Let's scuttle cybersecurity bachelor's degree programs
It may sound counterintuitive, but the way to increase the number of cybersecurity professionals is not to start granting degrees in cybersecurity
Computerworld - I suppose it sounds logical.
And while we're at it, let's address the problem of all those hackers who are thinking outside of the box by recruiting them for these degree programs.
Unfortunately, the logic of these statements is about a micron thick.
Let's look at those cybersecurity degree programs first. In no other computing discipline do you have a specialized degree program. You do not earn a bachelor's degree specifically in software engineering, computer graphics, artificial intelligence, database management, systems administration, Web applications programming or project management. Why should there be a bachelor's degree specific to cybersecurity? (And please note that I am talking about undergraduate cybersecurity programs, not graduate-level programs.)
There shouldn't be. Security professionals need to function in a variety of disciplines. They can be called upon to evaluate software for security vulnerabilities, to determine whether a user interface is suffering from information leakage, to design secure databases, to secure operating systems, to assess and shore up the security of websites, to incorporate security requirements into new developments and so on. The person you ask to do all of those things needs to be well rounded. But a cybersecurity degree program offers many security classes at the expense of classes that would normally be required to get a general degree in computer science or information systems.
With exceptions like architecture and nursing, bachelor's degree programs are not intended to be trade schools. The best college degrees strive to help people have a broad understanding of not just their field, but culture in general. Personally, the skills that have helped me most in the cybersecurity field did not come from computer courses, but from the mandatory writing and business classes I took, which taught me to be a better communicator and how to determine what was valuable to decision-makers.
To paraphrase Jim Rohn, the value of going to college is not in the degree you are awarded, but in what you had to become to earn that degree.
My feelings about cybersecurity degree programs isn't bias of the "that's not how it was done in my day" variety. I sincerely believe that cybersecurity degree programs are producing graduates inadequately prepared for the positions they believe they are training for, and quite possibly compromised in their ability to get any job at all.
Consider the National Security Agency, a promoter of the cybersecurity degree movement and a highly coveted employer in the field. The NSA designates some cybersecurity degree programs as Centers of Excellence in Information Assurance Education. So, the graduates of those programs should have no problem getting hired by the NSA in a cybersecurity capacity, right? Well, maybe not. Take a look at the NSA's cybersecurity professional development program. It wants people with strong programming skills. But many cybersecurity undergraduate programs do not offer any programming coursework. It's been cut out to make room for more classes in things like writing security policies.
More by Ira Winkler
- Ira Winkler: My run-in with the Syrian Electronic Army
- A simple cure for the cybersecurity skills shortage
- Ira Winkler: 6 failures that led to Target hack
- Ira Winkler: The RSA Conference boycott is nonsense
- Electronic privacy? There's no such thing
- Guys, stop creeping out women at tech events
- Ira Winkler: Stupid users, or stupid infosec?
- We're missing out on the value of security awareness
- Are your security professionals qualified?
- Ira Winkler: Press falls short in reporting on chip hack
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!