Security Education: 3 InnovatorsHow Schools Are Creating a Pipeline of Qualified InfoSec Pros
With the demand for cybersecurity professionals at an all-time high, and the need for better preparedness and incident response training crucial, a growing number of higher education institutions are implementing groundbreaking programs.
For example, educators at the University of Tulsa, Mississippi State University and Prince George's Community College, all of which have been named National Centers of Academic Excellence in Information Assurance Education by the National Security Agency, have devised ways to respond to this skills gap.
Following are summaries of these institution's ongoing efforts.
University of Tulsa:
Focus on Government Service
Students enrolled in University of Tulsa's Cyber Corps program must commit to building a career in federal government service. In return, they get the opportunity to work on active criminal investigations alongside law enforcement and top government agencies.
Sujeet Shenoi, a computer science professor, believes that hands-on work is the key to a good cybersecurity education. He says of students in the school's Cyber Corps program: "They make a promise to serve the country, and I make a promise to give them the best education."
Tulsa's program only accepts 30 to 40 students out of the up to 1,500 who apply each year and commit to working for the government. Agencies, including the National Security Agency, Central Intelligence Agency, and Department of Homeland Security, plus some Fortune 500 companies, provide the students with hands-on experience.
"I want my students to be a mix of half Jesus and half Einstein. [For the Jesus part], they have to be completely trusted. Frequently, politicians ask me how I am so sure I am not going to create an [Edward] Snowden. I look at their whole life and get a full picture; I interview them and their family. The Einstein part of it is, I want them to solve problems on their feet when they are stressed, and a lot of our courses make that happen."
About 35 percent of students in the program are women, and 10 to 15 percent are veterans.
The University of Tulsa offers an entire course where students work on protecting a critical infrastructure asset, whether it's a 20-mile long pipeline or a city's power grid. Cyber Corps students also work on active investigations with local law enforcement; they even helped to crack a triple homicide case in 2011 by using electronic evidence, Shenoi says.
"To solve problems, we have to work on real cases," he says. "You can't do real science with fake blood. That means, to investigate a cybercrime, you can't have a fake crime, you want a real one."
Mississippi State University:
A Multi-Disciplinary Approach
In Mississippi State's computer science department, no cybersecurity major is offered. Instead, students pursuing degrees in electrical or industrial engineering, computer science, and other tracks can earn a cybersecurity certificate, giving them a well-rounded skill set so they can better respond to a variety of challenges.
Cybersecurity is bigger than one discipline can solve, says David Dampier, Director, Center for Computer Security Research, Mississippi State University. "You need people who can write software securely, build computer components, [and understand] electrical engineering," he says.
That's why the university offers a certificate in information assurance rather than a bachelor's degree in cybersecurity. Students majoring in engineering or computer science gain a well-rounded skill set that's augmented by their studies for the certificate.
Dampier also works to increase the number of women in his program, running summer camps for high school students to get them interested in the field. When the program started, women comprised only 8 percent of students enrolled in the information assurance program; today, more than half of participants are women.
Mississippi State's program also covers ethical hacking. "I was in the Army my whole career, and we were taught that the best defense is a good offense," Dampier says. "You can't really understand how to defend until you know how the enemy is going to attack."
Prince George's Community College:
Outreach to Younger Students
To build a pipeline of students interested in pursuing careers in cybersecurity, Prince George's Community College in Largo, Md., is using a federal grant to support its National Cyberwatch Center, an outreach program to high schools and even elementary schools.
The college offers summer camps and after-school programs; a yearly conference on cyber-ethics, cybersafety and cybersecurity awareness; IT workshops; and workshops for school counselors, says Michael Burt, a professor of information and engineering technology.
The community college offers a two-year cybersecurity program, leading to an associate's degree. But some infosec professionals who already have advanced degrees take courses at the school to gain new skills or prepare for certifications, Burt says.
The college works with local companies to develop virtual labs where students can experiment with ethical hacks as well as defenses. "Students can create malware, protect themselves from the attack, crack passwords - all the things an individual in this field needs in their toolbox," Burt says.