From: Infosecurity-Maganzine.com
(ISC)² US Government Advisory Board Executive Writers Bureau
When it comes to educating the current and future information security workforce, the (ISC)² US Government Advisory Board Executive Writers Bureau asks: Where are universities in the flow?
The explosive growth in the number, complexity, and impact of cyber threats in recent years has greatly increased the demand for highly skilled cybersecurity professionals to protect sensitive information and defend public and private information systems and networks. The 2013 (ISC)² Global Information Security Workforce Study projects there will be 4.2 million information security professionals by 2017, representing a compounded annual growth rate of 13.2%.
It’s encouraging that so many professionals are entering the market, but to overcome the global cybersecurity skills shortage and ensure a healthy future workforce, universities will need to scale their capabilities to meet the growing demand.
In response, academia has dramatically increased the number of centers and courses that focus on cybersecurity. For example, in the US, the NSA/DHS-sponsored National Centers of Academic Excellence alone have grown to over 160 institutions since their inception just over a decade ago. While some of these institutions have developed comprehensive academic programs around cybersecurity, others have merely added minor overlays that only touch on cybersecurity within their current curriculum. Ultimately, there remains a gap in helping prospective professionals move from their educational path into the workforce, with the instincts and skills that the market demands.
Keeping Pace
The reason for the imbalance between what traditional academic programs are able to deliver and what the current hiring needs of organizations call for is multifaceted and complex. “We feel that the real cause of any shortfall in supply of cybersecurity trainees is the fact that cybersecurity is not well understood as a career option among younger people seeking university degrees”, says Chez Ciechanowicz, course director for the Information Security Group at Royal Holloway, University of London. Along with an awareness problem, there are several additional challenges that hinder colleges and universities from playing a larger role in meeting today’s demand for cybersecurity expertise.
First, college and university degree programs are not inherently structured in such a way to provide graduates with current expertise rapidly enough and with content that is fresh enough to meet today’s demand. “What tends to happen is that industry looks very short-term and looks for specific ‘training’ rather than a good ‘education’, and this is particularly true in a fast-changing subject”, observes Kevin Jones, head of Computer Science and deputy dean for the School of Informatics at City University London.
The current cyber environment is more dynamic than traditional programs can accommodate, such that the pace of curricula updates for formal bachelor and master degree programs cannot keep up with the rapidly evolving cybersecurity requirements of public and private organizations. In some cases, there is a tension between long-term educational goals and short-term industry training needs.
Leave a Reply