Cybersecurity education, skills lagging behind current threats
Amid acute shortages of cybersecurity professionals, acting information security (InfoSec) experts are questioning the relevance of the formal education they received, as indicated by Kaspersky’s new global research.
The research result revealed that one in two cybersecurity professionals were not able to confirm the usefulness of their academic training when it came to helping them in their role. These experts have to invest their resources in further training to tackle the ever-evolving threat landscape and keep up with industry developments.
According to ISC2, the world’s leading organization for cybersecurity professionals, the existing cybersecurity workforce needs to grow almost two-fold to run at full capacity and support the global economy.
To explore the root causes for the current cybersecurity skills shortage and the lack of InfoSec professionals, Kaspersky commissioned a global study that takes a closer look at the educational aspects of the problem and the influence it has on the career paths of these experts.
Many InfoSec experts pointed out that the education system is detached from the realities of cybersecurity, resulting in a lack of applicability when it comes to real-life work experience: almost every other professional believes the knowledge taught in formal education was somewhat (14 percent), slightly (13 percent) useful or of no use at all (24 percent) when it came to fulfilling their job duties.
To determine the factors that might be holding back the educational field, respondents were asked whether: the training staff in their college or university were experienced in cybersecurity; they had access to the latest technologies and equipment; they were provided with experience in real-life cybersecurity incidents, and if they were offered internships with real job experience.
Less than half of respondents said their college or university program offered them hands-on experience in real-life cybersecurity scenarios as live projects: 23 percent “strongly agreed” with this statement, and 26 percent “somewhat agreed”.
In addition, access to the latest technologies and equipment, and the quality of internships emerged as the weakest aspects of cybersecurity education for most regions.
“Cybersecurity education is facing certain challenges when it comes to keeping up with developments in the cybersecurity industry,” said Evgeniya Russkikh, Head of Cybersecurity Education at Kaspersky.
“The rapidly evolving nature of cyber threats means that educational programs often struggle to ensure their content is up to date, leaving cybersecurity professionals with knowledge gaps. At Kaspersky, we help universities overcome these challenges and ensure continual learning and adaptation for young professionals by integrating the leading expertise of our industry experts into educational curriculums so that they combine practical hands-on experience with theoretical knowledge,” Russkikh added.
To tackle the cybersecurity skills shortage, Kaspersky suggested a multi-faceted approach focused on the academic field, the InfoSec workforce, and businesses, such as higher education institutions can upgrade their curriculums by partnering cybersecurity players and integrating the latest industry knowledge into their training program.
Kaspersky for instance, has a special program for universities to integrate cybersecurity expertise—the Kaspersky Academy Alliance, which offers program participants access to world-class knowledge on cyberthreats, lectures and training sessions, as well as latest technologies.
Young professionals can supplement their academic training with real-life job experience by completing an internship in an information security or R&D (research and development) departments.
International competitions run by various companies and organizations also provide cybersecurity professionals with a chance to develop their skills by solving various cybersecurity challenges.
Likewise, acting cybersecurity professionals can opt for continuous learning, undertaking additional training courses and certifications.
Department of Information Communication and Technology (DICT) secretary Ivan Uy, said that there are at least three million job vacancies for cybersecurity experts around the globe. However, while the demand is high for Filipino IT experts, only a few attained the proper training and certification to be employed.