Colleges, firms tackle talent shortages
Efforts ramped up to bridge the gap of cybersecurity sector’s needs
Chinese university courses are starting to combine practical experience of online attacks with cybersecurity theories, with help and oversight from security enterprises, in a move to effectively meet the industry’s demand for talented graduates.
The Chinese cybersecurity industry’s demand for new recruits between January and June rose by 45 percent year-on-year, according to a report released by online recruitment agency Zhaopin and security software provider Qihoo 360 at the end of August.
Yet more than 80 percent of college teachers have expressed concerns about current cybersecurity education standards, citing graduates’ shortage of practical experience, according to the report. Around 50 percent complained it is difficult to source reference books that cover real-life online threats.
Cybersecurity graduates can find themselves unprepared for employment “because it is hard for them to offer better solutions when meeting serious online threats”, said Tuan Kong, a cybersecurity engineer at Alibaba Group.
“What they learn in college can only help to solve simple attacks that are not the most important issues in the industry.”
Essentially, the industry’s demand for talent cannot be met if students have no experience solving real security problems at school, Tuan said.
To tackle the problem, several internet and security enterprises, including Alibaba and Qihoo 360, have taken steps to partner with education institutions.
Qihoo 360 established a cybersecurity college to offer intensive online skills training courses lectured by experienced and high-profile security experts, and is teaching students about real-life cases of online threats by increasing cooperation with universities and colleges.
In March, the company’s head, Zhou Hongyi, said more security companies should set up their own online training platforms for people seeking to join the industry, “as the key to making a country’s network more powerful is talent, not software or hardware”.
Practice makes perfect
Tuan, from Zigong in Southwest China’s Sichuan province, taught himself the nuts and bolts of cybersecurity when he was a college student. After completing a postgraduate degree in telecommunication, he found a job at a security laboratory affiliated with Alibaba in 2016.
“I feel a great sense of achievement when an enterprise thanks me after I use my technical skills to help it figure out or fix a vulnerability,” the 27-yearold said. “Practice makes perfect, and cybersecurity is a very broad sector.”
His team identifies and corrects vulnerabilities in Android systems and browsers, yet many of the engineers in his lab do not have a formal cybersecurity background.
“Those who can solve serious online problems are mainly cybersecurity competition winners or those who have learnt through self-study. They are experienced in dealing with real online attacks,” he said. “But cybersecurity graduates can only find everyday vulnerabilities.”
He said students do not know how to prevent a network from being
Fact box
attacked, as cyberattacks are constantly changing.
“Many of the scenarios students learn in college have been already solved, or are irrelevant today,” he said.
Hang Te, who heads two security labs at Alibaba, agreed.
“It is urgent and more important that colleges teach students how to prevent a network from being attacked, instead of only teaching them the technical skills involved in launching online attacks,” he said.
A Qihoo 360 employee, who goes by the name Ele7enxxh, said colleges are mainly focused on academic study. Gaining workplace competency involves learning the latest technical skills specifically required for real-life cybersecurity.
Academic, industrial ties
With the rapid development of online and other digital platforms, cybersecurity has been attracting more attention at major colleges in recent years, but a severe skills shortage remains.
Statistics released during the 2018 China Cybersecurity Week, held by the Cyberspace Administration of China in September, showed the country currently lacks more than 700,000 muchneeded cybersecurity professionals. That number is expected to reach 1.4 million by 2020.
To cater to the increasing demand from cybersecurity-related industries and bridge the widening gap, the country has stepped up efforts to cultivate more specialist personnel, unveiling plans to build four to six worldclass cybersecurity colleges by 2027.
The Cybersecurity Administration of China has placed the issue higher on its agenda, encouraging security and internet companies to increase and expand cooperation initiatives with education institutions.
In response to the policies, Qihoo 360 has established security laboratories and partnerships with numerous universities and institutions, including Peking University, Tsinghua University and the Chinese Academy of Sciences.
The company has improved education accessibility by sharing more security resources and designing textbooks, as well as helping to improve universities’ curricula.
Alibaba has also identified education as a development priority. It has set up eight labs to each focus on different online security problems.
“We will improve students’ education by increasing security projects and cooperation with academies at home and abroad,” Hang said, adding this also allows cybersecurity engineers in the company and students to exchange ideas and information.
Helping the public to understand what cybersecurity is and what related jobs involve is also important, according to Ele7enxxh, from Qihoo 360’s Chengdu Security Response Center.
The 27-year-old posted a blog on a digital forum in October inviting questions about cybersecurity. Within two hours, the blog had attracted over 800,000 views and more than 1,500 comments.
“Such communication is necessary, as individuals are the least secure aspect in cybersecurity,” he said. “The more you learn about this area, the less likely you are to be misled or deceived.”