Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognised industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience.

Cybersecurity is a fast-growing profession, and talented graduates are in very high demand. Cyber degree programs are rapidly opening up at colleges across the country, and students are racing to enrol, eager to join one of the most challenging and financially rewarding fields. Yet, there seems to be a growing chasm between what graduates learned in school and what the market demands.

In my personal experience as a cybersecurity training consultant, I hear time and again how frustrated SOC managers are with finding qualified SOC analysts. They report they get plenty of resumes, but rarely come across a candidate who has the right skills and experience to take a seat in the SOC and handle the challenges of a high-pressure sec ops environment.  So, the real challenge of the cybersecurity skill shortage is making sure new recruits are prepared for the real world.

Cyber security skills are lacking

As cyber threats are multiplying in number and becoming much more complex and sophisticated, the need for young professionals with the cyber security skills to fill those positions is also growing rapidly. According to Forbes, Cybersecurity is a lucrative field with average salary currently at $116,000, nearly three times the national median income for full-time wage positions. But money is not the only thing that attracts people to the cybersecurity realm.  A recent survey found that among the top reasons for choosing this profession are the reputation for integrity, as well as for being a leader in a challenging and prominent discipline.

Accordingly, the number of cybersecurity education programs and students is exploding. Based on public US Government data, approximately 3,000 educational institutions are currently training future cybersecurity practitioners and according to the rate of growth, by 2021 there will be over 100,000 graduates in the United States alone. Colleges are increasingly recognising the need to adapt computer science education for tomorrow’s occupational and technology needs. Innovative institutions of higher education are setting up cybersecurity degree programs, to set themselves apart and prepare their students for rewarding careers.

Yet, there is a deep incongruence between academia and the field. This month the SANS 2018 Security Operation Center Survey was published and reported some eye-opening findings. It revealed that 62 per cent of surveyed organisations reported they lack skilled cybersecurity staff. The skill shortage was also cited as the leading challenge hampering SOC capabilities. Mark Aiello, president of Cyber 360, a staffing firm specialising in finding skilled cybersecurity professional to fill vacancies says, “Talent is so scarce that it typically takes eight to 12 months to fill cybersecurity jobs”. The authors of the SANS survey also state that for most organisations, “hiring skilled security staff is challenging and expensive”. It seems to be, that the problem isn’t too few applicants, but rather that most candidates have inadequate skill sets and experience.

Practice makes perfect

SOC analysts must have a large amount of formal knowledge and the analytic abilities to derive actionable insights from the data collected by the company’s various security tools. Moreover, the analyst is expected to use human behavioural and business context to identify threats and make decisions about how to respond to keep the organisation safe. However, most junior security staff enter the cybersecurity job market with only theoretical knowledge of what “security” is, lacking practical analytical methodologies, detection techniques and more advanced specialised skills. New graduates often lack the practical analysis and synthesis skills, which leaves them unprepared to face the challenges they will meet in the cybersecurity world.

The 2018 SANS survey states that “gamification of the SOC via simulations, exercises, training or any other form of targeted practice is becoming the standard operating procedure for providing a SOC skill set and an effective way of retaining skilled staff”. Institutions of higher education are starting to address the deep asymmetry between frontal instruction and practical exercises by incorporating a cyber range into their cybersecurity curricula.

Cyber ranges produce cybersecurity excellence

Innovative higher education institutions are determined to prepare their students with highly relevant knowledge and practical skills that are valued in the workplace. Cyber ranges are virtual environments used for cyberwarfare training and the development of cyber technologies. A cyber range offers hands-on training in which students can fully experience attacks in a simulated environment. This realistic experience strengthens the analyst’s performance and ability to respond to the most menacing emerging threats. In addition to gaining formal and theoretical knowledge, the range allows students to gain the hands-on experience employers value most and enter the job market well prepared and with a strong competitive edge over other job candidates. A cyber range enables colleges and universities to constantly challenge their students and faculty and can also support cybersecurity academic research.

Cybersecurity education is prospering and attracting larger numbers of students each year. Ambitious students are looking for leading-edge programs where they will be challenged and gain valuable knowledge and experience that will prepare them for their careers as cybersecurity professionals. Students realise that theoretical knowledge alone is not enough to prepare them to take part in defending an organisation under cyberattack. Make on-campus cybersecurity simulation labs an integral part of the syllabus and arm your students with as much hands-on experience as possible from their first semester through to graduation.

ITProPortal:

You Might Also Read:

Cyber Skills Gap Grows Along With Threats

« UK Gets Offensive: New Task Force To Deal With Russia & Terrorists
Manufacturing Industry: A Key Target For Cyber Attackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Waterfall Security Solutions

Waterfall Security Solutions

Waterfall Security is focused on protecting critical infrastructure and industrial control systems from remote online cyber attacks,

Radiant Logic

Radiant Logic

Radiant Logic is a market-leading provider of federated identity solutions based on virtualization, and delivers simple, logical, and standards-based access to all identities within an organization.

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

Digitale Gründerinitiative Oberpfalz (DGO)

Digitale Gründerinitiative Oberpfalz (DGO)

Digital Founder Initiative Oberpfalz's goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.

BBS Technology

BBS Technology

BBS Technology is a company that develops and delivers next-generation cyber security technologies worldwide.

AirMDR

AirMDR

Designed by experts, AirMDR solutions cater to the unique demands of security operations centers.

HeroDevs

HeroDevs

HeroDevs is the trusted leader in providing secure, long-term support for deprecated open-source software.