Security Education K Through Life

InfoSec professionals of the future need access to the right education and tools early on and throughout their entire work life.

W. Hord Tipton, Contributor

October 10, 2014

4 Min Read

Cybercrime will never be completely eradicated. As with any criminal endeavor, there will always be those who choose to travel a darker path. However, the information security industry as a whole can and should do a better job of educating and training curious, innovative people who will help us quickly bounce back from an attack and -- more importantly -- be able to predict and prevent vulnerabilities and attacks before they happen.

Who are these people? They are close at hand yet surprisingly out of reach. Today, children are inundated with technology starting in the crib, but they don’t receive the security training they need starting in the crib. It’s unfortunate, but technological advancement necessitates a trade-off of innocence. Kids can’t just plop down in front of video games anymore, because their new devices, whether consoles, computers, tablets, or smartphones, now let strangers directly into their homes.

In the same way we train children not to accept rides from strangers, we now must teach children from an early age, at home and at school, to protect their passwords and avoid phishing scams. Information security is a lesson that should be taught from kindergarten through life. It is critical that we reach children in their formative years, at the same time we are teaching them right from wrong, to teach them the basic cybersafety skills that will inform the rest of their lives, regardless of the careers they choose. As the most vulnerable segment of society, children must learn to protect themselves.

Lighting the path to an InfoSec career
The information security professionals of the future don’t have access to the right education and tools early in their lives. Teachers and guidance counselors don’t yet know enough about the information security industry to properly direct curious students. Right now, these up-and-coming hackers are mostly self-taught. They get a thirst for cyberknowledge and seek out the dark corners of the Internet to learn what they can’t find out in computer class.

But what if we could illuminate the career path of an information security professional for them? Careers in information security are both challenging and rewarding; at the same time, they are also lucrative, with pay continuing to rise across the board for all disciplines. And as we have seen, information security professionals are in demand. Reaching students at this early age would allow us to cultivate more white hats and eliminate future black hats before they have a chance to go bad.

There is a hunger for information security knowledge and collaboration at the college and university level that didn’t exist 10 years ago. Simply getting a degree isn’t enough to prepare anyone to enter the workforce; you need experience. By partnering with schools to provide more internship programs, incorporate relevant training into class work, and create more industry-academic content, businesses can improve future IT professionals’ ability to combat ever-changing cyber security threats. Immersive programs that blur the line between the college environment and the workforce will better prepare students to be lifelong learners and participants in continuing education, the type of visionaries who can stem the tide of cyberattacks and anticipate vulnerabilities before they are exploited.

Paying it forward
Once IT professionals are in the workforce, continuing education could be their most valuable asset. Technology changes so quickly that a college degree is outdated by the time the ink dries on the diploma. Through continuous education, though, you should be getting the equivalent of a new degree every four years. If your organization doesn’t currently invest in continuing education, you must advocate for it yourself. And even if you can’t get your boss to sign off on additional classes, training, or certifications, it is still important to keep learning.

Businesses that take continuing education seriously will outpace those that don’t. Even if your current company doesn’t see its point, improving your knowledge and skills is the only way to prepare yourself to work for someone who does. Be curious. Get certified. Network with your peers. Continue your education. And pass on your knowledge wherever you can, whether it’s to the non-IT side of your organization or to a local grade school. You can start by teaching the cybercops of tomorrow to use strong passwords.


About the Author(s)

W. Hord Tipton


W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, is currently the executive director for (ISC)2, the not-for-profit global leader in information security education and certification. Tipton previously served as chief information officer for the U.S. Department of the Interior for over five years. Mr. Tipton can be reached at [email protected].

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights