Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

11/22/2016
10:30 AM
Mike Baukes
Mike Baukes
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Raising The Nation's Cybersecurity IQ: 'Learn To Code'

We need to ensure that the students of today are prepared for the security challenges of tomorrow.

"Learn to code." In recent years, this has been the mantra of educational modernization.  

The ability to understand and mobilize information technology remains vital, but the goal line has been moved. It's no longer enough to understand basic technical literacy — we must make sure that our students are prepared to tackle one of the greatest issues of our time: cybersecurity.

The cybersecurity skills shortage is well known to employers — there is a shortfall of around 1.6 million cybersecurity professionals. To help with this, the National Security Agency recently launched a Day of Cyber initiative in Virginia to run a statewide program to help students learn the skills of cybersecurity professionals and explore career opportunities in the field. The program, which began in late October and runs through March 2017, allows students to take part in real-life virtual cybersecurity scenarios and receive a Cyber Resume and NSA Certificate of Completion.

This kind of initiative is vital, and more states and schools must step up efforts to solve this critical national shortfall. Cybersecurity is one of the major issues of our time — it's a skill we should have collectively developed yesterday but we must invest in doubly today.  

The industry's surging need for cybersecurity professionals certainly isn't up for debate. In 2015, over 209,000 cybersecurity jobs went unfilled, and industry job postings are up 74% over the last five years. For better or worse, the countless breaches over the years have spawned a booming industry — cybersecurity is expected to be a $170 billion market by 2020.

Despite the huge need for these professionals, our education system has yet to instill a framework for adequately preparing students to take on these jobs. For instance, 75% of IT decision makers surveyed in a recent Intel Security report noted that the government was not investing enough in cybersecurity education to sufficiently tackle the challenge. Some private companies have tried taking the helm instead — Cisco, for instance, just launched a $10 million scholarship aimed directly at filling the void in cybersecurity professionals.

If you're someone who already majored in a non-STEM (science, technology, engineering, and mathematics) field, this enormous opportunity is still open to you. As with computer programming, even if you aren't fluent in the language, you still need conversational proficiency — what we refer to as "cyber literacy." The most common reasons for data breaches are phishing and social engineering, which are relatively low-tech attacks that prey on people's carelessness and naïveté. Every person in a company is a security risk, and whether they're administering databases or taking coffee orders, candidates who understand common threats are vastly more valuable than those who expose a business to catastrophe.

The opportunity to capitalize on the cybersecurity boom is even bigger for those who aren't already technology savvy. The biggest hiring blocker for cybersecurity professionals is knowledge of the business. Back in 2014, 50% of organizations reported that fewer than half of the candidates they looked at were considered qualified. In 2015, that went up to 59% of respondents noting the lack of qualification of half of the job candidates. This shows that post-grads who complement existing skills with a cybersecurity mindset could successfully enter the market.

The constant threat of breaches and cyberattacks is real and growing. If today's students — and those already within the workforce — want both job security and a way to contribute to a critical part of the technology industry, then studying and developing skills in cybersecurity isn't just an elective. It's an imperative.

Related Content:

Mike Baukes is co-founder and co-CEO of UpGuard, a cyber resilience company based in Mountain View, California. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
kasstri
50%
50%
kasstri,
User Rank: Strategist
12/1/2016 | 11:54:23 AM
Re: keydown
Even without a specific focus on cybersecurity, learning to code is good for general .
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/29/2016 | 1:16:55 PM
Re: Cyber security
@Dr.T: Respectfully, I very much disagree.  The "shortage" of cybersecurity people is a mostly false one.  The real problem is age discrimination and companies not wanting to pay IT people what they're worth.

Instead, what a lot of companies do is offer salary packages that are far below market rate and then whine to the government that there's a shortage so that they can get H1-B and L-1 Visas approved for cheap overseas labor to be brought in.  Then they lay off their existing workforce (but not before having the people they're laying off train their replacements).

Rinse and repeat.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/29/2016 | 1:13:05 PM
filmy religijne
@Dr.T: Ignore it--and don't click.  It's spam/phishing.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/29/2016 | 1:11:52 PM
Re: Even w/o specific infosec education...
@Dr.T:

>they get better understanding what might be the problem.

And, for that matter, preventing problems in the first place.
kasstri
50%
50%
kasstri,
User Rank: Strategist
11/29/2016 | 12:55:42 PM
Re: keydown
Even without a specific focus on cybersecurity, learning to code is good for general 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 12:01:41 PM
Cyber security
I agree, we are in shortage of Cyber security staff, this was not the case not long ago. These recent attacks scared people quite well.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 12:01:06 PM
Re: filmy religijne modlitwa o cud
What exacly are you refering to?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 12:00:08 PM
Re: Even w/o specific infosec education...
" fancy GUIs we have now"

Another good point. Even Linux is more GUI then not anymore. Things become easier of course.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 11:57:24 AM
Re: Even w/o specific infosec education...
"Even without a specific focus on cybersecurity, learning to code is good for general "

I agree. Coding provides more insight into security of the systems, they get better understanding what might be the problem.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 11:55:23 AM
Learn to code
 

Learn to code becomes popular among younger generation simply because we figured out to make it very simple to code and most people would like to build something and interact with it.
Page 1 / 2   >   >>
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0242
PUBLISHED: 2019-12-09
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
CVE-2015-3424
PUBLISHED: 2019-12-09
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
CVE-2015-3425
PUBLISHED: 2019-12-09
Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter.
CVE-2015-7892
PUBLISHED: 2019-12-09
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
CVE-2015-0841
PUBLISHED: 2019-12-09
Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.