High-profile hacks and the addition of nonstop revelations about the NSA to the news cycle are adding to a growing recognition of the importance of securing IT assets. This is nothing new for IT leaders, but what is new is the increased desire for security information in C-suites and boardrooms. The technical ability to manage security and the ability to convey related information to the business side are at a premium.
For years, CIOs have bemoaned a lack of highly qualified talent in security. In a 2012 IT skills gap study, CompTIA Inc. found security ranked first among the year's IT priorities and cybersecurity expertise was the most sought-after information-related skill at enterprise and midmarket-size companies. In the same survey, 40% of respondents expressed concern they wouldn't find the skilled security workers they needed.
As in other areas of IT, there are those [in cybersecurity] who excel technically but can't communicate well and those who are better communicators who may not be as strong with hard skills.
adjunct professor, Sacred Heart University
Now the call for more comprehensive cybersecurity training is being heeded by colleges and universities offering advanced degrees that marry nitty-gritty skills with communication acumen.
Schools including Johns Hopkins University, George Mason University and The George Washington University began offering master's degrees in cybersecurity during the last few years and more institutions are entering the picture.
Domenick Pinto, associate professor and chair of the university's department of computer science and information technology said proliferation of cybersecurity stories in the headlines has piqued interest in the subject, but the program is not a knee-jerk response to a hot topic. Those headlines are just the tip of the iceberg of a vast underlying need.
Sacred Heart has offered graduate-level cybersecurity training courses for the past five years that comprised a certification program. But Pinto said the need to go deeper was evident, leading him and his colleagues to begin putting together the full degree program two years ago.
"There's been a lot of interest in those courses because of the job opportunities out there and because it's such an emerging field," Pinto said. "There aren't a lot of schools that have a full master's in cybersecurity, so we feel we're filling a need."
Shortage of security talent
"There's a talent gap right now. I've seen it from experience. There are folks who are really experts and folks who are more junior, and the need right now is in that middle area. It's pervasive throughout the industry," said Greg Kyrytschenko, an adjunct professor at Sacred Heart and co-director of the program. "And there's a lot of specialized training but nothing that really puts all that training together." Kyrytschenko has worked in cybersecurity for 13 years dealing in security management and security architecture.
Sacred Heart's program, he said aims to provide enough breadth and depth to allow students to specialize in a particular area or serve as generalists. Partnerships with vendors, reviews of case studies and current events will keep the content relevant, said Kyrytschenko.
Read more about cybersecurity
Mitigating cybersecurity threats
Filling IT skills gap a top concern for midmarket CIOs
Tips for managing mobile device security
Those technical aspects of cybersecurity training will be complemented with soft skills instruction, including a class on security management that seeks to prepare students to speak the language of the C-suite and the boardroom to appropriately convey information. This is vital, Kyrytschenko said, not only to keep executives -- including the CIO -- informed but to do so in a way that helps them understand the need to adequately fund security. As is often noted in other areas of IT, he said there are those who excel technically but can't communicate well and those who are better communicators who may not be as strong with hard skills.
"We want to bridge that that gap," Kyrytschenko said. "Communication in the security space is absolutely critical. When time is of the essence, you want to make sure people are prepared to make the decisions they need to make."
This was first published in June 2013