In this series of articles titled “Tomorrow’s World,” members of Business & Technology faculty will reflect on the changes taking place in their field and consider how those changes might impact someone pursuing a career in that discipline. In this article, Dr. Andrew Hurd, the faculty program director for cybersecurity, considers challenges and changes in the field of cybersecurity and suggests how students should be career-ready for tomorrow’s world.
Disclaimer: Opinions expressed are solely my own and do not represent the views or opinions of my employer.
Cybersecurity can be considered one of the oldest disciplines in the computing world; the evolution of cybersecurity has developed from the merger of computer security and information security. It has evolved from the early days when government officials feared foreign nationals were stealing secrets off computers, to the modern day where the Office of Personnel Management was hacked (Finklea et al., 2015). These threats are real and candidates entering the workforce need to be prepared to handle problems that may not exist today. Educating students of problems that don’t exist is a difficult task for educational institutions; preparing them to think creatively, and to be agile in their approach to problem solving is a challenge. A major goal of Excelsior College is to facilitate students to not only think about the problem at hand, but also what the problem can turn into, and how to solve that new problem.
Cybersecurity’s Future Challenges: The Internet of Things
One of the biggest challenges for cybersecurity is the Internet of Things (IoT) (Manral, 2015). The myriad devices that have been introduced onto the technology scene pose a large and constantly changing landscape for the people trying to protect the information stored. The ability to problem-solve in ways that most people do not recognize is important for cybersecurity specialists. The financial implications in cybersecurity are large and growing (Moore, 2010). It is difficult to predict, or even quantify, the cost of a security breach. People entering the workforce, or transitioning jobs, have a difficult time estimating the cost associated with breaches.
The expansion of IoT increases the possibility of breaches, the types of those breaches, and their complexity (Markowsky, 2015). If the IoT continues to grow, and manufacturers continue to put out devices with minimal security and unchanged default configurations, challenges for cybersecurity specialists will continue to rise. The challenge is that security specialists must understand how these devices connect and communicate with each other before they can secure the information. Individuals in the industry must stay up-to-date with their skillset. The IoT plays an important role in individual’s personal identifiable information (PII), which has direct correlations with health care and many other financial entities. A great example of this is the Equifax breach that just happened. We as a collective will feel the repercussions from this breach for years to come.
The Skills of the Cybersecurity Specialist
Maintaining the proper skillset is challenging, but exciting. The world of cybersecurity is fast-paced and cybersecurity specialists need to be informed and vigilant. Middle and high school technology programs are preparing learners with the proper skillset to be successful in college (Simon and Banford, 2017). Programs like Project Lead the Way have been instituted to help young learners develop beneficial skills earlier in life. They can expand tthese skills throughout college and into their careers (Cahill, 2016). Initiatives into STEM programs become increasingly important because individuals within these areas will be working with cybersecurity specialists to safeguard information, or some of the individuals within these programs will go on to become cybersecurity specialists (Eberle, 2010; Cherinka and Prezzama, 2015).
Career Readiness in Cybersecurity
Some institutions are focused on bringing career readiness into their curriculums (Lui and Murphy, 2017). There are many ways for learners to try and keep their skills current and up to date. Some can continuously take college classes. Others can enhance their knowledge through industry certifications; still others may receive on the job training. The biggest competencies for cybersecurity workers are the ability to learn and the willingness to do so. Understanding how to evaluate risk and learning the techniques of risk mitigation play a large role in incident response and cybersecurity threat analysis.
Certifications and Credentials of Competence
Many believe that industry certifications are the best way to prove proficiency in the cybersecurity field (Evans and Reader, 2010; Morgan, 2016). Those who have industry certifications entering the workforce bolster their resume and present a willingness to learn more about a specific subject matter. Most industry certifications target a specific job role or skillset. Learners can specialize in areas that are of interest to them. Educational institutions that partner with entities like CISCO and become training academies offer a proven curriculum to their students. Training academies adopt the materials that are put forth by the manufacturer and learners get access to discounted exam vouchers for the industry certifications. This is a nice feature to promote career readiness and to offer a benefit to workers who are investing in the educational programs. There are five major industry certification vendors for IT and cybersecurity: (ISC)2, CompTIA, EC-Council, CISCO, and ISACA. Each specialize in their own areas and in many instances, there is an overlap of skills between vendors and certifications. Each vendor offers the assurance that if a student holds a certification with their company credentials, then they have an increased competency in the given area.
Large institutions like ABET and the ACM have been trying to figure out where cybersecurity can be integrated into their strategic goals (Greenlaw, Phillips, and Parrish, 2014; Chesnais, 2012). The door is wide open to workers of all levels to be part of a future cybersecurity landscape.
Careers in Cybersecurity for Tomorrow’s World
The demand for cybersecurity is not going away in the foreseeable future. If there is money to be made, then there is a need for specialists in cybersecurity. At Excelsior, the baccalaureate degree, the master’s degree, and the credit-bearing undergraduate and graduate certificates in the business and technology programs recently underwent revisions. The bachelor’s degree meets all the guidelines for the Center for Academic Excellence in Cyber Defense (CAE-CD). Excelsior College is designated as a 4-year CAE-CD by the National Security Administration and Department of Homeland Security. The credit-bearing courses institute the philosophy of hands-on, virtualized learning where applicable. The courses still contain foundational theoretical concepts, but the student must demonstrate their proficiency with the technical skills that align with the knowledge. The degrees also incorporate the development of soft skills that employers are looking for, such as the ability to work in groups and to present information to a group of people. These soft skills and the hands-on experience are essential to prepare students for careers in the industry. They prepare students to be agile and handle any given task while preparing them to tackle the problems of the future.
Cahill, J. (2016). Project Lead the Way—Bridging the College and Career Prep Divide: How to Provide Youth with Hands-On Experiences That Help Prepare Them for Their Careers. Young Adult Library Services, 14(4), 26.
Cherinka, R., & Prezzama, M. J. (2015) Innovative Approaches to Building Comprehensive Talent Pipelines: Helping to Grow a Strong and Diverse Professional Workforce. Systemics, Cybernetics and Informatics, Volume 13, Number 6.
Chesnais, A. (2012). ACM’s annual report. Communications of the ACM, 55(1), 9–13.
Eberle, F. (2010). Why STEM education is important. Instrumentation, Systems and Automation Society Publications. Retrieved from https://ww2.isa.org/standards-and-publications/isa-publications/intech-magazine/2010/september/why-stem-education-is-important/.
Evans, K., & Reeder, F. (2010). A human capital crisis in cybersecurity: Technical proficiency matters. Center for Strategic and International Studies.
Finklea, K., Christensen, M. D., Fischer, E. A., Lawrence, S. V., & Theohary, C. A. (2015, July). Cyber Intrusion into US Office of Personnel Management: In Brief. Library of Congress Washington D.C. Congressional Research Service.
Greenlaw, R., Phillips, A., & Parrish, A. (2014). Is it time for ABET cybersecurity criteria?. ACM Inroads, 5(3), 44–48.
Liu, X. M., & Murphy, D. (2017). Are They Ready? Integrating Workforce Readiness into a Four-Year College IT/IS Curriculum. Retrieved from http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1007&context=sais2017.
Manral, J. (2015). IoT enabled Insurance Ecosystem-Possibilities Challenges and Risks. arXiv preprint (arXiv:1510.03146).
Markowsky, L., & Markowsky, G. (2015, September). Scanning for vulnerable devices in the Internet of Things. In Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), 2015 IEEE 8th International Conference on (Vol. 1, pp. 463-467). IEEE.
Moore, T. (2010). The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection, 3(3), 103-117.
Morgan, S. (2016). One million cybersecurity job openings in 2016. Forbes. Retrieved from https://pcage.edu/wp-content/uploads/2017/04/Forbes-Cybersecurity-Article-1.pdf.
Simon, N., & Banford, M. (2017, March). Cyber Crime Investigators: Pathways from High School to Cybersecurity Careers for First Generation College-Bound Students. In Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education (pp. 717-717). ACM.