The cybersecurity needs of organizations are becoming more interdisciplinary and, according to experts, so are the educational programs that prepare students for careers in the emerging field.
“Cybersecurity is no longer just an IT issue,” said Scott Shackelford, director of Indiana University’s new cybersecurity clinic. “It’s just something that, frankly, everybody should know the basics about.”
By 2022, the global cybersecurity workforce shortage is projected to reach upwards of 1.8 million unfilled positions, according to a 2017 workforce report from the Center for Cyber Safety and Education. Although more traditional cybersecurity jobs, like security and threat management, make up a large chunk of the open jobs, there is also a talent shortage in various sub-disciplines within cybersecurity, Shackelford said, and educational programs are responding to this need, emphasizing a foundational knowledge of cybersecurity across curriculums.
The earliest opportunities to study cybersecurity, roughly a decade ago, were much more limited than they are now, said Rodney Petersen, director of the National Initiative for Cybersecurity Education. Concentrations and minors, primarily available to computer science and engineering majors, were how many institutions first approached cybersecurity education, “but that has certainly shifted now,” he said.
Today, programs such as San Diego State University’s new cybersecurity management master’s program, which focuses on producing security professionals with business training, are aimed at reaching a broader swath of students from various disciplines. “The workforce will benefit by preparing security professionals for a broader, more varied, and potentially more rewarding career path,” said Murray Jennex, the program’s faculty advisor.
“[SDSU’s] goal is to create professionals who can blend security and the business and thus make security an integral part of the business’s functions and processes,” he said.
In the past, security and business have been at odds with each other. “Security professionals want the organization to change to do better security and don’t understand the need to make money and the business doesn’t understand why the security professionals want them to do the security practices they are being asked to do,” Jennex said. “Simply stated, security works best when it is an integral part of the business process rather than something bolted on.”
Also aimed at creating a more interdisciplinary cybersecurity workforce, Indiana University’s new cybersecurity clinic encourages students from different disciplines, including business and law, to build a foundation of cybersecurity skills through hands-on experiences and collaboration. “There is a growing appetite for people that have a foundational [cybersecurity] skill set,” Shackelford said.
In that same vein, law schools, recognizing that many lawyers will begin practicing cyber law, are starting to offer degree concentrations in IT or cybersecurity, Petersen said. For those interested in cybersecurity advising or litigation, the American Bar Association recommends students take basic networking or cybersecurity courses or to obtain a certification, such as those offered by CompTIA, to demonstrate basic cybersecurity knowledge.
“Doctors and technicians and people building and developing medical devices need a grounding in cybersecurity as well,” Petersen said. A 2017 survey of U.S. physicians from the American Medical Association found that 83 percent of doctors have experienced some form of cyberattack, and more than half are “extremely” worried about future attacks.
“I think what we’re starting to see, whether it’s business, criminal justice, science, computer science or engineering, is the broad nature of cybersecurity and the need for a comprehensive set of skills across an organization,” he said. People in the policy world can round out their educations with an emphasis in cybersecurity just as somebody in law enforcement who might become a cybercrime investigator would benefit from having a foundational understanding of IT and security.
According to Shackelford, as more organizations recognize their need for cybersecurity and new jobs are created in the field, it is important for all cybersecurity programs to be as responsive to the need of industry as they can.
“My hope is that more and more folks are going to have that core foundational knowledge that is going to be useful across a whole range of disciplines whether they wind up being an insurance adjuster, a doctor — you name it.”