A recent study identified a disturbing trend in American higher education: None of the top 10 undergraduate computer-science programs in the United States – and only three of the top 5 – require students to take a single course on cybersecurity as a prerequisite for graduation.
The University of Alabama was the exception as the only one of more than 120 schools examined by the IT-security company CloudPassage that requires computer-science majors to take three or more cybersecurity courses.
The study comes at a time when cybersecurity is – or should be – top-of-mind for businesses and government entities alike. CloudPassage noted there were more than 200,000 open cybersecurity jobs in the United States in 2015, suggesting that the incoming workforce isn’t equipped to fill them. At the federal government level in particular, where the threats from organized criminals, terrorists and hostile nation-states is especially potent, ensuring that federal employees possess the training and skills necessary to keep data safe and secure is imperative.
A 2015 Government Accountability Office report identified cybersecurity as one of six governmentwide occupations facing a “mission-critical” skills gap that poses “a high risk to the nation.” That skills gap led Office of Personnel Management acting Director Beth Cobert in April 2016 to announce a plan “to develop a governmentwide strategy to address the root causes” and close the gap in both the short and long terms.
In the short term, security officers should investigate how they can support continuing education for current employees as an important part of staying ahead of cybersecurity trends. According to a report in the Federal Times, the National Initiative for Cybersecurity Education released a three-point plan in April to “drive future development of … the government’s education efforts.” The plan’s goals include accelerating learning and skills development, nurturing a diverse learning community, and guiding career development and workforce planning.
The U.S. Navy is investing $26 million over the next three to five years in its own cybersecurity training program, according to fedscoop. Expect more departments and agencies to invest in continuing-education programs in the coming months and years as well.
In addition to on-the-job training to address short-term needs, security officers should develop long-term plans that focus on reaching tomorrow’s cyber-warriors today, while they’re still in school. We need to be finding new and creative ways to get students interested in cybersecurity at an early age, and to understand the kind of career opportunities available to them – in both the public and private sectors – if they study it.
For that reason, many in and out of government say cybersecurity should be a universal concentration option for computer science and information-technology programs at the collegiate level.
With expertise in cybersecurity, graduates would find themselves in high demand and thus able to write their own employment ticket. (With many of them facing a mountain of student-loan debt upon graduation, that’s got to provide a measure of reassurance for them – and their parents.)
Indeed, there’s a growing consensus in business, industry, government and academic circles that there’s no such thing as “too early” when it comes to exposing our young people to cybersecurity and educating them in that field.
As cyber hazards continue to increase, we must do everything we can – especially within the high-value target of the federal sector – to ensure that current and future security professionals are equipped to protect systems and people from modern threats. That starts with implementing continuing education in the short term, while also pursuing long-term strategy to fertilize the educational pipeline so it produces the high numbers of skilled workers needed to keep us safe.