How Do You Get Students to Think Like Criminals?

Written by Mitnick Security | Nov 14, 2018 12:00:00 AM

The skills needed for cybersecurity jobs aren’t easy to learn in the classroom.

Between September 2017 and August 2018, employers in the United States posted 313,735 job openings for cybersecurity professionals. Filling those jobs would mean increasing the country’s current cybersecurity work force of 715,000 people by more than 40 percent, according to data presented at the National Initiative for Cybersecurity Education Conference this month. With the number of unfilled cybersecurity jobs worldwide projected to multiply into the millions in the next three years, it’s no surprise that governments, companies and schools are racing to pour more resources into cybersecurity training and education programs.

As someone who teaches in a rapidly growing computing security program at the Rochester Institute of Technology, this is good news for me and my students. I think we are doing a good and responsible job of training our students, who will be snapped up by recruiters.

But I’ve watched as the field of cybersecurity has become formalized through a flurry of new degrees, certificates and curriculums, and I worry that some fundamental components of what make people really good at security — namely, the instincts to look at systems in unconventional ways and quickly identify possible ways to cause trouble — are being lost along the way.

The idea of degree programs focused solely on cybersecurity is still pretty new. At R.I.T., the bachelor’s degree in security was introduced in 2007, and the dedicated Computing Security department wasn’t formed until 2012. That means we haven’t had a lot of time to debug these programs, especially since, in academic settings, every significant curricular change typically requires several meetings followed by extensive paperwork and committee approval.

The field is so new that nearly every cybersecurity professional over the age of 30 does not have a degree in cybersecurity — many of them don’t even have degrees in computer science, and several don’t have college degrees at all.

Cybersecurity has long been a field that embraced people with nontraditional backgrounds. Following the Equifax breach last year, some critics slammed the company for hiring a chief security officer who majored in music, prompting a considerable backlash from security professionals who took to Twitter to flash their own liberal arts degrees or lack of formal education.

The poster child for the unconventional path to a cybersecurity job is Kevin Mitnick, who was convicted of illegal computer hacking and spent five years in prison before establishing a career as a highly sought after security consultant.

It’s not a coincidence...

To read the full article, and to access many more fascinating news items, please refer to the source.

Source: The New York Times