Computer science graduates are in high demand, particularly those who are focused on cybersecurity degrees. Academic institutions are filling auditoriums and classrooms with bright students who are eager to work through challenging degree programs by the promise of being swooped up by a high caliber infoSec operation and begin an exciting cybersecurity career. According to Payscale College Salary Report 2017-18, computer science and information security graduates working in cybersecurity can expect to earn a handsome six-figure salary by mid-career.
Median Cybersecurity Career Salaries:
- Cyber Security Engineer Computer Science (CS) – $116,000
- Information Security Engineer Information Technology (IT) – $112,000
- Security Engineer Computer Science (CS) – $109,000
- Network Security Engineer Information Technology (IT) – $106,000
- Cyber Security Analyst Cybersecurity – $102,000
- Information Security Specialist Information Technology (IT) – $95,200
Your students expect that the moment they graduate with a computer science or information technology degree they will immediately begin an exciting, rewarding cybersecurity career. But are fresh graduates really prepared for their first job? As a former SOC manager at one of Israel’s leading banks, I looked for certain skills and experience in entry-level hires, and most computer science graduates did not fit the requirements and qualifications for the job. From my point of view as a SOC manager who hired, managed and promoted entry-level cybersecurity professionals, these are the most important skills and experience your graduates should have by the time you hand them their diplomas: :
Broad Technical Cybersecurity Skills
The Cyberbit team includes many former information security leaders from public and private sector organizations. They say the most prized cybersecurity professionals are those that master a large number of security concepts and tools used in a modern SOC. Mastery of intrusion detection and prevention systems, anti-malware, mobile device management, network access control, next-generation firewalls, authentication and authorization, SIEM (security information and event management) and SOC automation and orchestration are the basic skills young cybersecurity professionals need to enter the job market successfully. Conduct periodic surveys with leading employers in your areas to make sure your students are learning the most up-to-date and in-demand toolset. In addition to frontal instruction, make sure students get plenty of hands-on practice time in a lab or simulator to master tools.
Popular Cybersecurity Tool Categories:
- intrusion detection and prevention systems (IPS)
- endpoint detection and response (EDR)
- mobile device management
- network access control
- next-generation firewalls
- authentication and authorization
- security information and event management (SIEM)
- SOC automation and orchestration
Information Security Regulation
Every organization, whether public or private, is bound by at least one regulatory framework and cybersecurity professionals are expected to understand the relevant regulations at both the theoretical legal level and the nuts and bolts of day-to-day compliance as it applies to data security operations and procedures. Knowledge of relevant regulatory requirements is sure to impress potential employers and give your graduates the edge over other candidates. Undergraduates should get an overview of relevant frameworks. Graduate students must achieve more in-depth mastery.
Sample Cybersecurity Regulatory Frameworks:
- Sarbanes-Oxley (SOX)
- NIST Cybersecurity Framework
- PCI DSS Payment Card Industry Data Security Standard
- SSAE-16 Statement on Standards for Attestation Engagements
- FedRAMP Federal Risk and Authorization Management Program
- GDPR General Data Protection Regulation of the EU
- Privacy Shield
- ISO ISMS ISO/IEC 27000 Family – Information Security Management Systems
- CISA Cybersecurity Information Sharing Act
Technical and analytical skills lose their value quickly when the young professionals who possess them lack the ability to work well in a team. A modern SOC (security operations center) is staffed by a team of analysts of varying level of experience who must work together to carry out complex investigation and remediation as quickly as possible. Use team projects and simulation exercises to give students plenty of practice. One of the best ways to give students real-life experience is to give them team challenges where they must work together to resolve a real security incident from beginning to end. The challenge should be as realistic as possible and include time constraints and unexpected events and demands along the way. Another challenge is to split the class up into teams. One team is challenged to build the most secure network possible according to the specifications provided by the instructor. Then other teams get a chance to try to hack it. This ‘white hat’ experience lets students learn to think like the enemy. All simulation exercises should include a debrief where student get constructive criticism and suggestions from both the instructor and fellow students.
Hands-on Cybersecurity Experience
Employers across the board complain that entry-level job applicants lack the hands-on experience that makes them a truly valuable member of the team from day one. This is especially true in cybersecurity careers. Theoretical knowledge alone is of little help when an organization is under cyber attack. Give your students as much hands-on experience as possible during their degree program. There is no need to wait until the last year or semester to get practical experience. Make use of on-campus cybersecurity simulation labs a part of every semester. If a cybersecurity simulation lab is not available, use tabletop cybersecurity exercises. Midway through the degree program, encourage students to get real-world experience by doing internships or student positions at local enterprises. Work closely with the host companies and employers to ensure the experience is practical, relevant and challenging.
About the Author
Shai Gabay is Chief Innovation Officer at Cyberbit. Prior to Cyberbit, Shai was SOC manager at Discount Bank, one of Israel’s largest commercial banks.For more information about building a hands-on cybersecurity degree program download free whitepaper