Are Colleges Teaching Real-World Cyber Security Skills?

Uploaded on 2018-09-24 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

The cybersecurity skill shortage is a well-recognised industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience.

Cybersecurity is a fast-growing profession, and talented graduates are in very high demand. Cyber degree programs are rapidly opening up at colleges across the country, and students are racing to enrol, eager to join one of the most challenging and financially rewarding fields. Yet, there seems to be a growing chasm between what graduates learned in school and what the market demands.

In my personal experience as a cybersecurity training consultant, I hear time and again how frustrated SOC managers are with finding qualified SOC analysts. They report they get plenty of resumes, but rarely come across a candidate who has the right skills and experience to take a seat in the SOC and handle the challenges of a high-pressure sec ops environment.  So, the real challenge of the cybersecurity skill shortage is making sure new recruits are prepared for the real world.

Cyber security skills are lacking

As cyber threats are multiplying in number and becoming much more complex and sophisticated, the need for young professionals with the cyber security skills to fill those positions is also growing rapidly. According to Forbes, Cybersecurity is a lucrative field with average salary currently at $116,000, nearly three times the national median income for full-time wage positions. But money is not the only thing that attracts people to the cybersecurity realm.  A recent survey found that among the top reasons for choosing this profession are the reputation for integrity, as well as for being a leader in a challenging and prominent discipline.

Accordingly, the number of cybersecurity education programs and students is exploding. Based on public US Government data, approximately 3,000 educational institutions are currently training future cybersecurity practitioners and according to the rate of growth, by 2021 there will be over 100,000 graduates in the United States alone. Colleges are increasingly recognising the need to adapt computer science education for tomorrow’s occupational and technology needs. Innovative institutions of higher education are setting up cybersecurity degree programs, to set themselves apart and prepare their students for rewarding careers.

Yet, there is a deep incongruence between academia and the field. This month the SANS 2018 Security Operation Center Survey was published and reported some eye-opening findings. It revealed that 62 per cent of surveyed organisations reported they lack skilled cybersecurity staff. The skill shortage was also cited as the leading challenge hampering SOC capabilities. Mark Aiello, president of Cyber 360, a staffing firm specialising in finding skilled cybersecurity professional to fill vacancies says, “Talent is so scarce that it typically takes eight to 12 months to fill cybersecurity jobs”. The authors of the SANS survey also state that for most organisations, “hiring skilled security staff is challenging and expensive”. It seems to be, that the problem isn’t too few applicants, but rather that most candidates have inadequate skill sets and experience.

Practice makes perfect

SOC analysts must have a large amount of formal knowledge and the analytic abilities to derive actionable insights from the data collected by the company’s various security tools. Moreover, the analyst is expected to use human behavioural and business context to identify threats and make decisions about how to respond to keep the organisation safe. However, most junior security staff enter the cybersecurity job market with only theoretical knowledge of what “security” is, lacking practical analytical methodologies, detection techniques and more advanced specialised skills. New graduates often lack the practical analysis and synthesis skills, which leaves them unprepared to face the challenges they will meet in the cybersecurity world.

The 2018 SANS survey states that “gamification of the SOC via simulations, exercises, training or any other form of targeted practice is becoming the standard operating procedure for providing a SOC skill set and an effective way of retaining skilled staff”. Institutions of higher education are starting to address the deep asymmetry between frontal instruction and practical exercises by incorporating a cyber range into their cybersecurity curricula.

Cyber ranges produce cybersecurity excellence

Innovative higher education institutions are determined to prepare their students with highly relevant knowledge and practical skills that are valued in the workplace. Cyber ranges are virtual environments used for cyberwarfare training and the development of cyber technologies. A cyber range offers hands-on training in which students can fully experience attacks in a simulated environment. This realistic experience strengthens the analyst’s performance and ability to respond to the most menacing emerging threats. In addition to gaining formal and theoretical knowledge, the range allows students to gain the hands-on experience employers value most and enter the job market well prepared and with a strong competitive edge over other job candidates. A cyber range enables colleges and universities to constantly challenge their students and faculty and can also support cybersecurity academic research.

Cybersecurity education is prospering and attracting larger numbers of students each year. Ambitious students are looking for leading-edge programs where they will be challenged and gain valuable knowledge and experience that will prepare them for their careers as cybersecurity professionals. Students realise that theoretical knowledge alone is not enough to prepare them to take part in defending an organisation under cyberattack. Make on-campus cybersecurity simulation labs an integral part of the syllabus and arm your students with as much hands-on experience as possible from their first semester through to graduation.

ITProPortal:

You Might Also Read:

Cyber Skills Gap Grows Along With Threats

« UK Gets Offensive: New Task Force To Deal With Russia & Terrorists
Manufacturing Industry: A Key Target For Cyber Attackers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

CloudHesive

CloudHesive

CloudHesive provides cloud solutions through consulting and managed services with a focus on security, reliability, availability and scalability.

ESTsecurity

ESTsecurity

ESTsecurity is a leading company in cyber security providing intelligent security solutions to make world more secure.

Reposify

Reposify

Reposify’s cybersecurity solution identifies, manages and defends companies’ global digital footprints.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

AntemetA

AntemetA

AntemetA specializes in network infrastructure, security and cloud computing, helping companies transform their Information Systems.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

SPARTA Consortium

SPARTA Consortium

SPARTA tackles hard innovation challenges, leading the way in building transformative capabilities and forming a world-leading cybersecurity competence network across the EU.

Stamus Networks

Stamus Networks

Stamus Networks offers Scirius Security Platform solutions that marry real-time network traffic data with enhanced Suricata intrusion detection (IDS) and an advanced analytics engine.

Inceptus

Inceptus

Inceptus is a next generation Managed Security Service Provider (MSSP). We are dedicated to keeping our customers safe, secure and protected while doing business on the Internet.

cleverDome

cleverDome

cleverDome has created the first community built and proven model that redefines the standards for protecting the most confidential data and information of consumers in the cloud.

Identity Digital

Identity Digital

Identity Digital simplifies and connects a fragmented online world with domain names and related technologies that allow people and businesses to build, market and own their digital identities.

Association of Azerbaijani Cyber Security Organizations (AKTA)

Association of Azerbaijani Cyber Security Organizations (AKTA)

The Association of Azerbaijani Cyber Security Organizations (AKTA) is a non-commercial organization aimed at strengthening the country's cybersecurity system.

Redpoint Cybersecurity

Redpoint Cybersecurity

Redpoint Cybersecurity is a human-led, technology-enabled managed cybersecurity provider specializing in Digital Forensics, Incident Response and proactive cyberattack prevention.

Alpha Echo

Alpha Echo

Specialising in security advice and enterprise-wide Cyberworthiness, Alpha Echo helps Australia deliver on cyber outcomes at a military grade level.

Operational Systems (OpSys)

Operational Systems (OpSys)

OpSys is a leading Managed IT and Cyber Security provider protecting the critical elements of businesses across the globe.