How to Foster the Next Generation of Cyber Warriors

Today, cyber breaches cost the U.S. more than $100 billion a year. While organizations are actively procuring new cybersecurity technology, they’re not investing enough in people, skills and talent. And according to ISACA, a non-profit information security advocacy group, a global shortage of two million cybersecurity professionals is expected by 2019.

Attracting and retaining cybersecurity professionals is more critical than ever, and building the next generation of “cyber warriors” to protect our technology infrastructure will ultimately rely on one thing – education.

Cybersecurity should be top of mind for most institutions, and education is no exception. In fact, specialized areas like cybersecurity and data analytics have become some of the most popular disciplines in online education. Whether it’s a brick and mortar institution, an online degree program or an industry certification, cybersecurity education is on the rise – and just in time.

As cyber professionals and security leaders, we need to know how a strong cyber curriculum can stay ahead of the curve and evolve with today’s changing technology – every step of the way.

Introduce Cybersecurity into All Disciplines

The basics of cybersecurity should be embedded into general education requirements just like the fundamentals of mathematics and language arts. As users of devices and the internet, we’re all vulnerable to risk today and need to know the basics of privacy and security.

Since cyber safety touches nearly every industry, awareness and education is critical for all students, regardless of their chosen field of study. But some areas, particularly healthcare and Industrial Control Environments (ICS), are becoming increasingly vulnerable to the cyber risks of IT systems, viruses and ransomware, and training cyber professionals to manage these risks will be more critical than ever.

Balance the Technical vs. Non-Technical

Risk management, data mining, physical security and statistical analysis are just some of the technical courses generally required in a cyber curriculum, but a non-technical skill set can be just as valuable to a career in the cybersecurity field. Strong non-technical skills provide a unique perspective that can enhance the capability of an IT team, while enabling the technical skilled team to focus on what they do best. Designing a curriculum that also addresses non-technical skills adds a broader capability to the technical team, offering a different perspective that is aligned with the business strategy, and provides valuable resources to aid in the minimization of critical tasks.

Leverage the Right Certifications

Not all cybersecurity jobs require a four-year degree. In fact, many IT positions today only require an industry certification. Recommended certifications include Security+, Systems Security Certified Practitioner (SSCP), Network+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP) and the GIAC Penetration Tester (GPEN). Hands-on certification programs can equip professionals with the specialized knowledge they need to pursue a career in cybersecurity as a security analyst, security specialist, certified penetration tester and certified ethical hacker.

Align Curriculum with National Cybersecurity Guidelines

To keep up with the demand for new cybersecurity workers, agencies like the Department of Homeland Security (DHS) and National Security Agency (NSA) are supporting initiatives for open cybersecurity education. From elementary to the postgraduate level, we’ll see a greater focus on the science, technology, engineering and math (STEM) disciplines.

Currently, the NSA and DHS are jointly sponsoring the National Centers of Academic Excellence in Cyber Defense (CAE-CD) to allow participation from four-year colleges, graduate-level universities and Department of Defense schools as designated by the Carnegie Foundation Basic Classification system. To date, more than 200 universities (out of the estimated 5,300 in the U.S.) have achieved the CAE-CD designation. This process includes an application checklist to assess the strength of the institution cybersecurity curriculum, which is followed by an independent assessment by a qualified cybersecurity professional to determine the rigor of the curriculum offered to the students.

National cybersecurity competitions and cybersecurity scholarships tied to future service and the formation of cybersecurity centers of academic excellence in colleges and universities also support the concerted approach to an open education cybersecurity curriculum.

We live in a digital culture full of benefits and risks, which is why we need a robust legion of cyber warriors at the ready. Providing them with the best education and hands-on training and experience will be one of our strongest lines of defense in protecting our technology infrastructure.

Kenneth L Williams, Ph.D. CISSP, is director of the Center for CyberDefense at American Public University System. As a member of the National CyberWatch Center's (NCC) Curriculum Standards Panel, he is helping to develop the nation’s first Open Education cybersecurity curriculum.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.