Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

11/22/2016
10:30 AM
Mike Baukes
Mike Baukes
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Raising The Nation's Cybersecurity IQ: 'Learn To Code'

We need to ensure that the students of today are prepared for the security challenges of tomorrow.

"Learn to code." In recent years, this has been the mantra of educational modernization.  

The ability to understand and mobilize information technology remains vital, but the goal line has been moved. It's no longer enough to understand basic technical literacy — we must make sure that our students are prepared to tackle one of the greatest issues of our time: cybersecurity.

The cybersecurity skills shortage is well known to employers — there is a shortfall of around 1.6 million cybersecurity professionals. To help with this, the National Security Agency recently launched a Day of Cyber initiative in Virginia to run a statewide program to help students learn the skills of cybersecurity professionals and explore career opportunities in the field. The program, which began in late October and runs through March 2017, allows students to take part in real-life virtual cybersecurity scenarios and receive a Cyber Resume and NSA Certificate of Completion.

This kind of initiative is vital, and more states and schools must step up efforts to solve this critical national shortfall. Cybersecurity is one of the major issues of our time — it's a skill we should have collectively developed yesterday but we must invest in doubly today.  

The industry's surging need for cybersecurity professionals certainly isn't up for debate. In 2015, over 209,000 cybersecurity jobs went unfilled, and industry job postings are up 74% over the last five years. For better or worse, the countless breaches over the years have spawned a booming industry — cybersecurity is expected to be a $170 billion market by 2020.

Despite the huge need for these professionals, our education system has yet to instill a framework for adequately preparing students to take on these jobs. For instance, 75% of IT decision makers surveyed in a recent Intel Security report noted that the government was not investing enough in cybersecurity education to sufficiently tackle the challenge. Some private companies have tried taking the helm instead — Cisco, for instance, just launched a $10 million scholarship aimed directly at filling the void in cybersecurity professionals.

If you're someone who already majored in a non-STEM (science, technology, engineering, and mathematics) field, this enormous opportunity is still open to you. As with computer programming, even if you aren't fluent in the language, you still need conversational proficiency — what we refer to as "cyber literacy." The most common reasons for data breaches are phishing and social engineering, which are relatively low-tech attacks that prey on people's carelessness and naïveté. Every person in a company is a security risk, and whether they're administering databases or taking coffee orders, candidates who understand common threats are vastly more valuable than those who expose a business to catastrophe.

The opportunity to capitalize on the cybersecurity boom is even bigger for those who aren't already technology savvy. The biggest hiring blocker for cybersecurity professionals is knowledge of the business. Back in 2014, 50% of organizations reported that fewer than half of the candidates they looked at were considered qualified. In 2015, that went up to 59% of respondents noting the lack of qualification of half of the job candidates. This shows that post-grads who complement existing skills with a cybersecurity mindset could successfully enter the market.

The constant threat of breaches and cyberattacks is real and growing. If today's students — and those already within the workforce — want both job security and a way to contribute to a critical part of the technology industry, then studying and developing skills in cybersecurity isn't just an elective. It's an imperative.

Related Content:

Mike Baukes is co-founder and co-CEO of UpGuard, a cyber resilience company based in Mountain View, California. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
kasstri
50%
50%
kasstri,
User Rank: Strategist
12/1/2016 | 11:54:23 AM
Re: keydown
Even without a specific focus on cybersecurity, learning to code is good for general .
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/29/2016 | 1:16:55 PM
Re: Cyber security
@Dr.T: Respectfully, I very much disagree.  The "shortage" of cybersecurity people is a mostly false one.  The real problem is age discrimination and companies not wanting to pay IT people what they're worth.

Instead, what a lot of companies do is offer salary packages that are far below market rate and then whine to the government that there's a shortage so that they can get H1-B and L-1 Visas approved for cheap overseas labor to be brought in.  Then they lay off their existing workforce (but not before having the people they're laying off train their replacements).

Rinse and repeat.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/29/2016 | 1:13:05 PM
filmy religijne
@Dr.T: Ignore it--and don't click.  It's spam/phishing.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/29/2016 | 1:11:52 PM
Re: Even w/o specific infosec education...
@Dr.T:

>they get better understanding what might be the problem.

And, for that matter, preventing problems in the first place.
kasstri
50%
50%
kasstri,
User Rank: Strategist
11/29/2016 | 12:55:42 PM
Re: keydown
Even without a specific focus on cybersecurity, learning to code is good for general 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 12:01:41 PM
Cyber security
I agree, we are in shortage of Cyber security staff, this was not the case not long ago. These recent attacks scared people quite well.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 12:01:06 PM
Re: filmy religijne modlitwa o cud
What exacly are you refering to?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 12:00:08 PM
Re: Even w/o specific infosec education...
" fancy GUIs we have now"

Another good point. Even Linux is more GUI then not anymore. Things become easier of course.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 11:57:24 AM
Re: Even w/o specific infosec education...
"Even without a specific focus on cybersecurity, learning to code is good for general "

I agree. Coding provides more insight into security of the systems, they get better understanding what might be the problem.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2016 | 11:55:23 AM
Learn to code
 

Learn to code becomes popular among younger generation simply because we figured out to make it very simple to code and most people would like to build something and interact with it.
Page 1 / 2   >   >>
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11931
PUBLISHED: 2019-11-14
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prio...
CVE-2019-18980
PUBLISHED: 2019-11-14
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The o...
CVE-2019-17391
PUBLISHED: 2019-11-14
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and sec...
CVE-2019-18651
PUBLISHED: 2019-11-14
A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document to a user that the website trusts. The user needs to have ...
CVE-2019-18978
PUBLISHED: 2019-11-14
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.