A recent study identified a disturbing trend in American higher education: None of the top 10 undergraduate computer-science programs in the United States — and only three of the top 50 — require students to take a single course on cybersecurity as a prerequisite for graduation.
The University of Alabama was the exception as the only one of more than 120 schools examined by the IT-security company CloudPassage that requires computer-science majors to take three or more cybersecurity courses.
“I wish I could say these results are shocking, but they’re not,” CloudPassage CEO Robert Thomas said of the study’s findings. “With more than 200,000 open cybersecurity jobs in 2015 in the U.S. alone and the number of threat surfaces exponentially increasing, there’s a growing skills gap between the bad actors and the good guys.”
The study comes at a time when cybersecurity is — or should be — top-of-mind for businesses and government entities alike. At the federal government level in particular, where the threats from organized criminals, terrorists and hostile nation-states is especially potent, ensuring that federal employees possess the training and skills necessary to keep data safe and secure is imperative.
A 2015 Government Accountability Office report identified cybersecurity as one of six government-wide occupations facing a “mission-critical” skills gap that poses “a high risk to the nation.” That skills gap led Office of Personnel Management acting Director Beth Cobert in April to announce a plan “to develop a government-wide strategy to address the root causes” and close the gap in both the short and long terms.
In the short term, continuing education for current employees is an important part of staying ahead of cybersecurity trends. According to a report in the Federal Times, the National Initiative for Cybersecurity Education released a three-point plan in April to “drive future development of … the government’s education efforts.” The plan’s goals include accelerating learning and skills development, nurturing a diverse learning community, and guiding career development and workforce planning.
The U.S. Navy is investing $26 million over the next three to five years in its own cybersecurity training program, according to FierceGovernmentIT. Expect more departments and agencies to invest in continuing-education programs in the coming months and years as well.
In addition to on-the-job training to address short-term needs, the long-term plan should focus on reaching tomorrow’s cyber-warriors today, while they’re still in school. We need to be finding new and creative ways to get students interested in cybersecurity at an early age, and to understand the kind of career opportunities available to them — in both the public and private sectors — if they study it.
For that reason, many in and out of government say cybersecurity should be a universal concentration option for computer science and information-technology programs at the collegiate level.
Moreover, with expertise in cybersecurity, graduates would find themselves in high demand and thus able to write their own employment ticket. (With many of them facing a mountain of student-loan debt upon graduation, that’s got to provide a measure of reassurance for them — and their parents.)
Indeed, there’s a growing consensus in business, industry, government and academic circles that there’s no such thing as “too early” when it comes to exposing our young people to cybersecurity and educating them in that field.
“It’s not good enough to tack cybersecurity on as an afterthough anymore,” CloudPassage’s Thomas noted. “This is especially true as more smart devices become Internet accessible and, therefore, potential avenues for threats.”
By Paul Norton, director of government sales for ID Experts.