CERIAS: Some thoughts on “cybersecurity” professionalization and education
Relates to the issue of when an employee needs college, and when they don’t. For Cybersecurity, they do. Relates to the growing needs in cybersecurity in the UK and in the US.
Too many (current) educational programs stress only the technology — and many others include significant technology training components — because of pressure by outside entities, rather than a full spectrum of education and skills. We have a real shortage of people who have any significant insight into the scope of application of policy, management, law, economics, psychology and the like to cybersecurity, although arguably, those are some of the problems most obvious to those who have the long view. (BTW, that is why CERIAS was founded 15 years including faculty in nearly 20 academic departments: “cybersecurity” is not solely a technology issue; this has been recognized by several other universities that are treating it more holistically.) These other skill areas often require deeper education and repetition of exercises involving abstract thought. It seems that not as many people are naturally capable of mastering these skills. The primary means we use to designate mastery is through postsecondary degrees, although their exact meaning does vary based on the granting institution.