A recent article over at Computer World suggested that the best way to create new infosec talent for the burgeoning security field may not necessarily be to push students through budding cyber security degree programs. Depending on the situation I feel this assertion may or may not be valid.
Two potential options managers often contemplate include either investing in current employees or hiring new cyber security degree holders. I think cross-training existing employees who have traditional degrees, a few years of experience and expertise in specific IT skills sets can improve security more due to their familiarity with the technology they are securing. On the other hand, hiring green graduates who are curious and think outside the box can stimulate new innovative security approaches for the organization.
So unfortunately in the end it’s still a toss up in my opinion … and once again it depends on the type of positions you are trying to fill.
We’re hearing that the best way to deal with the shortage of cybersecurity professionals is to funnel students into cybersecurity degree programs.
And while we’re at it, let’s address the problem of all those hackers who are thinking outside of the box by recruiting them for these degree programs.
Unfortunately, the logic of these statements is about a micron thick.
Let’s look at those cybersecurity degree programs first. In no other computing discipline do you have a specialized degree program. You do not earn a bachelor’s degree specifically in software engineering, computer graphics, artificial intelligence, database management, systems administration, Web applications programming or project management. Why should there be a bachelor’s degree specific to cybersecurity? (And please note that I am talking about undergraduate cybersecurity programs, not graduate-level programs.)
There shouldn’t be. Security professionals need to function in a variety of disciplines. They can be called upon to evaluate software for security vulnerabilities, to determine whether a user interface is suffering from information leakage, to design secure databases, to secure operating systems, to assess and shore up the security of websites, to incorporate security requirements into new developments and so on. The person you ask to do all of those things needs to be well rounded. But a cybersecurity degree program offers many security classes at the expense of classes that would normally be required to get a general degree in computer science or information systems.
Please let us know what’s your take on this topic? Today’s post image is from Csaho.com