Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cybersecurity skills aren’t taught in college

Sarah K. White | Dec. 14, 2016
Cybersecurity threats are increasing each year, but businesses report shortage of qualified candidates coming out of undergraduate programs. Preparing the next generation of cybersecurity experts won't be a quick fix, so business will need to get strategic.

Cybersecurity is a growing concern across the globe and businesses are eager to build secure products and keep corporate data safe. The only problem is that cybersecurity is a relatively new skill, and there just aren't enough qualified candidates to go around.

When Intel and the Center for Strategic and International Studies (CSIS) surveyed 775 IT decision makers, 82 percent expressed a concern for the cybersecurity skills shortage. It's reached a point where the government has created the National Initiative for Cybersecurity and Studies (NICS) to help address the growing need for cybersecurity professionals, starting by getting kids introduced to cybersecurity as early as middle school.

Part of the problem is that the landscape of cybersecurity is becoming increasingly complex at faster rates, which means that "what is learned today may not address tomorrow's problems," says Shawn Burke, Global CSO at Sungard, a provider of technology in the financial services industry.

Hands on experience

Cybersecurity isn't necessarily a focus in undergraduate information technology programs, says Michael Taylor, applications and product development lead at Rook Security, a managed security services provider. Taylor mentors college interns from cybersecurity programs at Purdue and Indiana University and says that one problem he notices is a lack of hands-on experience for students.

They might learn to code and develop apps, but he says that students aren't taught to consider security throughout the development process. Instead, it's introduced far later in the program. He suggests that this lack of experience holds students back from being able to "immediately contribute solid code to a team after graduation."

"The average junior or senior student will have a good grasp of algorithms, data structures and other topics within computer science. What they are missing is the focus on how to make their programs durable, fault tolerant and secure," he says.

Think like hackers

Taylor says students need to be taught to "think like hackers" to fully grasp creating secure applications. Thinking like hackers helps give students more insight into the people they'll be responsible for thwarting in the future. And businesses should want professionals who can proactively address security, because it will ultimately save money down the line.

"The cost of remediating security vulnerabilities is far higher in production settings than in development or staging. Teaching developers how to program securely from an early stage helps to reduce data breaches and costs associated with resolving production issues," says Taylor.

It's also about building a creative approach to cybersecurity so students understand it's not just about the technical aspects. The reality is that even with all the right "hard skills," understanding how to prevent attacks that haven't even happened yet requires out of the box thinking.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.