Academic institutions are under a lot of pressure to churn out as many cybersecurity graduates as possible who have skills they need to get to work right away and get us out of the skills crisis we’re in. According to Dr. Jane LeClair, COO for (ISC)2 Global Academic Program (GAP) member National Cybersecurity Institute at Excelsior College, however, transforming universities into training facilities is a dangerous move that fails to cultivate the creativity and critical thinking skills people need to be successful in the field. Instead, she believes that combining education and certification is key to cultivating the future cybersecurity workforce.

“We need both education and certification today. Education gives students the opportunity to explore, whereas training leads people down a specific path with a targeted goal. If I’m a hacker, and I’m sitting around thinking about new ways to break or attack something, you can assume that I’m a pretty creative person. If we turn academic institutions into training facilities, we’re missing the boat by failing to provide students with essentials skills. Education raises your knowledge level, draws out your creativity, and cultivates your critical thinking skills. A certification may or may not measure these things, but it does show an employer the specific skills you’ve mastered in addition to your educational foundation.”

To give students access to both education and certification opportunities, the NCI is partnering with organizations like (ISC)2 and EC Council. Their strategy is two-fold: to tie education programs with certification programs and to offer students a wide range of credentialing opportunities.

The NCI offers courses that reach everyone, from laypeople seeking to become more security aware to seasoned professionals looking to move to the executive level. Their bachelor of science degree in Cyber Operations is their most cutting-edge program. Dr. LeClair offers, “If I were just starting out, I would pursue this program.” They also offer a BS in IT with concentration on cybersecurity technology.

Dr. LeClair believes the CISO role is highly underutilized today and that CISOs should be reporting to the board or CEO rather than the CIO, whose plate is already overburdened. She also believes educating executives helps meet a deep need to raise awareness of cybersecurity at the managerial level. She sees this as a ticket to help organizations appreciate the importance of cybersecurity.

The NCI is aiming its MBA program, which is the largest in the capital district, at people who may or may not have a cyber background. By offering a heavy 30-credit curriculum, the NCI hopes MBA students will gain a strong cybersecurity background, empowering them either to manage people or to be practitioners. Through this program, NCI believes they are preparing these students to receive the cyber message and proliferate it throughout their organization.

The NCI recognizes that a degree isn’t enough, however, so they work with LifeJourneyTM to connect students with cybersecurity professionals. This helps people get a handle on the opportunities available to them and learn about the areas they can specialize in before they jump in.

Another way they’re helping draw intrigued people to the field is by reaching out to underrepresented groups through a scholarship program Dr. LeClair started for Women in Technology in 2012, which now has a cybersecurity component. The NCI also hosts podcasts with women and minorities at various levels in the profession, giving students a chance to understand both the opportunities and the challenges ahead.

Dr. LeClair states, “There are a lot of people in the military in cyber, which is wonderful, but we can’t count on that population to fill the gap. We need to broaden the net and reach large numbers of people and get them into an education program.” To do this, the NCI recently held a Massive Open Online Course (MOOC) on “Introduction to Cybersecurity.” It was a free course aimed at enticing people to consider a career in cybersecurity. They also seek to partner with cyber-focused organizations to discount students’ tuition.

“It’s essential that we help institutionalize cybersecurity at all levels of society, and we all need to do our part to meet this need,” asserts Dr. LeClair. “We’re here because we believe in education, and we know people are interested in this field. We must offer a wide variety of learning options so people continue to learn as the industry changes. Hopefully, out of that, we’ll attract people we might not have reached before but who have the will and the desire to serve in the role of a lifetime.”

What do YOU think? What will ease the cyber skills shortage? Should CISOs report to the board or CEO?

For more information about the GAP, please visit https://www.isc2.org/global-academic-program/default.aspx or send an email to academic@isc2.org.