Filling the Cybersecurity Workforce Shortage
Here in the middle of 2015, it seems every day brings news of yet another information security breach within commercial or governmental organizations. In only two years, PwC estimates the number of security breach incidents has increased by almost 48 percent. The range of attack vectors has also significantly broadened to encompass not just obvious targets, such as financial institutions and government agencies, but just about any entity with a connection to the Internet, from stock exchanges to baby monitors.
With just about all Internet-connected individuals and organizations coming under attack, demand for cybersecurity professionals is growing exponentially. In 2013, cybersecurity was often seen as a necessary evil by management and users. In 2015, the field is viewed as a necessity – full-stop. Despite the increasing demand for cybersecurity professionals and the willingness on the part of most organizations to increase their budgets to include security personnel, there is still a shortfall in hiring simply due to an insufficient pool of suitable candidates, according to "The 2015 (ISC)2 Global Information Security Workforce Study."
Job prospects in cybersecurity never looked better, with Trendmicro estimating that growth of cybersecurity positions is currently increasing at a rate 12 times faster than the rest of the U.S. job market. Many colleges and universities are developing or providing cybersecurity related degrees and certificates to try to address the shortage of qualified cybersecurity professionals.
Whether pursuing the training required to obtain an advanced cybersecurity certification or going the academic route for a degree in cybersecurity, both approaches take more time than many organizations can afford: the demand is right here, right now. Additionally, many traditional universities often remain stuck in rigid curriculum approaches that lack the flexibility students need in a mobile world.
A new approach to cybersecurity protection and related education is needed, one that blends a focus on technology and security techniques with social psychology, risk management collaboration, and overall curriculum integration. In recognition of the pressing need to put qualified candidates into the field as soon as possible, curriculum has to be delivered in as agile a manner as possible, allowing the student to “speed to degree” without sacrificing the degree's academic quality.
An effective cybersecurity program is one that recognizes the need for security with flexibility, as part of the entire curriculum from entry-level to advanced, and in all classes, whether they are focused on technology or leadership skills. Similarly, an effective curriculum is one that helps students think like professional hackers while guiding them to develop a risk-based approach to security which ensures that appropriate measures are applied to protect key data.
The National Security Agency is promoting this new approach to cybersecurity education with hacking competitions, a hands-on way to showcase potential threats and countermeasures. For their part, universities are moving toward hands-on virtual labs and introducing areas ranging from ethics to social psychology. Just as vital, though, is the need for cybersecurity education for all students, and not just those studying information technologies. In the end, every network user has a role in creating a dynamic mobile environment that offers flexibility while remaining secure.
About the Author:
Lynne Y. Williams is a faculty member in the MSIT program at Kaplan University who has been working with computers and networks since the days of VAX mini-mainframes. The views expressed in this article are solely those of the author and do not represent the views of Kaplan University. Follow her on Twitter @DrLynneWilliams or @Kaplan_univ.