The Cybersecurity Gap: How Higher Education Can Help Outwit Cyber AttackersGale Tenen Spak | Associate Vice President for Continuing and Distance Learning (Retired), New Jersey Institute of Technology
As one decade has come to an end, confusion reigns about the impact of the many technology inventions that almost imperceptibly have been thrust upon us. In a multiplicity of ways, the breakthroughs of the last decade have come to affect all walks of our lives, including how, what and from where adult learners acquire new skills for jobs with legs for the future.
Predictions abound of the new technologies likely to explode between 2020 and 2030—artificial intelligence, blockchain, drones, autonomous vehicles, robotics, virtual reality, quantum computing, 5G, voice assistance and green technologies to name just a few.
These will lead to many new, “hybrid” and high-paying employment positions in every industry sector ranging from Finance, IT, Government, Professional Services, Energy, Manufacturing, Telecommunications, Retail, Healthcare, Biotech and Aerospace. To give just two examples of new positions that have spilled over from the end of the last decade, retailers now seek “transactions enablers” versus salespeople, and Continuing Professional Organizations (CPOs) are hiring “student success managers” to interact on a personal level with adult learners about non-academic matters through high-tech/high-touch means.
Programs that help learners acquire competencies for these IT-infused jobs will surely become part of the core of many CPOs training offerings over the next 10 years. Indeed, there will be no lack of new subjects for CPOs to teach job-seeking and incumbent working learners going forward. But might there be one category of CPO programming that is equivalent to what is known in the tech industry as a “killer app?” And could this category contribute to overcoming the lack of diversity within the IT field which pervades in higher education and industry?
A killer app is any single computer program that is so necessary or desirable that it assures the success of the technology with which it is associated. It also assures the profitability of the organization which created the tool or app. For example, in the late 1970s, the VisiCalc spreadsheet was the killer app for the Apple II, providing reason enough to purchase the hardware. VisiCalc was followed by Lotus 1-2-3 and Excel for the IBM PC. In the 2010s, Amazon Web Services (AWS) would be an apt example. Not surprisingly. CPOs across the country began to instruct learners in the skills required by and opportunities associated with each new killer app. And just like the bottom line of companies like Apple, IBM and Amazon swelled because they had the killer app du jour, so too did the bottom line of CPOs whose course offerings were on point.
As 2020 dawns, and indulging in optimism which is a natural response to a new era, let’s posit that our new Internet-of-Things way of life will yield positive societal changes which improve our health, save our climate, and renew our energy and water supplies. Letting optimism play loose, can it also be predicted that there will be technology-endowed ways to new-, re- and upskill our workforce for jobs whose salaries go far to mediate the endemic income inequities that have become more pronounced in America in the last decade?
Yet the other side of the coin must be addressed as well. If the experiences of the last decade have proven anything, it is that optimism for technological-wrought benefits can be undone by cyber attacks and abuses directed to countries, within industries and governments and on individual freedoms and privacy. That is, good changes can be subverted by cybersecurity attacks (and the injurious ones made worse). For example, over the course of the next two years, it is predicted that the cost of cybercrime will grow to an excess of $6 billion. Governments, businesses and individuals alike will find themselves the victims of advanced cyber attacks as bad actors develop new network infiltration and data processing methods.
New public policies, research, inventions, and tech companies’ self- and legislated-regulation are needed to address this challenge with salient discussions of each of these measures already underway but occurring largely outside the academy. It is higher education which poignantly has come to understand that its central role—and maybe the most important of all the defensive measures—is to ensure the emergence of an adequate corps of people, properly trained in cybersecurity, to maximize the potential and minimize the threat that technology can hold in the next 10 years. If the cybersecurity professional deficit persists, cyber criminals will perfect their techniques and tools concurrently and build upon the global fear of the cyber crimes to come. There simply are not enough cybersecurity specialists with the knowledge and experience needed to combat ever-evolving cybersecurity threats. Experts state that over 1 million unfilled positions currently exist in the cybersecurity field worldwide and estimate that this number will grow to 3.5 million by 2021.
Could this context become the first test of CPO’s mettle in the new decade where the mantra of lifelong and continuous learning appears to be taking hold and where there is a clarion call for more cybersecurity professionals from diverse backgrounds? Indeed, some, but not nearly enough, programs have begun to address this deficit and are available from for-profit training and MOOC companies, employers, and both academic degrees and CPO non-credit training units of colleges and universities. And fortunately, new tools and sources which compile these offerings have emerged and include commentary about quality to ease learners’ task in locating viable programs (for example: Cyber Degrees, Court Report and SwitchUp).
Of special pertinence here are the cybersecurity programs originating from the academy. Without doubt, academic degree programs eventually will produce a new generation of talent for this field and their development follows both internal and external accrediting commissions guidelines for quality and outcomes. But the process takes years and the need is now. The development is unusually costly and despite genuine efforts, it has been less than successful in attracting and retaining diverse student bodies for this discipline. Often too, potentially capable candidates are denied entry because their academic records do not meet college admissions requirements even during this era when companies like IBM have announced that many of their IT jobs do not require undergraduates’ degrees and Amazon is internally re-training one-third of its workforce for tech jobs including those in cybersecurity without regard for whether employees have finished college.
Moreover, if recent trends are correct, “tech trashing” is becoming a phenomena among college graduates. Graduates with IT backgrounds, which are the prerequisite for high-level cybersecurity work, can afford to be choosy about job offers; and, if recent reports prove true, some have begun to pass aside Silicon Valley’s most lucrative positions for jobs without so many associated ethical quandaries. This resembles how college graduates fled Wall Street jobs after the financial meltdown in the first decade of the 21st century for more principled work elsewhere.
The situation however is different for the ability of CPOs to respond to the need to produce a large corps of high-quality cybersecurity experts and in rapid order, and in so doing also attract learners from all ranks of life. Short courses, linked together in sequence or “stacked up” are the hallmark of most CPO programming and are particularly germane to the topics which fall within the category of cybersecurity. Further, despite myths to the contrary, the jobs within the cybersecurity domain range from entry- to advanced-level as titles like the following readily suggest: Network Operations Center Technicians, Cybersecurity Crime Investigators, Network Security Defenders, Cybersecurity Analysts and Cybersecurity Specialists.
CPOs are perfectly fine with populating the ranks of their classes with men and women from diverse backgrounds, given that IT non-credit programs have always been able to accept learners from all walks of life with varying levels of education. This means entry into this field is possible for people who historically have held low-paying jobs, including those from under-represented groups. Existing on a continuum from foundational to advanced, cybersecurity training courses mounted by CPOs may yield the unanticipated benefit of being able to address the challenge of lifting the lives and prospects of low-wage workers and providing this segment of American society with a financial safety net. This augers a future cybersecurity workforce that is diverse and can bring unique perspectives to solving complex problems, with the necessary creativity needed to outwit hackers.
One caveat pertains. Arguably and in general, the quality of non-credit programs and classes has not been as rigorously assessed by internal and external agencies as is routine for academic programs. If the deficit of talent in the cybersecurity domain is to be overcome, it is incumbent on CPOs to develop programs in this field that meet the highest standards for content, delivery, learner centrality and concurrence with specific industry demands. Commonly accepted guardrails that can make this so include taking care during the program development and offering stages to:
- Obtain and produce transparent and quantitative data that learners have mastered the competences
- Update curricula regularly
- Integrate project-based exercises in the curricula regardless if mode of delivery is in-class, hybrid or online
- Engage only credentialed and vetted instructors
- Provide learners with wraparound services in situ through Student Success Managers and counseling
- Award industry-valued credentials to learners directly and/or in the university’s name
- Assist learners with finding real employment
- Design curricula so it is stackable as a means to move learners from entry to more advanced knowledge and skills
- Help learners take advantage of innovative opportunities to pay the tuition since rarely is there any financial support for non-credit learning
A tall order indeed, but one that resilient and inventive CPOs have always been able to meet.
CPOs who embark on this initiative may go a long way to ensure their own financial health, as is the pattern with killer apps. As as the lifelong and continuous learning imperative grows in the next decade, CPOs can use cybersecurity programming to become more pivotal to the success of their institution’s economic and community development strategies. By so doing, CPOs will also be seen as prime mover to produce the next and diverse generation of cybersecurity professionals for the nation. With the need so vast, immediate and continuing, it is not so farfetched to envision cybersecurity training as CPOs’ killer app program in the coming decade.
Author Perspective: Administrator