Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.
If you wanted to hire someone to help boost cybersecurity efforts, who would you look to? For many, the obvious answer would be those with computer and information science degrees. The problem is that the graduates who majored in computer science or an IT-related field may not have received the in-depth training and education that makes them adequately prepared to handle today’s cybersecurity challenges.
The more connected organizations become, the more vulnerable it makes them. And as cyberthreats become more aggressive and intelligent, so must the professionals responsible for handling them. But the number of people who possess the skills and high level of training to excel in this department are sparse. And America’s higher education system may be, at least partly, at fault.
U.S. universities not prioritizing cybersecurity
CloudPassage, a cloud security company based in California, recently examined 122 United States colleges and universities with the leading computer and information science programs, a list it accumulated from rankings made by U.S. News & World Report, Business Insider and QS World.
“As cyberthreats become more aggressive and intelligent, so must the IT pros who handle them.”
It looked at what courses were offered in cybersecurity and what the requirements were for students to major in computer science or information assurance. And the findings suggested that America’s higher education systems are not giving students the training and skills they need to properly fulfill cybersecurity roles. In fact, of the top 10 programs ranked by US News & World Report, it was found that not one of them required students to take a course in cybersecurity to graduate.
This demonstrates an obvious lag in college curriculums keeping pace with the rapidly evolving needs of cybersecurity and indicates that institutions of higher education in the U.S. can and should be doing more to adapt to the growing challenges and complexities of IT today.
Lack of training contributing to threat vulnerability
As CloudPassage pointed out, educators are “failing computer science students by deprioritizing cybersecurity training” and “are inadvertently contributing to the lack of cybersecurity readiness in the U.S.”
It is not just corporations that are at extreme risk, either. Even the federal government is becoming increasingly exposed to cyberthreats. According to Reuters, government agencies have been hit hard by hackers in recent years and have struggled to find a way to defend against them. Last year, the source revealed, more than 21 million people were affected by a data breach at the Office of Personnel Management alone. And over the last 12 months, SecurityScorecard has identified 35 major government data breaches.
Not only does the source suggest that the shortcomings of America’s education systems play a role in today’s security vulnerabilities, but that they may also be to blame for the skills shortage. Cybersecurity is becoming a priority among nearly all corporations and government agencies. IT and security professionals are in high demand now and that trend will only intensify as the Internet of Things continues to dominate.
“Our research reinforces what many have been saying: there is an incredible IT security skills gap,” CloudPassage CEO Robert Thomas said in the press release. “But what we’ve revealed is that a major root cause is a lack of education and training at accredited schools.”
Preparing today’s professionals for IT needs
Businesses should also consider what role they play in this issue. The lack of highly skilled and trained cybersecurity professionals may not be their fault, but it is their responsibility to do what they can to to bridge the talent gap and take proactive measures to ensure IT teams are educated and prepared. For example, by providing workers with access cybersecurity training programs, they can improve their capabilities of securing systems and processes against threats.
“Lack of cybersecurity skills may not be a businesses fault, but it is their responsibility to fix.”
This generation, as well as future ones, need to be trained in the best cybersecurity practices. It likely won’t be long before it is a requirement for students, whether looking to be software developers, engineers, programmers, or another IT profession, are required to take some course in cyber security. But in the interim, it will be up to businesses and individuals to seek and obtain the education, training and certifications needed to excel in cybersecurity. Doing so makes professionals more valuable and gives organizations a competitive advantage.
Traditionally, people may have assumed that the ideal place for cybersecurity training and education would be at Ivy league schools or universities that have top-ranked computer and information science programs. However, the CloudPassage study suggested that, at least for now, these may not be the best institutions to turn to.