Cybersecurity education and training is important in the cybersecurity workforce and provides students and recent graduates with information on how to find what path to take. Paths include formal education from universities and institutions that provide programs to better equip the student who desires to be a cybersecurity professional (e.g., bachelor’s, master’s and doctoral degrees) and cybersecurity training such as boot camps, certifications preps and certificate programs.
Cybersecurity as a field is constantly evolving, and cybersecurity professionals gain expertise over time with practice. However, it is no secret that cyberthreats are growing exponentially, and the field is behind talent-wise. According to CyberSeek, there are 319,720 job openings requesting cybersecurity-related skills, and employers are struggling to find workers who possess them. On average, cybersecurity roles take 21% longer to fill than other IT jobs. Reducing the gap starts with building professionals from the ground up within the academic space. As the world becomes more connected to technology than ever before, we must adapt to ensuring security is a top priority for every organization like never before.
As more cybersecurity programs are developed, there is a need to ensure all domains within security are covered and taught properly. Newly created cybersecurity programs now provide students with technical security skills, knowledge of business strategies and processes, and a clear understanding of the governance, risk management and regulatory compliance needs to be associated with cybersecurity. Cybersecurity programs teach students foundational skills to prepare them for the workforce. Students explore different operating systems and focus on programming languages and software development. They also learn various techniques and methods for testing computer system security. Students in some programs may be able to pursue management coursework to prepare for upper-level careers.
Education and certification credentials are important ways to break into the field as hiring managers are struggling to find potential candidates with a well-rounded body of work who have hands-on experience in the cybersecurity field. Hands-on cybersecurity experience remains the primary factor in determining whether a candidate is considered for an open position. Figure 1 provides a breakdown of example courses, concentrations and careers that can be followed for undergrad and graduate students during their cybersecurity program and after they graduate.
Figure 1—Cybersecurity Education
| Courses | Concentrations | Careers |
|---|---|---|
| • Cloud Security | • Software Development | • Information Security Analyst |
| • Introduction to Python | • Mobile App Technology | • Penetration Tester |
| • Ethical Hacking | • Computer Forensics and Vulnerability Management | • Forensic Computer Analyst |
| • Webpage Development | • Information Warfare and Security Management | • Security Architect |
| • Introduction to Operating Systems | • Cloud Security | • Security Project Manager |
| • Project Management | • Security Consultant | |
| • Chief Information Security Officer |
Cybersecurity certifications increase candidates’ expertise and some employers view it as a must-have to hire. The type of certificate depends on the role because different roles require different skills. While this is necessary, it has also led to a gap in how various cybersecurity roles compare across academia, government and the private sector. One way close this gap is using the US National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) Framework, which is a “reference taxonomy—that is, a common language—of the cybersecurity work and of the individuals who carry out that work.” The framework is designed for three main stakeholders:
- Academia can use the framework to create curriculum or training material aligned with specific work roles.
- Employers can use the framework to “measure, assess, and build their cybersecurity workforces.”
- Learners can use the framework to mature in a cybersecurity role, plan a move to a new cybersecurity role or help those who want a career change into cybersecurity.
Editor’s note: For further insights on this topic, read Fortune Onwuzuruike and Kenneth Myers’s recent Journal article, “Meeting the Demand for Zero Trust Talent,” ISACA Journal, volume 3, 2022. Find out more about ISACA’s Cybersecurity Fundamentals certificate here.
ISACA Journal turns 50 this year! Celebrate with us—and do not forget you can still receive the print copy by visiting your preference center and opting in!