Abstract
The need for cybersecurity professionals extends across government and private industries. Estimates place the shortage of cybersecurity professionals at 1.8 million by 2022. This chapter provides aspiring cybersecurity students a clear understanding of the various educational pathways they can choose to achieve their goals. The authors describe educational categories and include an assessment of each that students will want to consider based on their own situation. The authors discuss how the study of cybersecurity can be accomplished from a computer science, engineering, and business perspective. Students with STEM skills can accomplish their goals in numerous cybersecurity roles including cyber engineer, architect, and other technical roles. Finally, students with cyber business interest can accomplish their goals with a focus on strategy, compliance, awareness, and others. Organizations need employees with all these skills. This chapter concludes with the recommendation for continual learning, the value of networking, and the encouragement for students to start creating a cyber career.
TopBackground
Creation of the Study of Cybersecurity Education
In May 1988 the Presidential Decision Directive 63 (PDD 63), within the Clinton Administration, created the Policy on Critical Infrastructure Protection and the initial development of the Centers of Academic Excellence in Information Assurance (IA) Education (CAE-IAE) Program. The CAE program was initially developed by the National Security Agency (NSA) in 1998 and in 2004 the Department of Homeland security joined as a partner. “The goal of the program is to reduce vulnerability in our national information infrastructure by promoting higher education in cyber defense and producing professionals with cyber defense expertise for the nation” (National Centers of Academic Excellence in Cyber Defense, 2016).
In 2008, the CAE in IA research was added to encourage doctoral research in cybersecurity. In 2010, Two-year institutions, technical schools, and government training centers were added (National Centers of Academic Excellence in Cyber Defense, 2016). In 2016, the CAE-Cyber Operations designation was announced and in 2017 it restructured to have two designation programs. The CAE-Cyber Operations Fundamental and the CAE-Cyber Operations Advanced (CAE-Cyber Operations Announcements, 2017). To date, there are over 200 colleges and universities designated as CAEs that develop and train individuals with cybersecurity responsibilities within the government and private industries (National Centers of Academic Excellence in Cyber Defense, 2016).
Key Terms in this Chapter
Information Assurance: The process of protecting information assets and information. This term is still widely used in the public sector but has been replaced with cyber security in most of the private sector.
H1B: H1B is a type of work visa defined under the Immigration and Nationality Act which allows foreign nationals with specialty skills to work in the U.S. There are many job categories that fall under this program including engineering, software development, and information technology.
Science, Technology, Engineering, and Math (STEM): STEM is education based in the specific disciplines of science, technology, engineering, and math.
Assessment: An assessment is a methodical evaluation of processes and/or controls to determine whether they are functioning as intended. Assessments may be driven by industry requirements such as the payment card data security standard (PCI-DSS) or may be performed as part of a well-managed security program.
Cybersecurity: Includes process, procedures, technologies, and controls designed to protect systems, networks, and data.
National Institute for Standards and Technology (NIST): Organization within the U.S. Department of Commerce. NIST promotes U.S. innovation, standards, and technology that enhances economic security.
Vulnerability: A vulnerability is any weakness in a product, process or system which could potentially be exploited to reduce the security or function of that product, process, or system.
National Initiative for Cybersecurity Education (NICE): NICE promotes nationwide initiatives to increase the number of people with knowledge, skills, and abilities to perform the tasks required to perform cybersecurity responsibilities.
Governance (GRC): Governance is the process of managing through the use of controls which can include policies, procedures and other management tools. Governance is the “G” in GRC with “R” being risk and “C” being compliance. These three functions of management are designed to improve oversight and coordination in larger and diverse organizations. GRC requires significant involvement by many departments and is often facilitated by complex implementations of software tools.
Health Insurance Portability and Accountability Act (HITECH): There are several security implications to this federal regulation most of which relate to the security rule provisions which require the protection of electronic health records.
Cybersecurity Framework: Risk based approach to managing cybersecurity risk. This framework includes the framework core, implementation tiers, and profiles.
Risk Management: Ongoing process of identifying, assessing, prioritizing, and reducing risk.
Health Information Technology for Economic and Clinical Act (HITECH): Provides additional economic incentives to move the health care industry toward electronic records including enhanced requirements for privacy and data protection.