Home » The Cybersecurity Skills Gap

The Cybersecurity Skills Gap

By Debra Gibson Isaacs


Hackers breached the computer database of retail giant Target in 2013, affecting 40 million customers’ data and costing the retail chain more than $116 million. It was the first large public breach, but others quickly followed. Today no company, large or small, is immune.

Importantly, as this number of computer breaches has skyrocketed, so has the need for experienced cybersecurity specialists. Job titles such as information security analyst are projected to grow as much as 18 percent by next year, according to the U.S. Bureau of Labor Statistics – much faster than other jobs. In addition, the jobs pay well, with a median annual salary of $90,120 for those with a bachelor’s degree.

Filling these jobs will be difficult, however, according to many computer experts, including Amy Justice, senior security and compliance consultant for SDGblue LLC in Lexington, a professional information technology company specializing in security, network infrastructure, and technology and consulting services.

Two reasons dominate. First there is a skills gap.

“Many computer science majors learn scripting, programming and logging,” Justice said, “but they don’t graduate with the critical thinking skills needed to analyze risks.”

Second, those critical-thinking skills largely come with experience, and that experience today is mostly a catch-22, chicken-or-egg kind of thing.

“Employers look for and typically require around five years of experience for security engineers,” she said, “but potential employees find experience hard to come by since there are few internships.”

For example, Justice said SDGblue offered two internships recently. They had more than 50 applicants for the two positions.

James Walden, associate professor and director of the Center for Information Security at Northern Kentucky University, agreed.


Many big hacking targets remain

“The demand for cybersecurity has increased greatly in the last few years,” Walden said. “There have been a large number of public data breaches, many in retail and healthcare. There are also a lot of rumors about banking breaches. The next big hacking targets will be cars, medical devices and home security devices. Everything on the internet can be hacked.”

And a skills gap? “Definitely,” said Walden.

Computer science program “curriculum standards don’t require security courses yet,” he said. “Students can earn a degree in computer science without taking any courses in cybersecurity.”

Even so, several Kentucky schools are offering courses and certificates in cybersecurity designed to help students prepare for these jobs.

NKU has been offering a track in networking and security since 2005. The university also offers a minor in computer forensics and computer science, a graduate degree in corporate information, and in 2014 added an online certificate in online security.

The 18-hour certificate program covers information technology fundamentals – databases, operating systems, networking, programming – to provide a foundation for learning about the major areas of cybersecurity, including cryptography, secure programming, network security, authentication, access control, security policies and governance, and web security.

“While the certificate includes courses that overlap with majors in computer information technology, business informatics and computer science in the College of Informatics, it can be paired with any major,” Walden said.

The National Security Administration (NSA) and the Department of Homeland Security (DHS) has named NKU a National Center of Academic Excellence in Information Assurance/Cyber Defense Education.


Filling skills gap a national priority

The NSA and the DHS jointly sponsor the National Centers of Academic Excellence in Information Assurance/Cyber Defense programs. The goal is to reduce vulnerability in the national information infrastructure by promoting higher education and research in IA/CD and producing a growing number of professionals with IA/CD expertise in various disciplines.

For students, these designations offer several benefits. First, students attending designated schools are eligible for scholarships and grants through the Department of Defense Information Assurance Scholarship Program and the Federal Cyber Service Scholarship for Service Program. Secondly, employers recognize the value of these designations, giving students an edge when it comes to employment.

The University of Louisville is also a National Center of Academic Excellence in IA/CD Education.

UofL offers a graduate certificate in network and information security. The graduate certificate in network and information security is designed for advanced computer professionals as well as students majoring in disciplines other than computer engineering and computer science.

“The certificate gives masters’ students an advantage over other students looking for jobs,” said Roman Yampolskiy, associate professor of computer engineering and computer science at the UofL Speed School of Engineering.

UofL has a Cybersecurity Laboratory, which Yampolskiy directs. Lab members research a multitude of topics related to security of cyber infrastructure.

“The lab’s strengths include work in behavioral biometrics, game security, artimetrics (robot authentication), forensics, passwords and cryptography,” the professor said.

Eastern Kentucky University and Kentucky State University also offer degrees in cybersecurity.


Co-ops, internships, competitions

EKU offers a bachelor of science degree in network security and electronics; two BS/master’s programs in network security and electronics; two associate of applied science degrees in technology and computer electronics concentration; and a minor in computer electronics technology.

Students are encouraged to participate in the university’s cooperative education program in areas related to computer systems, networks, electricity and electronics. They work as interns in IT, computer support, help-desk, network, web development and electrical with local industries.

KSU also offers a certificate in information security. A computer science background isn’t required to earn the certificate. Students just need to complete 12-13 credit hours.

Students at all of the programs also learn through competitions, most notably the National Collegiate Cyber Defense Competition.

Three types of competitions prevail:

  • Time management – the pressure to perform against the clock
  • Infosec skills – practical applications of knowledge in live fire scenarios
  • Teamwork – the ability to work well with others.

According to their website, these competitions ask student teams to “assume administrative and protective duties for an existing ‘commercial’ network – typically a company with 50-plus users, seven to 10 servers, and common internet services such as a web server, mail server and e-commerce site.

Each team begins the competition with identical hardware and software and is scored on its ability to detect and respond to outside threats, maintain availability of existing services such as mail servers and web servers, respond to business requests such as the addition or removal of additional services, and balance security needs against business needs.

Throughout the competition an automated scoring engine is used to verify the functionality and availability of each team’s services periodically and traffic generators continuously feed simulated user traffic into the competition network. A volunteer team provides the ‘external threat’ all internet-based services face and allows the teams to match their defensive skills against live opponents.”

It is yet another way to prepare potential employees for a job in high demand.

“There is a huge shortage of people for these jobs right now,” said U of L’s Roman Yampolskiy. “Every company wants one. Every company needs one. There is nothing hotter in computer science.” ■


Debra Gibson Isaacs is a correspondent for The Lane Report. She can be reached at [email protected].