Technology is all around us. From our homes, schools, businesses – even in transit. We rely on technology to ensure, for example that critical infrastructure is provided so we can lead healthy, productive and safe lives. Technology continues to advance, but with new tech comes a number of threats and vulnerabilities tied to them. The need to protect sensitive information from unauthorized users and hackers becomes urgent, particularly as hackers find new and sophisticated ways to target cybercrime victims. That’s where cybersecurity comes in. This article will address the shortage of skilled cybersecurity talent to fill a large swath of jobs in the field. It will also demonstrate the importance of cybersecurity for students and how it can change the education sector.
What Is Cybersecurity?
Before we go any further, anyone pursuing an education should know the basics of cybersecurity and why this field is of great importance. According to CISA, cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use. Cybersecurity also includes the practice of ensuring confidentiality, integrity, and availability (CIA) of private, sensitive information. One thing everyone is learning is that cybersecurity is indeed shaping the way our businesses operate.
Cases of cybercriminals gaining access to systems and stealing sensitive information are increasing year-over-year. Cybersecurity is what helps organizations, entities and institutions prevent these hacks and protect data from malicious players. Cyberattacks are an embryonic threat to organizations, personnel and users. They may be created to access or wipe out sensitive data and steal money. These can ruin businesses and harm financial and personal lives.
An effective cybersecurity approach adds numerous layers of security across computers, devices, networks and IT infrastructure. However, a solid cyber security system doesn’t rely exclusively on cybersecurity tech tools. It relies on a combination of people, processes and technology with CISOs, security experts and architects making the right decisions.
Cybersecurity Becoming the Fastest Growing Field in IT
Cybersecurity is becoming one of the fastest growing industries in the world to the point that the need for postings has outpaced the amount of skilled people. IBM reported on a Burning Glass statistic that the number of cybersecurity-related job posts has seen a 94% upturn in just six years, vs. the increase in IT job growth at 30%. That’s a 300% demand increase. According to the US Bureau of Labor Statistics, the projected Information Security Analyst job outlook from 2018-2028 is 32% – much faster than average.
It is becoming clearer that organizations of all sizes must treat cybersecurity as a priority and follow security and compliance rules to protect their data. Despite the demand, students in grades 9-12 – the time when most young adults make critical decisions on their career interests – may not have adequate preparation for a career in cybersecurity.
The education track for a professional in cybersecurity is not as straightforward as other fields and professions, say, such as medicine. There is a lack of schooling on cybersecurity for K-12 and at the university levels. In fact, educators are hard pressed in the current state to prepare students for a career in cybersecurity.
Technology is an essential part of a STEM education, which comprises of four disciplines — science, technology, engineering and mathematics. Schools must safeguard our cyberspace for the future by incorporating cybersecurity with K-12 and college STEM education. A challenge lies on the end of educators.
For example, according to the 2019 Cybersecurity Career Paths and Progression report authored by CISA, “ … findings published in an early education and development online journal, surveying 67 Head Start classrooms, [indicated] teachers’ self-efficacy was lower for STEM (Science, Technology, Engineering, and Mathematics)-related subjects, i.e., science and math, which results in these educators feeling not adequately prepared to teach these subjects.”
Cybersecurity Education at the University Level
The integration of cybersecurity-related courses in various university curriculums is becoming an emerging topic on the tip of everybody’s tongues. University level education is having some issues adding a more diverse cybersecurity curriculum to their STEM programs. Due to a lack of funding for growth expansion, cybersecurity researchers are not motivated to write textbooks, journals or continue research.
Even if those resources existed, there is always the question of what should be taught since the skill set of potential software developers will vary. Some look at the role of university cybersecurity courses as teaching antagonistic thinking. Yet others believe these courses should concentrate on philosophies and concepts that create capability and authority to build secure systems.
Importance of Cybersecurity Curriculum and What the NICCS is Doing About it
The progression of a university-level cybersecurity curriculum is being inhibited by the philosophy and ideals that are pervasive in universities as well as an overall lack of knowledge. A shift is needed on all these borders. The National Initiative for Cybersecurity Careers and Studies NICCS offers resources that can help academics to adapt to the change. The NICCS provides:
- Project-driven Curricula – lesson plans, assessments and other K-12 STEM-related academics
- Professional Development – in STEM, cyber, and computer science
- Programs – for middle school and high school students, which extend beyond the academic year
Educause, which advocates for advancement of IT initiatives in higher education, provides support for information security governance, compliance, data protection, and privacy programs. Educause also ensures that higher education can accurately assess institutions from an information security risk assessment perspective. Read the report The Successful Security Awareness Professional for a summary of the educational levels of security professionals.
Meanwhile, universities are starting to rollout their own cybersecurity degree programs. For example, beginning in the fall of this year, the University of Alabama will now offer a bachelor in cybersecurity. Dr. Susan V. Vrbsky, interim head of the computer science department, stated, “As a result [of the increased demand for security] experts are predicting an unprecedented growth in demand for cyber security experts, with many jobs remaining unfilled because of the lack of a properly trained workforce. Our cyber security students will gain the knowledge and training needed to keep data, software and hardware protected.”
Why Threat Modeling Should Be Integrated into Education Curriculum
Threat modeling is certainly an activity that should be taught in any academic setting. Threat modeling can help an organization to inform their security posture, by identifying the threats and vulnerabilities that escalate risk. Threat modeling has evolved over the past decade thanks to ThreatModeler. The pioneering platform helps organizations of all sizes to automatically identify all potential threats and vulnerabilities, then inform stakeholders on mitigation strategy.
ThreatModeler differentiates itself as a reliable platform that helps DevSecOps teams to achieve operational efficiency, collaborate on application development and make informed security decisions. ThreatModeler stands out from other threat modeling tools by integrating education within its platform. The ThreatModeler Academy provides security experts and non-experts with the know-how to perform threat modeling. To learn more about the ThreatModeler Academy fill out a form to contact our team for more information. You can also visit our ThreatModeler Academy web page.
Tech Accord Webinar Featuring ThreatModeler
Register now for an upcoming webinar presented by the Cybersecurity Tech Accord, which takes place on Wednesday, February 26, 2020 at 1 pm ET. The webinar, presented by Alex Bauert, Sr. Director, Threat Research Center at ThreatModeler, is titled “How to Achieve Secure CDLC through Threat Modeling.” As more organizations migrate to the cloud, secure Cloud Development Life Cycle (CDLC) begins as early as the design and planning stages.
We will explain the value of threat modeling to create a CDLC diagram to map out the attack surface, identify security threats and requirements, and strategize on threat mitigation. We will also highlight architecture pattern standards, and offer guidance for vulnerability management assessments.