banner

CS TRAINING FALLING SHORT OF DEMAND

Written by

CS TRAINING FALLING SHORT OF DEMAND

With the rising trend of threats to the cyber world, it is becoming far more challenging for the organizations to employ expertise of individuals who can equip their systems to fight cyber criminals. These malicious actors cause huge losses to the businesses and with state-sponsored hackers emerging as far bigger a menace, the need for skilled professionals in cybersecurity has never been felt more. Moreover, even developed countries, like United States, have not been able to educate, train and produce the required experts to fill the gap in this area.

A survey of IT decision-bigwigs recently carried out by Center for Strategic and International Studies (CSIS) across eight major countries came back with a finding that about 82% of employers face a dearth of human resources for cybersecurity, and 71% believe that this shortage has a straight and calculable bearing to their organizations. Data assessed from job postings suggest that the unoccupied cyber security jobs have grown by more than 50 percent since 2015, whereas, it is projected that by 2022, the global shortfall in cyber security workforce will be around 1.8 million vacant positions.

A survey of IT decision-bigwigs recently carried out by Center for Strategic and International Studies (CSIS) across eight major countries came back with a finding that about 82% of employers face a dearth of human resources for cybersecurity, and 71% believe that this shortage has a straight and calculable bearing to their organizations. Data assessed from job postings suggest that the unoccupied cyber security jobs have grown by more than 50 percent since 2015, whereas, it is projected that by 2022, the global shortfall in cyber security workforce will be around 1.8 million vacant positions.

There is shortage of personnel in almost every aspect of cyber security; but the most urgent and severe needs are highly-skilled technical staff who are able not only to operate and support security systems but also design such systems, write codes and develop modern tools that are required in this domain. At one time, the ratio of skilled and able security specialists available was 1,000 compared to a demand for

10,000 to 30,000. Over the years, the problem has continued to pose a challenge to IT managers who are of the view that cyber security professionals with skills such as writing secure software, detection intrusion or penetration and minimizing the effects of a cyber-attack are the ones most difficult to find. Organizations having mission-critical job roles, particularly, brave this situation where many experience deficiencies of skills in candidates for ‘vulnerability assessment analyst’ positions and for ‘cyber defense infrastructure support’ roles.

Employers today are in critical need for more cybersecurity professionals, but they do not want more compliance officers or cybersecurity policy planners. What organizations are truly desperate for are graduates who can design secure systems, create new tools for defense, and hunt down hidden vulnerabilities in software and networks.

CAN CYBERSECURITY GRADUATES DELIVER?

There is a serious need to assess whether education and training for cybersecurity being imparted equip the trainees for the array of highly capable technical roles. A recentreport suggests that “employers increasingly are concerned about the relevance of cybersecurity-related education programs in meeting the needs of their organizations”. It was found in another survey conducted by CSIS that only 23% of IT managers considered that education programs were sufficiently preparing students to work in this sector. A study carried out by a professional association determined that 61% of the employers are of the view that less than half of all candidates applying for cybersecurity positions are actually qualified for the job.

Cybersecurity practitioners say that organizations requiring to adopt these measures are not satisfied as they see the graduates of these programs as having limited practical exposure as well as an understanding of the basics of computing and information security. As such, many incumbents would need to undergo extensive on-the-job training before they can assume responsibilities. Moreover, cyber security graduates are often found lacking in essential soft skills like teamwork, communication and problem-solving. It is also frustrating that the overall cyber security education environment has not been able to develop industry-wide acceptable fundamental standards or rankings that can assist employers understand the relevance and effectiveness of the programs, certifications, and degrees. Traditional computer science programs do not educate their students in the basics of information security. According to a study, only 1 of the top 36 computer science programs in USA requires a

cybersecurity course for graduation, and 3 of the top 10 programs offered no cybersecurity classes at all. As a result, with little or no knowledge and exposure to the theories and practices, computer science graduates face considerable difficulties while entering the cybersecurity field.

MASTERING THE FUNDAMENTALS

Cybersecurity comprises of a wide range of diversified areas and roles. Therefore, no single program can cover and impart all the required knowledge and skills which may be specific for each employer or sector. Nevertheless, irrespective of the field or the specialty adopted, certain common fundamentals are essential for any new employee hired for a critical role. This includes a fair understanding of computer architecture, data structure, encryption techniques, networking tools and methods, secure coding principles, and operating systems, added with proficiency with Linux-based systems, fluency in lowlevel programming languages, and familiarity with common exploitation methods and mitigation techniques.

Many cybersecurity educational programs appear to lay too much emphasis on policy planning, compliance audits, and other matters instead of ‘on-the-ground’ approach to technical security parameters. The fact is that the tasks like penetration testing, secure system design, incident response, and tool developmentrepresent a far greatersecurity need for organizations. However, these tasks can only be performed by those having expertise in computing fundamentals and anin-depth understanding of how an organization’s information needs can be met.

REAL-WORLD EXPOSURE

The most frequent concern regarding cybersecurity education is that it is very theoretical and conceptcentric and, therefore, does not provide ample and much needed practical exposure to the students. As the students need to develop skill-sets on the job, the worth of a cybersecurity degree has begun to decline in the eyes of employers.Surveys routinely bring out the results which show hands-on experience is higher compared to all other factors while assessing the new recruits and that a 4-year degree does not adequately prepare students for cybersecurity jobs. As such, incorporation of hands-on learning in a live environment where students are exposed to realistic challenges is considered as one of the defining features setting apart leading cybersecurity education programs.

One way to cover this deficiency among cybersecurity graduates is to enhance the sphere of apprenticeship, internship, and work-study offerings for them. These arenas provide students with opportunities to apply in a real-life situation what they have been taught, enabling them to polish their practical skills in the process and giving a support to the theorybased components of their education. While these opportunities will act as valuable addition to the prevalent course outlines, there are also ways for instructors to alter their methods and integrate real world case studies directly within the curricula. Likewise, the cyber-ranges and cybersecurity competitions, are gaining acceptance among educators and trainers as a useful tool. These activitiesenable students to face the challenges in actual work atmosphere, letting them develop such skills and ability to work with other team members in fast and quickly-changingsituations.

SOFT SKILLS

Although imparting and enhancing technical capabilities in the students should be the main target of all learning and training programs for cyber security; this would not preclude students’need of developing the soft skills essential for working in any professional environment that can turn the technical skills worthwhile for the organizations. Businesses have stressed the presence of soft skills like communication, teamwork, decision making and problem-solving as critical merits for new hires. Surveys also show that employers regarded having soft skills an important trait when hiring cyber security personnel, and in some cases, considered it more important than the technical skills.

Since cyber security matters are mostly handled by a team of professionals, being a team-player becomes essential. Likewise, the ability of approaching a problem and looking for its solutions forms the basis of successful cyber security function, and many personnel face significant troubles in this area. Finally, the skill of writing or communicating to convey technical insights into a problem and its solutions or to formulate and implement relevant cybersecurity policies is critical to ensure smooth operations.

The inability of education and training institutes to nurture these skills causes an adverse impact on the utility of their graduates once they come into the practical world.The reality on the ground is that many young recruits passing from cyber security education programs do not possess these skills. Instructors can shift their teaching and assessment approaches to emphasize oral and written communication, for example, by adopting scenario-based assessments.

MODELS

In various researches and discussions involving leading professionals of cyber security, many related education and training programs were recognized as having aligned the design of workforce development initiatives with industry’s requirements. Using their models, certain practices and procedures can be standardized which may help other institutes to appropriately groom the students for cyber security careers.

CONCLUSION AND RECOMMENDATIONS

Locating and engaging the appropriately skilled workforce to secure an organization’s systems from cyber threats today has become an uphill challenge. While shortages are there in every aspect, there is huge demand for personnel who can handle high-caliber roles like designing secure systems, tool development, and penetration testing. So far, cyber security education and training has remained unable to suitably equip the students for these jobs. To enhance the quality of successful workforce, cyber security education standards should be beefed up to determine industry-wide minimum acceptable level of practices and procedures that can be incorporated in the training programs to help prepare students for a bright career in cyber security.

Article Categories:
Training Program

Leave a Reply

Your email address will not be published. Required fields are marked *

Go Back