Flunking Cyber Education

Uploaded on 2022-08-03 in JOBS-Training, FREE TO VIEW

We live in great times for cyber employment and training.  Rapidly developing and expanding STEM programs in schools.  Congressional bills supporting funding of myriad training programs.  

A recent summit held by the White House on July 19th - under the auspices of the new National Cyber Director - to find ways to encourage people to join the cyber work force and develop education programs supporting the effort.  Lots of talk about the 700,000 person job gaps in the cyber field and the need to fill those jobs.

As a cyber expert and college professor who teaches cyber, I applaud these developments.  But, as someone who is in the cyber business and now in the education game, I tell you it’s not going to be easy. Ignoring whether 700,000 people want to join the cyber community of workers - and not everyone does or has the skills to do so - you have to think of what kind of education you need to do the job. One of the big corporate challenges  - private or public - is not people learning code.  It’s middle managers learning the vastness of cyber, its organization costs, and getting those on the cyber coal face to speak understandably/or translate to those that run the places. Currently, despite best efforts, they are talking past each other.

Three Layers of the Cyber Cake

The connection between the decision makers and the cyber people on the coal face has always been problematic. Neither really understands the others’ need. They come from two different worlds. It is, in my experience,  the poor middle managers who are whipsawed between the two – explaining to their bosses why good cyber structure is needed and understanding of the cost of failure.  And, then, explaining to the people on the coal face why cost remains one of the most important factors despite the potentially troublesome challenges of a “lesser” solution.

Starting in reverse order, the Third “Cake” Layer I speak of is the technicians/the guys on the cyber coal face. Bluntly, in the land of the cyber “gun fight,” they are the ballistic experts. They speak a very specific tech language and think the guys above them are ignorant or indifferent because they don't understand their language.  The Third Layer wants more support and rarely understands the cost factor. It is their world. They know what needs to be done to make it work.

The First Layer is composed the Senior Managers whose lives are devoted to cost, profit and explaining to their overlords the levels of success and failure. They are “gun slingers”. They just want their “gun” to work. They can spell IT. They have a vague idea about exactly what cyber does as primarily it costs them money -- off the bottom line, without any real metrics as to return on investment and the potential of losing their jobs if something screws up.  They could use some education too - but they haven't got the time or, in many cases, the inclination.

And, then in non-ordinal order and an unenviable position, is the Second Layer -- the mid-level managers.  Paraphrasing the late American U.N. Ambassador Adlai Stevenson, they are the peaceful makers who catch hell from both sides.  The Second Level need to know enough about what Level Three is doing to explain it to Level One. And they need to know what Level one is facing to guide the efforts in Level Three.  

An Educational Opportunity Missed

Frankly, few schools have dealt with the Second Layer problem.  They favor extensive training for the coal face; engineering schools devoted to systems management and software development, for instance. And they occasionally give seminars for the First Level – usually as corporate retreats with everyone distracted by their I-phones as they try to run their business from afar. They rarely attempt to educate the Second Layer.  I think that is a major mistake.

We need to develop more classes that bridge that Middle Management gap - creating understanding of cyber needs and structure in both a policy way and a tech way.  We don’t need cyber experts, but we do expertise; a basis of understanding that allows for the needed translations.  

In other words, Level Two need to understand the general substance of the tech problems that are brought to them so they can explain it to the Decision Maker – who ultimately risk manage the cost versus potential failure of the organization. And these Middle managers need to explain to the cyber guys on the coal face why Level One are concerned about cost and to better explain what the decision makers risk assessment is – what is possible given cost.

Until that gap is closed, we are going to continue to go around in this endless loop of failure where the managers blame the IT guys and the IT guys think the senior managers are hopelessly out of touch.

Frankly, the American public ultimately pays the price for this gap. They deserve better. And, in my opinion, colleges and universities are missing a whole segment of a very large potential student population.

Ronald A. Marks III is a Visiting Professor of Cyber and Intelligence at George Mason University’s Schar School of Policy and Government.  Marks has also spent two decades managing or owning cyber related enterprises.

You Might Also Read: 

The Limits Of Social Media Soft Power:

 

« Google Chrome Extension Used To Steal Emails
Publicly Reported Ransomware Incidents Are Just The Tip Of An Iceberg »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

Data Protection People

Data Protection People

Data Protection People are specialists in Data Privacy, Governance, and Information Security.

GuardSI

GuardSI

GuardSI was created to protect companies from growing threats to security such as fraud, hacking, internal theft, accidents and human mistakes that can directly affect the business.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

CorkBIC International Security Accelerator

CorkBIC International Security Accelerator

CorkBIC International Security Accelerator invests in early stage disruptive companies in the security industry including, Cybersecurity, Internet of Things (IOT), Blockchain and AI.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

Secuna Software Technologies

Secuna Software Technologies

Secuna is the most trusted Cybersecurity Testing Platform in the Philippines. Our pool of vetted security researchers will find and ethically report security vulnerabilities in your product.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

Sprocket Security

Sprocket Security

Sprocket Security protects your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.

Token Security

Token Security

Token is the new approach designed for the identity boom era. Introducing Machine-First Identity Security.