How Do You Get Students to Think Like Criminals?

The skills needed for cybersecurity jobs aren’t easy to learn in the classroom.

Between September 2017 and August 2018, employers in the United States posted 313,735 job openings for cybersecurity professionals. Filling those jobs would mean increasing the country’s current cybersecurity work force of 715,000 people by more than 40 percent, according to data presented at the National Initiative for Cybersecurity Education Conference this month. With the number of unfilled cybersecurity jobs worldwide projected to multiply into the millions in the next three years, it’s no surprise that governments, companies and schools are racing to pour more resources into cybersecurity training and education programs.

As someone who teaches in a rapidly growing computing security program at the Rochester Institute of Technology, this is good news for me and my students. I think we are doing a good and responsible job of training our students, who will be snapped up by recruiters.

But I’ve watched as the field of cybersecurity has become formalized through a flurry of new degrees, certificates and curriculums, and I worry that some fundamental components of what make people really good at security — namely, the instincts to look at systems in unconventional ways and quickly identify possible ways to cause trouble — are being lost along the way.

The idea of degree programs focused solely on cybersecurity is still pretty new. At R.I.T., the bachelor’s degree in security was introduced in 2007, and the dedicated Computing Security department wasn’t formed until 2012. That means we haven’t had a lot of time to debug these programs, especially since, in academic settings, every significant curricular change typically requires several meetings followed by extensive paperwork and committee approval.

The field is so new that nearly every cybersecurity professional over the age of 30 does not have a degree in cybersecurity — many of them don’t even have degrees in computer science, and several don’t have college degrees at all.

Cybersecurity has long been a field that embraced people with nontraditional backgrounds. Following the Equifax breach last year, some critics slammed the company for hiring a chief security officer who majored in music, prompting a considerable backlash from security professionals who took to Twitter to flash their own liberal arts degrees or lack of formal education.

The poster child for the unconventional path to a cybersecurity job is Kevin Mitnick, who was convicted of illegal computer hacking and spent five years in prison before establishing a career as a highly sought after security consultant.

It’s not a coincidence...

To read the full article, and to access many more fascinating news items, please refer to the source.

Source: The New York Times

Topics: penetration-testing firms, Rochester Institute of Technology, Bruce Schneier, cryptography, cybersecurity job, Equifax breach, hacking, increased cybersecurity employment, keynote speaker, red-teaming, security consultant, security mind-set, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Spear Phishing & Targeted Email Scams: What You Need to Know About this Hacking Technique

Most companies tell their employees to be on the lookout for email scams, yet not all take the time to educate their team on what these malicious mess..

Read more ›

An Overview of the 2020 UHS Ransomware Attack

This past weekend, the Fortune 500 hospital and healthcare services provider Universal Health Services (UHS) fell victim to an immobilizing ransomware..

Read more ›

What is Penetration Testing?

A penetration test is a simulated cyber attack against your nonmalicious computer system to check for exploitable vulnerabilities. It’s a series of ta..

Read more ›
tech-texture-bg