Addressing the Discrepancies in Cyber Security Education to Tackle the Skills Shortage.
In a world grappling with an acute shortage of cybersecurity professionals, the question arises: Are we teaching cybersecurity correctly? The mismatch between the expectations of students, academia, and businesses has sparked a debate on the most effective approach to cybersecurity education.
Navigating the Skills Shortage Challenge
The demand for cybersecurity experts far exceeds the current supply, creating an urgent need to bridge the skills gap. A recent World Economic Forum report highlighted the escalating demand for expertise in encryption and cybersecurity. The focus on cybersecurity, however, extends beyond industry demands, driven by governments recognising its critical role in national security.
Perception Predicament: Education, Business, and Students
The perception of cybersecurity, often influenced by media portrayals, contributes to the challenges in education. Students may harbour unrealistic notions, while businesses seek returns on investment and comprehensive solutions to complex security issues. The academic side grapples with the multifaceted nature of cybersecurity, encompassing not only technical aspects but also legal, regulatory, and human factors.
Divergent Perspectives: What to Teach?
The core challenge lies in determining the curriculum. Should cybersecurity education cover the intricacies of laws and regulations, risk analysis, and human factors, or should these be taught by law and business schools? The trilemma of education, business, and student expectations complicates the formulation of a unified approach.
Teaching Policy: A Potential Solution?
One proposed solution is to begin with policy, introducing standards like ISO/IEC 27001 and Cyber Essentials Plus. While aligning with business needs and providing a starting point for academia, the question remains whether this approach engages students who are often drawn to the dramatised portrayals of cybersecurity in popular media.
Defining the Curriculum: A Multifaceted Challenge
Defining what should be taught in cybersecurity is akin to navigating a labyrinth. A plethora of frameworks and certifications further complicates the landscape. The Cyber Security Body of Knowledge (CyBoK), with its 21 knowledge areas, attempts to structure the diverse facets of cybersecurity. However, balancing depth and breadth remains an intricate task, especially when considering industrial certifications and the perceived value of university degrees.
A Call for Focused Dialogue and Collaboration
To overcome these challenges, a more focused dialogue is essential. Collaboration with businesses could pave the way for the creation of degree titles and content that align with industry needs. Additionally, the integration of cybersecurity into traditional subjects, such as Human Resources or organisational behaviour, could broaden the knowledge base and make cybersecurity education more appealing to a diverse range of students and businesses.
A Transdisciplinary Approach: Filling the Cybersecurity Void
As technology permeates every aspect of our lives, the question arises: Shouldn't cybersecurity be integrated into every degree? A degree in Human Resources or organisational behaviour could incorporate modules addressing the human, organisational, and regulatory aspects of cybersecurity. This transdisciplinary approach may present a viable solution to the cybersecurity skills shortage, allowing practitioners from various specialisms to contribute to cybersecurity through a nuanced understanding of the CyBok framework.
In addressing the complexities of cybersecurity education, a collaborative and adaptive approach emerges as the key to unlocking the potential of future cybersecurity professionals.
A message from our sponsors, The Ideas Distillery:
If you would like to look at how to implement an ISO 27001 information security management system, then simply contact us.
Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).
Comments