Long-term View Needed for Cybersecurity Education

U.S. Naval Academy professor says demand for professionals with cybersecurity skills will climb to six million by 2019 -- but there will be a shortfall of 1.5 million workers.

April 26, 2017
 
U.S. Naval Academy
Midshipmen in a class about cyber warfare.

Last month, Google announced that Washington, D.C.-based Howard University will open a campus at its Mountain View, Calif. headquarters this summer. Computer science students from the historically black university will have the option of studying there for three months at a time while they hone their skills in one of the most sought-after tech companies in the country.

Fascinating, yes, and a smart recruitment strategy for Google. But the company is far from alone in its thinking.

Last year, University of Maryland Baltimore County and IBM Research teamed up to establish a cybersecurity lab that will develop technology to help analysts identify problems faster. The Accelerated Cognitive Cybersecurity Laboratory launched last May and is now housed within the university’s College of Engineering and Information Technology.

Across the country, similar conversations between corporate leaders and institutions of higher learning are happening at a rapid pace, especially tied to the topic of cybersecurity education, and for good reason.

The projected global demand for cybersecurity talent will climb to six million by 2019, but there will be an expected shortfall of 1.5 million professionals, according to Foote Partners, which tracks information technology jobs across all skill levels. This new intersection of business and higher education is not a nice to have—for many in corporate recruiting, it’s become a need to have.

A recent Boston Globe article cited the shortage of skilled technology workers—and in particular cybersecurity talent—as the No. 1 issue for many companies. Cyberattacks increased by 48 percent in 2014, according to the accounting and consulting firm PwC, and are expected to increase as more personal computing devices become connected to the internet. And yet, the talent isn’t there to support the demands of this rapidly growing industry.

While enrollment numbers in U.S.-based four-year institutions are down, universities across the globe are producing students in record numbers. But, that doesn’t mean they have the right skill sets to meet the demands of our global tech sector. The sheer speed of technology innovation is challenging educational institutions, nonprofit organizations and vocational training programs to think differently about how to deliver course materials that can pivot quickly enough to stay in sync with industry trends.

The Right Approach?

And so, enter the Google solution: Team up with an institution and drive talent to the doorstep of industry faster. In theory, it sounds like a smart strategy. But, is it the right approach for the long term? Could the launch of a hyper-focused four-year degree program on cybersecurity, led directly by industry demands, actually limit students' ability to be well-rounded over the course of their broader career?

Industry can be very effective at providing a target “market” for educational programs. But by just targeting a specific industry, like cybersecurity, to consume its graduates, a program may only be capable of producing graduates for one particular time and place. What does it take for a program to be resilient, to produce quality graduates now and for the future in the face of changing industrial customers, within an industry where the only constant is change?

This is where program accreditation needs to enter the conversation.

Industry involvement is an extremely important part of program accreditation. But program accreditation involves much more than just assessing industry requirements and building a pipeline from educational program producers to industry consumers. With cybersecurity education, the target is broad – ranging from military cyber operations, to computer network defense, to cyber physical system security, to criminal investigation and interdiction. There is no “one-size-fits-all.”  Programs can target a specific sector, but what happens when that sector changes or goes away?

ABET has led the nation for many years in providing program accreditation for technical and engineering programs. ABET is currently in the final stages of rolling out accreditation criteria for cybersecurity, and will be piloting those criteria in accreditation visits in 2017. ABET’s engagement in cybersecurity will lay a foundation for the discipline that brings core values of accreditation along with it:

1. Graduates of an accredited program have a broad set of competencies and skills. In addition to solid technical skills, we expect graduates of ABET-accredited programs to work, thrive and excel in diverse environments and multidisciplinary teams.  Cybersecurity is not just a technical discipline, because it is heavily dependent on understanding the social context of technology. Good communication skills, ability to function on teams, an understanding of law and ethics, and a strong general education background are an essential part of the profile of a cybersecurity graduate.

2. Graduates of an accredited program have a broad set of technical cybersecurity competencies – not just those needed for a narrow set of jobs. ABET program accreditation does not commit to a specific path through the broad area of cybersecurity.  However, ABET’s cybersecurity program criteria guarantee a broad background in the area, and depth in one or more areas consistent with the sub-sector(s) in which graduates are employed. 

ABET does not require that cybersecurity graduates be competent in all aspects of the field – the field is much too broad for that. Nor does ABET require a specific area of depth – such as meeting the requirements of the NSA’s Centers for Academic Excellence Cyber Operations Program (CAE/CO) – which reflect an important subset of the discipline (offensive cyber operations for national security), but only part of cybersecurity writ large. An ABET-accredited program can be CAE/CO-compliant, but can alternatively focus on an entirely different part of the discipline.

3. Accredited programs adapt to change. The foundation of ABET accreditation is continuous improvement. Programs are expected to define outcomes for graduates that are consistent with their intended post-baccalaureate objective, and are then expected to monitor performance and identify improvements where outcomes are not being adequately met. Thus, even in a broad area like cybersecurity, programs can focus on their core constituencies, and have a mechanism to adjust as the field changes – while still maintaining a rigid process that ensures repeatability and continuity of courses. 

Meeting Workforce Needs

A strategy that involves alignment of cybersecurity programs with current industry practice can result in graduates meeting the needs of the current workforce. But a strategy that involves program accreditation can meet the needs of the current workforce and adapt to a broad, changing landscape of opportunities for graduates. 

As an ABET expert, I’ve seen firsthand the benefit of applying global standards for program criteria —standards that can meet industry demand, while still producing confident and career-ready graduates. Accreditation holds institutions accountable to a culture of continuous improvement, which includes teaming with business, and problem solving on how to deliver educational content in new ways. It’s this kind of continuous improvement which in turn drives technology programs to think differently about how best to deliver education for those most in-demand skills. It’s the kind of improvement that could set us up for long-term success.

The cybersecurity market as we know it is not on track to slow down. There are millions of jobs to fill, and millions of people to train. But if we stay focused on the short game, we’ll miss the big picture.

 

Bio

Allen Parrish is chair of the Cybersecurity Department at the U.S. Naval Academy. 

Read more by

Topics

Be the first to know.
Get our free daily newsletter.

 

We have retired comments and introduced Letters to the Editor. Share your thoughts »

Inside Higher Ed’s Quick Takes

Back to Top