Are Colleges Teaching Real-World Cyber Security Skills?

Uploaded on 2018-09-24 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

The cybersecurity skill shortage is a well-recognised industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience.

Cybersecurity is a fast-growing profession, and talented graduates are in very high demand. Cyber degree programs are rapidly opening up at colleges across the country, and students are racing to enrol, eager to join one of the most challenging and financially rewarding fields. Yet, there seems to be a growing chasm between what graduates learned in school and what the market demands.

In my personal experience as a cybersecurity training consultant, I hear time and again how frustrated SOC managers are with finding qualified SOC analysts. They report they get plenty of resumes, but rarely come across a candidate who has the right skills and experience to take a seat in the SOC and handle the challenges of a high-pressure sec ops environment.  So, the real challenge of the cybersecurity skill shortage is making sure new recruits are prepared for the real world.

Cyber security skills are lacking

As cyber threats are multiplying in number and becoming much more complex and sophisticated, the need for young professionals with the cyber security skills to fill those positions is also growing rapidly. According to Forbes, Cybersecurity is a lucrative field with average salary currently at $116,000, nearly three times the national median income for full-time wage positions. But money is not the only thing that attracts people to the cybersecurity realm.  A recent survey found that among the top reasons for choosing this profession are the reputation for integrity, as well as for being a leader in a challenging and prominent discipline.

Accordingly, the number of cybersecurity education programs and students is exploding. Based on public US Government data, approximately 3,000 educational institutions are currently training future cybersecurity practitioners and according to the rate of growth, by 2021 there will be over 100,000 graduates in the United States alone. Colleges are increasingly recognising the need to adapt computer science education for tomorrow’s occupational and technology needs. Innovative institutions of higher education are setting up cybersecurity degree programs, to set themselves apart and prepare their students for rewarding careers.

Yet, there is a deep incongruence between academia and the field. This month the SANS 2018 Security Operation Center Survey was published and reported some eye-opening findings. It revealed that 62 per cent of surveyed organisations reported they lack skilled cybersecurity staff. The skill shortage was also cited as the leading challenge hampering SOC capabilities. Mark Aiello, president of Cyber 360, a staffing firm specialising in finding skilled cybersecurity professional to fill vacancies says, “Talent is so scarce that it typically takes eight to 12 months to fill cybersecurity jobs”. The authors of the SANS survey also state that for most organisations, “hiring skilled security staff is challenging and expensive”. It seems to be, that the problem isn’t too few applicants, but rather that most candidates have inadequate skill sets and experience.

Practice makes perfect

SOC analysts must have a large amount of formal knowledge and the analytic abilities to derive actionable insights from the data collected by the company’s various security tools. Moreover, the analyst is expected to use human behavioural and business context to identify threats and make decisions about how to respond to keep the organisation safe. However, most junior security staff enter the cybersecurity job market with only theoretical knowledge of what “security” is, lacking practical analytical methodologies, detection techniques and more advanced specialised skills. New graduates often lack the practical analysis and synthesis skills, which leaves them unprepared to face the challenges they will meet in the cybersecurity world.

The 2018 SANS survey states that “gamification of the SOC via simulations, exercises, training or any other form of targeted practice is becoming the standard operating procedure for providing a SOC skill set and an effective way of retaining skilled staff”. Institutions of higher education are starting to address the deep asymmetry between frontal instruction and practical exercises by incorporating a cyber range into their cybersecurity curricula.

Cyber ranges produce cybersecurity excellence

Innovative higher education institutions are determined to prepare their students with highly relevant knowledge and practical skills that are valued in the workplace. Cyber ranges are virtual environments used for cyberwarfare training and the development of cyber technologies. A cyber range offers hands-on training in which students can fully experience attacks in a simulated environment. This realistic experience strengthens the analyst’s performance and ability to respond to the most menacing emerging threats. In addition to gaining formal and theoretical knowledge, the range allows students to gain the hands-on experience employers value most and enter the job market well prepared and with a strong competitive edge over other job candidates. A cyber range enables colleges and universities to constantly challenge their students and faculty and can also support cybersecurity academic research.

Cybersecurity education is prospering and attracting larger numbers of students each year. Ambitious students are looking for leading-edge programs where they will be challenged and gain valuable knowledge and experience that will prepare them for their careers as cybersecurity professionals. Students realise that theoretical knowledge alone is not enough to prepare them to take part in defending an organisation under cyberattack. Make on-campus cybersecurity simulation labs an integral part of the syllabus and arm your students with as much hands-on experience as possible from their first semester through to graduation.

ITProPortal:

You Might Also Read:

Cyber Skills Gap Grows Along With Threats

« UK Gets Offensive: New Task Force To Deal With Russia & Terrorists
Manufacturing Industry: A Key Target For Cyber Attackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Duo Security

Duo Security

Duo combines security expertise with a user-centered philosophy to provide two-factor authentication, endpoint remediation and secure single sign-on tools.

Subgraph

Subgraph

Subgraph is an open source security company, committed to making secure and usable open source computing available to everyone.

Inky Technology Corp

Inky Technology Corp

Inky® Phish Fence is an email protection gateway that uses sophisticated AI, machine learning and computer vision algorithms to block deep sea phishing attacks that get through every other system.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

HorizonIQ

HorizonIQ

HorizonIQ (formerly Internap Corp / INAP) maximizes efficiency and innovation with flexible infrastructure solutions.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Consensys

Consensys

ConsenSys is a global blockchain company. We develop enterprise applications, invest in startups, build developer tools, and offer blockchain education.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Redhorse

Redhorse

Redhorse provides top-tier consulting to help clients address mission-critical government problems in National Security, Networking Technology, Energy and the Environment.

Nisos

Nisos

Nisos provides unrivaled protection of your reputation and assets through the practice of Active Defense.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Tryaq

Tryaq

Tryaq are a group of cybersecurity experts and enthusiasts who share the mission to make the world feel safer online.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

Focus Group

Focus Group

Focus Group are one of the UK’s leading independent providers of essential business technology. Here to take care of all your telecoms, IT and connectivity services.