What opportunities exist in the current cybersecurity education sector? How can cybersecurity training be improved? Myriam Dunn Cavelty has the answers. cybersecurity education
Cybersecurity training and education is evolving at a rapid pace, meeting the growing demands of a challenging and complex market.
Myriam Dunn Cavelty is the Deputy for Research and Teaching at the Center for Security Studies (CSS) and a senior lecturer for security politics at the Swiss Federal Institute of Technology in Zurich (ETH Zurich).
In addition to her research, teaching and publishing activities, Myriam advises governments, international institutions and companies in the areas of cybersecurity, cyber warfare, risk analysis, strategic foresight and critical infrastructure protection.
Myriam sat down with Careers in Cybersecurity to share her thoughts on the future of cybersecurity education and how it could evolve in the years to come.
Why is advanced education for cybersecurity professionals so important in today’s cyber climate?
There are several ways of becoming a “professional” in a field. One is to learn on the job (or even at home). Before cybersecurity became such a growth field, the pioneers were more or less self-taught and shaped the field through their practices.
However, the more one is immersed in operational activities, the less time one has to think and reflect – all the more true in today’s environment, where the threats have multiplied and the cyber infrastructure is constantly changing around us.
An advanced education (and the degree that comes with it) can do at least two things that go beyond this. On the one hand, it is an easy and transparent way for a potential employer to see what the basic abilities of a candidate are.
On the other, any advanced education offers a valuable space to pause, and think and reflect on what we consider necessary knowledge and the right way of doing things. Only if we have such spaces do we have a true opportunity to get better at what we are doing.
How do you think cybersecurity education will evolve in coming years as cyber threats develop?
I expect to see an increase in quantity: more dedicated courses on all levels, online and offline. I also expect more diversity in terms of the focal points of these programs, in addition to many technically focused courses on information security or information assurance.
The more computerized our lives get, the greater the need will be to understand not only the technical, but also the social, economic, political and cultural aspects of cyber interactions. I also think there will be more systematic thought on the national level, in the ministries of education around the world. People will ask: where should money be invested to get the cyber workforce that we need?
Where do you think cybersecurity education can improve? Are there any particular areas that you feel are under-taught or under-researched?
Many, actually. Of course, it depends on how exactly “cybersecurity education” is defined and where we draw the line. For example, basic computer science or programming.
In general, it would be great to see more dedication to security issues in the first place, and more awareness of the link between quick and often messy programming and security issues.
The real issue for me is the interdisciplinarity of cybersecurity. Even though everybody always readily agrees that interdisciplinarity is good and important, it’s never had it easy. Generalists do not make careers in research – it’s the specialists, the “super cracks” who do.
I think we need to find a middle way – create people who are good in at least two fields, like cyber forensic experts who know the technology and how law enforcement works, or cyber lawyers who know the legal side of things and how computers and the cyber space works.
What should cybersecurity students or professionals look for when investing in an advanced cyber security degree?
That depends on the general interests of the person and their careers goals. However, making big money is not everything in life; it can become pretty miserable if we get stuck in a job that we do not enjoy.
The good thing about cybersecurity is that it is a fast-growing and highly diverse field that allows for a bit of creativity. It enables us to carve out special niches for ourselves and what we enjoy. There is still room for being innovative and pioneering, for combining basic skills with that little extra we tend to call “thinking outside the box”. If you go for that advanced cybersecurity degree, go for the best mix of “need to know” and “nice to know”.
There is still room for being innovative and pioneering, for combining basic skills with that little extra we tend to call “thinking outside the box”. If you go for that advanced cybersecurity degree, go for the best mix of “need to know” and “nice to know”.
What vital skills should today’s cybersecurity students learn in the university classroom? What skill sets will be essential for cybersecurity professionals in five or 10 years time?
I think the most crucial skill is to be able to observe well and learn fast. To be able to adapt and be innovative.
We all know how quickly things are changing around us.
Basic programming skills are important, understanding how the cyber infrastructure works is important, but understanding how and why people interact with machines is also crucial and this will be how cyber threats evolve in the future.
What work are you doing to evolve the cybersecurity education field? Where do you hope to see this area evolving in coming years?
I hope to see education go hand in hand with research that is diverse and spans different disciplines. I hope to see education that allows people those “thinking spaces” that I mentioned above.
There is a growing tendency in many educational environments to focus just on basic skills. They are undoubtedly important, but they are not everything in a field that is so complex and dynamic.
Therefore, I try to teach people to think critically and to always question what we take for granted. I try to make people aware of the forces that shape this field and how to understand them – but also to speak the different languages of different communities in this field.
We need people who know “tech talk”, but who also know “CEO talk” or “military talk” too. That’s not easy – but it’s what makes cybersecurity so exciting.