Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

11/22/2016
10:30 AM
Mike Baukes
Mike Baukes
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Raising The Nation's Cybersecurity IQ: 'Learn To Code'

We need to ensure that the students of today are prepared for the security challenges of tomorrow.

"Learn to code." In recent years, this has been the mantra of educational modernization.  

The ability to understand and mobilize information technology remains vital, but the goal line has been moved. It's no longer enough to understand basic technical literacy — we must make sure that our students are prepared to tackle one of the greatest issues of our time: cybersecurity.

The cybersecurity skills shortage is well known to employers — there is a shortfall of around 1.6 million cybersecurity professionals. To help with this, the National Security Agency recently launched a Day of Cyber initiative in Virginia to run a statewide program to help students learn the skills of cybersecurity professionals and explore career opportunities in the field. The program, which began in late October and runs through March 2017, allows students to take part in real-life virtual cybersecurity scenarios and receive a Cyber Resume and NSA Certificate of Completion.

This kind of initiative is vital, and more states and schools must step up efforts to solve this critical national shortfall. Cybersecurity is one of the major issues of our time — it's a skill we should have collectively developed yesterday but we must invest in doubly today.  

The industry's surging need for cybersecurity professionals certainly isn't up for debate. In 2015, over 209,000 cybersecurity jobs went unfilled, and industry job postings are up 74% over the last five years. For better or worse, the countless breaches over the years have spawned a booming industry — cybersecurity is expected to be a $170 billion market by 2020.

Despite the huge need for these professionals, our education system has yet to instill a framework for adequately preparing students to take on these jobs. For instance, 75% of IT decision makers surveyed in a recent Intel Security report noted that the government was not investing enough in cybersecurity education to sufficiently tackle the challenge. Some private companies have tried taking the helm instead — Cisco, for instance, just launched a $10 million scholarship aimed directly at filling the void in cybersecurity professionals.

If you're someone who already majored in a non-STEM (science, technology, engineering, and mathematics) field, this enormous opportunity is still open to you. As with computer programming, even if you aren't fluent in the language, you still need conversational proficiency — what we refer to as "cyber literacy." The most common reasons for data breaches are phishing and social engineering, which are relatively low-tech attacks that prey on people's carelessness and naïveté. Every person in a company is a security risk, and whether they're administering databases or taking coffee orders, candidates who understand common threats are vastly more valuable than those who expose a business to catastrophe.

The opportunity to capitalize on the cybersecurity boom is even bigger for those who aren't already technology savvy. The biggest hiring blocker for cybersecurity professionals is knowledge of the business. Back in 2014, 50% of organizations reported that fewer than half of the candidates they looked at were considered qualified. In 2015, that went up to 59% of respondents noting the lack of qualification of half of the job candidates. This shows that post-grads who complement existing skills with a cybersecurity mindset could successfully enter the market.

The constant threat of breaches and cyberattacks is real and growing. If today's students — and those already within the workforce — want both job security and a way to contribute to a critical part of the technology industry, then studying and developing skills in cybersecurity isn't just an elective. It's an imperative.

Related Content:

Mike Baukes is co-founder and co-CEO of UpGuard, a cyber resilience company based in Mountain View, California. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/29/2016 | 1:16:55 PM
Re: Cyber security
@Dr.T: Respectfully, I very much disagree.  The "shortage" of cybersecurity people is a mostly false one.  The real problem is age discrimination and companies not wanting to pay IT people what they're worth.

Instead, what a lot of companies do is offer salary packages that are far below market rate and then whine to the government that there's a shortage so that they can get H1-B and L-1 Visas approved for cheap overseas labor to be brought in.  Then they lay off their existing workforce (but not before having the people they're laying off train their replacements).

Rinse and repeat.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/29/2016 | 1:13:05 PM
filmy religijne
@Dr.T: Ignore it--and don't click.  It's spam/phishing.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/29/2016 | 1:11:52 PM
Re: Even w/o specific infosec education...
@Dr.T:

>they get better understanding what might be the problem.

And, for that matter, preventing problems in the first place.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 12:01:41 PM
Cyber security
I agree, we are in shortage of Cyber security staff, this was not the case not long ago. These recent attacks scared people quite well.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 12:01:06 PM
Re: filmy religijne modlitwa o cud
What exacly are you refering to?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 12:00:08 PM
Re: Even w/o specific infosec education...
" fancy GUIs we have now"

Another good point. Even Linux is more GUI then not anymore. Things become easier of course.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 11:57:24 AM
Re: Even w/o specific infosec education...
"Even without a specific focus on cybersecurity, learning to code is good for general "

I agree. Coding provides more insight into security of the systems, they get better understanding what might be the problem.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 11:55:23 AM
Learn to code
 

Learn to code becomes popular among younger generation simply because we figured out to make it very simple to code and most people would like to build something and interact with it.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/28/2016 | 9:55:42 AM
filmy religijne modlitwa o cud
It's actually a cool and useful piece of information.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/25/2016 | 5:37:40 PM
Even w/o specific infosec education...
Even without a specific focus on cybersecurity, learning to code is good for general cybersecurity awareness because it compels people to know more about what's going on with their machines -- as opposed to simply blindly going along for the ride with all the fancy GUIs we have now.
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.