Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

2/17/2017
12:00 PM
Kyle Martin
Kyle Martin
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Closing The Cybersecurity Skills Gap With STEM

As a nation, we should be doing more to promote educational programs that prepare today's students for tomorrow's jobs.

The growing number of cybersecurity threats and attacks expose the importance of engaging students in hands-on learning. Not only are cybersecurity threats increasing, they're also becoming significantly more complicated.

Unfortunately, the number of skilled cybersecurity professionals isn't keeping up. According to a report from Intel Security and the Center for Strategic and International Studies, 209,000 U.S. cybersecurity jobs went unfilled in 2015.

Educational institutions from grade schools to universities can correct this problem by broadening hands-on classroom learning to address the need for well-trained cybersecurity professionals.

Here are five ways we can begin closing the cybersecurity skills gap:

1. Integrate STEM Education in Grade School
Active, hands-on STEM (science, technology, engineering, and math) learning complements traditional learning by offering a way for students to apply textbook concepts to real-life problems. And there's proof that it works: A study released by the Amgen Foundation and Change the Equation shows students want more tangible learning opportunities. Survey respondents said common teaching methods, such as teaching exclusively from a textbook, are less engaging than hands-on methods. The survey also found that hands-on learning, such as experiments and field trips, are the most effective way to engage students.

The survey also found the following:

  • 81% of students are interested in science, with 73% expressing an interest specifically in biology.
  • Students who are interested in biology classes identified their teachers and classes as the most influential to their career decisions.

On a national scale, the U.S. government aims to increase STEM awareness through programs such as the National Initiative for Cybersecurity Education, which lets teachers access a variety of resources to help them develop STEM-related curricula. By introducing and promoting cybersecurity and STEM education early on in the classroom, students learn to address real social, economic, and environmental problems, and seek necessary solutions.

2. Equip College Students with Cybersecurity Skills
The Comprehensive National Cybersecurity Initiative is a government program that identifies goals to create a more comprehensive, updated national cybersecurity strategy. A key component of this initiative is expanding cyber education and placing courses in K-12 schools to create technologically skilled, cyber-savvy students. However, putting this kind of program in place would require another national strategy like the science and math education initiative of the 1950s.

Even though there isn't a nationwide program to promote cybersecurity in K-12 schools, one high school is preparing its students for a lucrative STEM career. King William High School in Virginia offers a four-year track to help students build the fundamental skills necessary for entry-level employment in the cybersecurity field. The program's students can graduate from high school with industry-recognized certifications and valuable cybersecurity skills.

Universities across the country are also starting to take notice of the increasing interest in cybersecurity, and many computer science degree programs are offering cybersecurity as a specific concentration. Students studying computer science often focus on information assurance and computer security, specifically learning about designing systems and strategies that safeguard information. Typical course topics include computer security, digital forensics, and machine learning.

Through partnerships or internships, STEM students have the opportunity to work with industry partners to gain real-world experience. For example, the Department of Homeland Security has a Cyber Student Volunteer Initiative in place for summer internships. This program gives undergraduate and graduate students the opportunity to work alongside leaders in the DHS, gaining valuable experience from work projects, real-life scenarios, and mentoring from DHS cybersecurity professionals.

Many cybersecurity internships look for students enrolled in a cybersecurity-related field, in STEM or computer science. Additionally, any experience students can get (such as working as a teaching assistant) will help set them apart while applying for internship opportunities. If students aren't sure where to find these internship opportunities, they can also consult their college's career center.

3. Drive Awareness of Cybersecurity Jobs
Studies show most millennials aren't aware that jobs in cybersecurity even exist. Government, businesses, and our education systems must collaborate and thoroughly train the future generation of cyber defenders. Because many STEM colleges now offer cybersecurity as a degree concentration, driving awareness of these programs is key to increasing the pool of skilled workers.

But it's not enough to increase the awareness of these jobs; you must be able to attract the talent that you need. Along with attending career fairs, businesses should find ways to attract digitally savvy college graduates. Many recent graduates list flexible scheduling, ongoing education, and continuous feedback as important factors when deciding on a job offer. If companies can tailor their programs to reflect what potential employees are looking for, they could attract and keep top-tier talent.

Technology company CSRA recently opened its Integrated Technology Center in Bossier City, Louisiana, with the goal of helping the federal government fight cyber terrorism. The company boasts an internship program in which about 85% of their interns stay on for a full-time job after graduation.

4. Instruct with Industry Tools and Technology
As new technology emerges, much of cybersecurity remains uncharted territory. However, implementing industry tools and technology into a student's curriculum can be the solution we need to thwart new, unfamiliar threats.

To train students more effectively, many universities now offer cybersecurity labs with cutting-edge equipment like comprehensive risk assessment, incident management services, and encryption simulations.

5. Training the Current Cybersecurity Workforce
Industry, governments, academia, and nonprofits should work together to aggressively address the need for a skilled cybersecurity workforce. The U.S. Bureau of Labor Statistics says the demand for cybersecurity professionals will grow 53% by the end of 2018. To successfully prepare our workforce, we must upgrade our current cybersecurity professionals by providing on-the-job training and improving cybersecurity education programs.

Related Content:

Kyle Martin brings 11 years of storytelling experience to the content coordinator position at Florida Polytechnic University. In this role, Martin develops original content that showcases the university experience as a way to attract new students and faculty. He also lends ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jeffluszcz
50%
50%
jeffluszcz,
User Rank: Apprentice
3/1/2017 | 1:59:37 PM
Cybersecurity is a basic life skill
I really like the point about starting cybersecurity in grade school. This is a basic life skill for people in the 21st century. Even 5 and 6 year olds are making security choices for the entire household.

 
JustinS40501
50%
50%
JustinS40501,
User Rank: Apprentice
2/17/2017 | 3:20:03 PM
Nonprofit Orgainizations are especially in need of consultants and cybersecurity tools.
Orgizations developed primarily for the public good are particularly at risk and devoid of expertise and best practices.  Cybersecurity firms of the future should take special care of these orgainizations as well as the anaylitics that can be gleaned from common interests and public information. 
JustinS40501
50%
50%
JustinS40501,
User Rank: Apprentice
2/17/2017 | 3:19:58 PM
Nonprofit Orgainizations are especially in need of consultants and cybersecurity tools.
Orgizations developed primarily for the public good are particularly at risk and devoid of expertise and best practices.  Cybersecurity firms of the future should take special care of these orgainizations as well as the anaylitics that can be gleaned from common interests and public information. 
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...