By Dr. Kenneth Knapp
Businesses today face a daunting task in managing their cybersecurity risk. The cyber threat landscape seems more hostile than ever. We don’t merely face technical risks such as suffering from a ransomware attack or network infiltration, but also the challenges in training our employees to behave in a safe and cyber-secure manner.
Moreover, we must ensure our businesses are compliant with the growing list of state, national and international cyber-related laws and standards.
Consider the following recent findings:
A Thales data threat study revealed “65% of US companies have experienced a data breach.”
A Verizon report claimed that 56% of data breaches will go undiscovered for months.
The research firm Cybersecurity Ventures forecasts cybercrime will cost the world economy $6 trillion annually by 2021, up from $3 trillion in 2015.
We have seen scary statistics like this before, but we should ask, “What is being done about finding a long-term solution to the security problem?”
The cybersecurity field is an emerging one. It’s dynamic, challenging and growing. Cyber is a field that needs new people to join the fight.
The industry site CyberSeek states that there were 122,000 openings for information security analysts in 2018, but only 105,000 currently employed in those positions—an annual talent shortfall of 17,000 for the profession’s largest job in the United States.
The Bureau of Labor Statistics (BLS) expects the outlook for this job to grow 32% from 2018 to 2028, increasing much more than the average occupation. The BLS reports that the median salary for a security analyst is $98,350 per year.
To become an information/cyber security analyst, the BLS states that candidates usually need at least a bachelor’s degree in a computer related field.
Earning a bachelor’s degree in cybersecurity has definite advantages. One reason is that many cybersecurity job positions require knowledge beyond just computers. A top candidate should know something about business, law, criminal justice, risk, statistics, political science and other disciplines. Even learning a foreign language can help get a job in cyber intelligence, which is work that examines foreign threat actors.
It may be surprising, but highly technical cyber roles also require good communication skills. In penetration testing (where ethical hackers try to break into systems looking for weaknesses), testers must write reports for clients that describe recommendations in a clear, well-organized and understandable way.
A quality college program will offer students the advantage of taking courses not just in cybersecurity, but also in other topics, including writing courses. Taking courses outside of the college major helps to build a well-rounded graduate with a strong foundation across multiple disciplines. The marketplace recognizes this advantage where college graduates have higher employment rates and salaries than those who do not.
In cybersecurity, we are seeing more offerings and varieties of college programs. This is good news considering the field is becoming more diverse and interdisciplinary, allowing students to approach the profession in different ways.
Typically, cybersecurity degrees will vary based on the school or college offering it. For example, a computer science school will offer a cybersecurity degree that is heavy on programming, networking and perhaps cryptography, while requiring courses in mathematics. A business school will offer similar courses but will reduce the math requirement in favor of courses in accounting, economics and risk management.
Anderson University has created several interdisciplinary options for students pursuing a cybersecurity degree. The idea is that today’s cybersecurity problems are multi-faceted and college graduates with a robust, interdisciplinary degree will gain an edge in the job market.
Starting in the fall 2020 semester, Anderson University will offer four different cybersecurity majors. The majors are from the new Center for Cybersecurity that is not part of an existing school. This independence enables the center to design more interdisciplinary programs.
In addition to a “pure” cybersecurity major, the center offers three undergraduate majors that combine courses from different disciplines into a single academic experience. These are not double majors, but they require significant coursework from two different fields integrated into a market-relevant program.
Cybersecurity and Criminal Justice. This major gives students deep knowledge in two disciplines that are highly interrelated, particularly in the areas of law enforcement, cybercrime, forensics and cyber law. Job roles that would benefit from such a degree include computer and financial crime investigators and digital forensic analysts.
Cybersecurity and Mathematics. This major requires students to take courses in cyber and math. Jobs that would benefit from this combined approach include cybersecurity researcher, data scientist, cryptographer and roles in organizations like the National Security Agency, where a graduate would help develop algorithms to solve challenging cyber problems.
Cybersecurity and Analytics. This undergraduate major combines cyber courses with those in business and analytics into a unique program. Data analytics is one of the hottest fields today and highly applicable in cybersecurity. Cyber Threat Hunting, for example, is a newer type of job that requires an understanding of both cybersecurity and analytical tools.
It is proving difficult for businesses to find the professionals needed to solve today’s cybersecurity problems. The good news is that more colleges and universities are offering cybersecurity degrees. In addition, students are getting more options for multidisciplinary majors. Over time, this new breed of cybersecurity professional will help organizations get ahead of the attackers and criminals to build a safe and secure cyberspace.
Dr. Kenneth Knapp is the founding director of the Anderson University Center for Cybersecurity. He holds a slew of professional credentials, gained over 20 years of experience including computer security in the U.S. Air Force, taught technology at the Air Force Academy, and has a history in cybersecurity program development at Tampa University. He holds his Ph.D. in information systems with a research focus in information security from Auburn University. His interest in cybersecurity was first piqued when a network on his Air Force base in Texas was attacked in 1996 and he helped solve the problem.