Technology companies and higher education students are seeking more academic pathways for students to enter the cybersecurity workforce, pushing universities to expand their curricula.
One strategy is to develop industry partnerships with technology companies like IBM. These collaborations provide universities with additional funding and key insights into what these companies are looking for in future employees.
For a picture of what universities can do to improve their cybersecurity education curricula, EdTech spoke with Heather Ricciuto, academic outreach leader for IBM Security.
EDTECH: What will be the focus for cybersecurity education in 2019?
RICCIUTO: Overall, I think the same themes that were prevalent in 2018 will continue. The cybersecurity skills gap is so large, we just have to continue to be deliberate in our approach to addressing it.
Heather Ricciuto, academic outreach leader for IBM Security
There is not one single approach that is going to be the most effective, so we should continue to look for new ways to educate students and new places to tap into talent.
For example, many enterprises have historically focused on hiring from four-year institutions. With the size of the skills gap, particularly in cybersecurity, we can no longer afford to do that. For the past couple of years, IBM has been quoting a projected skills gap of over one million open and unfilled positions by 2022.
However, the latest report from (ISC) 2, a nonprofit, cybersecurity organization, indicates there are already 3 million globally open positions. There is no way you can fill all those positions if you are only recruiting at four-year schools, because there are not enough students graduating from cybersecurity-related programs.
We are also trying to build awareness among the general population about career opportunities in cybersecurity. Many students do not know cybersecurity is not just for computer science students. Humanities students must also have some understanding of cybersecurity, because the reality is that most enterprises today are going to experience some type of cyberattack. It is unfortunately inevitable, and we all need to understand how to respond.
EDTECH: What should universities be investing in now to prepare their students for the cybersecurity workforce?
RICCIUTO: Hands-on skills are really critical for a cybersecurity professional. One area we are seeing some schools invest in is the development of labs where students can practice. Hosting competitions is another great solution. One of the things that we do at IBM is sponsor cybersecurity competitions like the Collegiate Penetration Testing Competition.
As far as hardware and infrastructure go, at IBM we offer a number of resources at no charge for use in the classroom. I naturally encourage everyone to look at all of those resources. That includes the IBM academic initiative, which is not limited to security. There are a number of teaching topics you will find in our academic initiative, like cloud and quantum and blockchain.
When it comes to security specifically, we have our IBM Security Learning Academy, which offers a range of courses and some hands-on labs that can be done online. I have also recently been talking to a few schools in North America specifically about the use of IBM’s QRadar in the classroom.
It is a tool that encompasses everything — it is the centerpiece of security infrastructure. Schools are interested in using QRadar in student labs to offer relevant, hands-on exercises.
EDTECH: How can universities approach students about entering the cybersecurity workforce?
RICCIUTO: One thing that I always focus on in any discussion with students is the fact that not everybody in cybersecurity is a hacker or a coder.
Yes, many are. Hacking and coding are some very sought-after skills. However, in this industry we need people with all sorts of skills, whether they are related to law or human resources or another relevant focus in the humanities.
Dispelling the myth that all cybersecurity professionals are hackers or coders means building awareness of the need for a vast array of people in this industry. Once you openly have that discussion with students, their eyes really light up because the opportunities in their own minds are opened.
I hear people say to me they cannot enter the cybersecurity industry because they are not technical. You do not necessarily have to be deeply technical. You just have to have a passion for making a difference, learning new things and making the world a safer place.