This feature first appeared in the Fall 2018 issue of Certification Magazine. Click here to get your own print or digital copy.
Equifax, Yahoo!, the National Security Agency, Verizon, the U.S. Department of Defense, Home Depot, Target, Edmodo, VeriFone, eBay, TJX Companies, Uber, JPMorgan Chase, Sony PlayStation, Jimmy John’s — what do these companies and organizations, along with countless others, have in common? They have all been the victim of at least one devastating cyberattack.
Attackers take action for a variety of reasons, including political, economic, and sociocultural motives. Often they act out of just plain meanness. Whatever drives them, they all contribute to the 21st-century battle for digital information. As the onslaught of cybersecurity-related headlines makes clear, it’s a running battle with no end in sight.
In January, I attended a conference and spoke with a representative of one of the nation’s 10 largest school districts. This individual told me how difficult it was keeping up with the number of attempts to hack the school network. The attacks originated from points near and far, often for surprising reasons.
For example, if you’re a student, and you’re not ready to submit an assignment or take an online standardized test, $10 bucks can get you off the hook. For a mere 1,000 pennies, you can hire someone in a remote location to instigate a DDoS attack. All you need is a credit card — or an account with Venmo or PayPal — and the address of the website you want jammed.
At another conference I learned about the need for dentists to add an IT professional to their staffs. Why, you might ask, other than perhaps to set up a simple office network and provide occasional system maintenance? Better security is the answer. Dentists need to protect all of their medical records, billing information, and other private data from opportunistic hackers looking for an easy target.
Tech needs YOU — to study cybersecurity
The National Institute for Cybersecurity Education (NICE) estimates that there will be a deficit of between 2 million and 3 million cybersecurity professionals in the next two years. That covers a wide range of job roles, and a lot of the actual positions have yet to be created.
Fortunately, industry is beginning to recognize the need to recruit and train a new army of skilled security personnel. All it takes to rally support from corporate leadership is a single eye-opening breach. The often staggering financial cost of remediation, as well as the more nebulous damage incurred through loss of reputation, can be a heavy burden indeed.
Most experts agree: The question is not whether a given company or institution will be hacked, but when. Cybercrimes already cost the global economy more than $450 billion a year. Clearly, our modern world needs more cybersecurity professionals, and we need them yesterday.
Even if you aren’t planning on a career in information security, the foundational knowledge of networks and data protection gained through basic cybersecurity training can be an important asset to any organization. Even employees who don’t directly install protective measures or engage with hackers need to know how to handle sensitive data and keep systems secure.
Educator-led initiatives are making a difference
Several states are leading the way in the effort to increase awareness of the need for cybersecurity education in both the private and public sectors. South Carolina created SC Cyber as a statewide initiative through the University of South Carolina. The goal of SC Cyber is to create partnerships with academia, industry, and government.
This collaborative effort across institutions began in 2014 and continues to promote increased educational opportunities, as well as create threat awareness among industry and government. SC Cyber is also identifying new technologies that can help in the ongoing battle and, perhaps most importantly, fostering collaboration and information sharing across the various sectors.
In Michigan, cybersecurity education and cybersecurity educators are being pushed to the forefront as well. The Michigan Initiative for Cybersecurity Education (MICE) has been the brainchild of Dennis Klaas, Patrick Schultz, and Carlos Garcia. These three educators saw in both secondary and post-secondary environments the need to open educational pathways to more students and teachers.
The goal of MICE is to provide and promote, to interested institutions, the necessary curriculum and resources to not only train students, but train educators to be able to teach cybersecurity. This “train the trainer” approach has been critical to the success of MICE and is needed elsewhere: The ever-increasing demand for cybersecurity experts is creating a severe lack of qualified instructors.
Many skilled cybersecurity teachers have found the private sector more lucrative than the educational field. The MICE initiative aims to encourage current business educators to be cross-trained in cybersecurity and play an integral role in training tomorrow’s cyberwarriors.
Patrick Schultz says about the efforts of MICE, “MICE is a platform that is developed for K-12 educators. The initiative specializes in training teachers how to incorporate cybersecurity concepts into their current course offerings and focuses on preparing students for the workforce directly out of high school.
“The MICE learning management system utilizes TestOut’s complete library, combined with curriculum from Microsoft, Cisco Networking Academy, and EC-Council, to provide virtual hands-on simulations, teacher resources, state/national aligned standards, and industry standard certification preparation to all students — even those in remote rural areas — interested in learning more about the cybersecurity industry.”
(You can learn more about the MICE initiative, including how your state or school can benefit from it, at www.micek12.com.)
In Florida, Thomas Thoss has worked hard to implement the necessary IT pathways for Orange County Public Schools in Orlando, Fla. Thomas, who helped write the frameworks for some of the IT curriculum used in his state, has implemented programs at both high schools and technical colleges run by the district to accelerate students through cybersecurity training and other IT pathways.
In Thoss’ words, “The field of cybersecurity is growing, and is in desperate need of trained, qualified technicians. We ensure that all of our students receive the hands-on training needed to be successful.”
The lab at Orange Technical College provides a glimpse of the progress being made. The training happening at OTC is both cutting-edge and geared toward ensuring student success.
One of the pathways Thoss advocates is working toward multiple industry certifications from CompTIA and TestOut. These foundational certifications allow students to advance to higher-level certifications like Certified Ethical Hacker (CEH) from EC-Council.
There are indications everywhere of the booming interest in skilled cybersecurity professionals. The Certification Magazine Salary Survey offers ample (and recurring) evidence of the potential earning power available to those who get certified and pursue a career in cybersecurity. And the CompTIA-affiliated job search site CyberSeek offers a great deal of state-specific insight into the number of open cybersecurity jobs.
In speaking about the need for skilled technicians, Thoss said, “With the increase in automation, electronics integration, IOT, and other technologies being integrated into every part of our lives, the need for quality certified cybersecurity specialists is becoming more important.
“This field is dangerously understaffed and the only way to fill the employment gap is to offer strong educational programs that focus on hands-on training.”
Anyone with IT aspirations who is looking for a career path with higher-than-average pay and job security, need look no further than the cybersecurity field. There are more opportunities to get cybersecurity education and training than ever before. Find one that suits your schedule and start preparing to join the crucial struggle to secure and protect our digital frontiers.