Flunking Cyber Education

Uploaded on 2022-08-03 in JOBS-Training, FREE TO VIEW

We live in great times for cyber employment and training.  Rapidly developing and expanding STEM programs in schools.  Congressional bills supporting funding of myriad training programs.  

A recent summit held by the White House on July 19th - under the auspices of the new National Cyber Director - to find ways to encourage people to join the cyber work force and develop education programs supporting the effort.  Lots of talk about the 700,000 person job gaps in the cyber field and the need to fill those jobs.

As a cyber expert and college professor who teaches cyber, I applaud these developments.  But, as someone who is in the cyber business and now in the education game, I tell you it’s not going to be easy. Ignoring whether 700,000 people want to join the cyber community of workers - and not everyone does or has the skills to do so - you have to think of what kind of education you need to do the job. One of the big corporate challenges  - private or public - is not people learning code.  It’s middle managers learning the vastness of cyber, its organization costs, and getting those on the cyber coal face to speak understandably/or translate to those that run the places. Currently, despite best efforts, they are talking past each other.

Three Layers of the Cyber Cake

The connection between the decision makers and the cyber people on the coal face has always been problematic. Neither really understands the others’ need. They come from two different worlds. It is, in my experience,  the poor middle managers who are whipsawed between the two – explaining to their bosses why good cyber structure is needed and understanding of the cost of failure.  And, then, explaining to the people on the coal face why cost remains one of the most important factors despite the potentially troublesome challenges of a “lesser” solution.

Starting in reverse order, the Third “Cake” Layer I speak of is the technicians/the guys on the cyber coal face. Bluntly, in the land of the cyber “gun fight,” they are the ballistic experts. They speak a very specific tech language and think the guys above them are ignorant or indifferent because they don't understand their language.  The Third Layer wants more support and rarely understands the cost factor. It is their world. They know what needs to be done to make it work.

The First Layer is composed the Senior Managers whose lives are devoted to cost, profit and explaining to their overlords the levels of success and failure. They are “gun slingers”. They just want their “gun” to work. They can spell IT. They have a vague idea about exactly what cyber does as primarily it costs them money -- off the bottom line, without any real metrics as to return on investment and the potential of losing their jobs if something screws up.  They could use some education too - but they haven't got the time or, in many cases, the inclination.

And, then in non-ordinal order and an unenviable position, is the Second Layer -- the mid-level managers.  Paraphrasing the late American U.N. Ambassador Adlai Stevenson, they are the peaceful makers who catch hell from both sides.  The Second Level need to know enough about what Level Three is doing to explain it to Level One. And they need to know what Level one is facing to guide the efforts in Level Three.  

An Educational Opportunity Missed

Frankly, few schools have dealt with the Second Layer problem.  They favor extensive training for the coal face; engineering schools devoted to systems management and software development, for instance. And they occasionally give seminars for the First Level – usually as corporate retreats with everyone distracted by their I-phones as they try to run their business from afar. They rarely attempt to educate the Second Layer.  I think that is a major mistake.

We need to develop more classes that bridge that Middle Management gap - creating understanding of cyber needs and structure in both a policy way and a tech way.  We don’t need cyber experts, but we do expertise; a basis of understanding that allows for the needed translations.  

In other words, Level Two need to understand the general substance of the tech problems that are brought to them so they can explain it to the Decision Maker – who ultimately risk manage the cost versus potential failure of the organization. And these Middle managers need to explain to the cyber guys on the coal face why Level One are concerned about cost and to better explain what the decision makers risk assessment is – what is possible given cost.

Until that gap is closed, we are going to continue to go around in this endless loop of failure where the managers blame the IT guys and the IT guys think the senior managers are hopelessly out of touch.

Frankly, the American public ultimately pays the price for this gap. They deserve better. And, in my opinion, colleges and universities are missing a whole segment of a very large potential student population.

Ronald A. Marks III is a Visiting Professor of Cyber and Intelligence at George Mason University’s Schar School of Policy and Government.  Marks has also spent two decades managing or owning cyber related enterprises.

You Might Also Read: 

The Limits Of Social Media Soft Power:

 

« Google Chrome Extension Used To Steal Emails
Publicly Reported Ransomware Incidents Are Just The Tip Of An Iceberg »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

Beame.io

Beame.io

Beame.io is an information security company that distributes open source authentication infrastructure based on encryption.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

Syhunt Security

Syhunt Security

Syhunt is a leading player in the web application security field, delivering its assessment tools to a range of organizations across the globe.

Resilience First

Resilience First

Resilience First is a not-for-profit organisation, led and funded by business to strengthen collective business resilience in all areas, including cyber security.

Center for Cyber & Homeland Security (CCHS)

Center for Cyber & Homeland Security (CCHS)

The Center for Cyber and Homeland Security at Auburn University is a nonpartisan think tank that works to develop innovative strategies to address current and future threats to the United States.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

Deft

Deft

Deft (formerly ServerCentral Turing Group) is a trusted provider of colocation, cloud, and disaster recovery services.

DeepFactor

DeepFactor

DeepFactor is the industry’s first Continuous Observability platform enabling Engineering and AppSec teams to find and triage RUNTIME security, privacy, and compliance risks in your applications.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.