Academia tries to ease shortage of cyber sleuths
Degree programs being set up to meet huge demand for cybersecurity experts
By Rodika Tollefson, ThirdCertainty
The escalation in data breaches in the past few years has created an extreme demand for cybersecurity professionals, especially for jobs like analysts. And academia is paying attention. New cybersecurity degrees are being launched throughout the United States, from associate level to advanced.
In a study commissioned by the (ISC)2 Foundation, Frost & Sullivan estimated the need for cybersecurity workers to reach 6 million by 2020 in the United States. But that will far outpace supply, as the work force is projected at under 4.5 million.
“The demand has clearly gotten ahead of supply,” says Robert R. Ackerman, Jr., managing director and founder of Allegis Capital, one of the leading investors in cybersecurity companies.
The demand is due not only to the number of attacks, Ackerman says, but also to the low level of automated response.
“The growth in demand is simply unprecedented,” he says. “This is driving significant impact on investment at the college level—two- and four-year programs—to increase qualified cybersecurity graduates.”
The shortage of cybersecurity workers is especially putting pressure on the public sector, which pays thousands of dollars less for the same job. So government agencies are trying to find other ways to compete.
As one example, the National Science Foundation recently awarded $2.2 million to the Johns Hopkins University’s Information Security Institute for scholarships for graduate students. The grant is part of the Federal CyberCorps: Scholarship for Service Program, which requires recipients to work at a government agency after graduation.
“There’s a tremendous amount of competition to attract graduating students in cybersecurity jobs,” says Anton Dahbura, executive director of the Information Security Institute.
Challenges for academia
On the surface, an entry-level cybersecurity job should be enticing. Not only are graduates snatched up by employers immediately, their starting salaries could push close to six figures.
The supply of qualified students can be a challenge, however.
Johns Hopkins attracts a good number of potential students thanks to its reputation—the institute was one of the first cybersecurty research centers in the United States. But the master’s degree program is competing for undergraduates with companies experiencing a work force shortage.
“Students with relevant undergraduate degrees are immediately being taken by employers,” Dahbura says.
The same is true for two- and four-year programs: Many are seeing students not finishing their degrees or not moving on to advanced ones because they’re getting job offers as soon as they receive industry certifications.
“We sort of came late to the party,” Sierra College (Calif.) information security professor Steve Linthicum says of cybersecurity education.
Making up for lost time
But academia is catching up. As one example, Sierra College hosted CyberPatriot Summer Camps recently for middle and high school students. Linthicum also is a regional administrator for a grant that pays for high school teachers to receive training and create new cybersecurity courses that align with the college curriculum.
“We’re starting to see an impact (from all those efforts),” he says.
Another challenge for academia, according to Allegis Capital’s Ackerman, is the fact that experience is as critical as education, even for entry-level cybersecurity jobs.
“The more they’re in the trenches, the more refined their skills become, so there’s an apprenticeship aspect that’s required,” he says. “We’ve got to figure out how to inject that spirit of apprenticeship into the academic curriculum.”
It doesn’t help that the industry is male-dominated, either. Kayla Heard, who is studying cybersecurity at Bellevue University (Wash.), says her classmates are mostly men.
“I hope data security becomes more noticeable in mainstream media so women become more interested in it,” Heard says. “It’s a fascinating field. I hope more people in my generation start to study it.”
Community colleges take lead
Being nimble is a requirement not just for the practitioners, but also for those training them.
And Linthicum believes that community colleges, in particular, are well-positioned to adapt to the changing demands of the industry.
“If we feel the need to create a new course or adjust the course, I can get that through curriculum in two months. At a university, it just doesn’t happen,” he says. “We’re able to react quickly.”
One of two community colleges in Washington designated as a Center for Academic Excellence under the National Security Agency and Department of Homeland Security, Highline College introduced a four-year applied degree last year in cybersecurity and forensics.
Ackerman says one aspect that will help the industry catch up is an increased level of automation, which will take some pressure off the human side. But, he notes, there’s also an asymmetry between the resources and manpower required by the bad actors vs. the good actors.
“The bad guys only have to be right every once in a while and the good guys have to stop the bad guys every time,” Ackerman says.
“A small group of bad guys could require a massive group of good guys to defend against them,” he adds. “As we get more people trained, what we’re talking about is more bandwidth to deal with this asymmetric threat.”
More on cybersecurity:
Security & Privacy Weekly News Roundup: Stay informed of key patterns and trends
Now hiring; Anyone? Anyone?
Worsening IRS hack shows cybersecurity too low a priority