow, but I do expect that the layman will at least think twice before sticking with default passwords, for example. This should also decrease the amount of insider negligence.
- It will become less difficult to hire and retain expert staff. Though technical training within different cybersecurity degree programs may differ, the very fact that it’s now an option for students means that it’s more accessible to a broader audience. Students who may not have otherwise known cybersecurity was a career they could choose may find out that they’re interested in pursuing it. MBA candidates whose goal might be to attain a C-level title can get the education they’ll need to become effective CIOs and CISOs.
If Stan Lee has taught me anything, I know that with great power (that is, knowledge) comes great responsibility, and ultimately a choice must be made: do I use this knowledge for good or evil? Cybersecurity graduates will be faced with several job prospects, including working for cybercriminal organizations. The very fact that we’ll have a larger pool of security experts means that we also risk a larger number turning to the “dark side” and putting on black hats. However, better access to cybersecurity education should also mean more resources for law enforcement to crack down on cyber crime and the individuals perpetrating it.
I prefer to think positively.
It’s certainly a sign of progress when, in the span of 15 years, we’ve come from a time when information security wasn’t really taken seriously, to an age when cybersecurity is so ubiquitous as to warrant its own major within several universities. We now have so many educational institutions offering cybersecurity-related degrees that we can make a Top 10 list for online degree programs alone.
If you haven’t already, think about enhancing your formal skills and enrolling in one of these programs, or ask your company if they’ll sponsor you. Better yet, contribute to our future by letting your kids know that they can now go to college to learn how to hack.
Check out the Ponemon Institute’s 2014 review of the best schools for cybersecurity.
Degree Programs – Cybersecurity
https://niccs.us-cert.gov/education/degree-programs