Integrating Soft/Entrepreneurial Skills for Success in Cybersecurity Project
Today, more than ever, organizations need cyber defense technology to protect their valuable, private, and confidential assets (e.g., trademarks, patents, processes, customer/patient/client information, etc.). In a 2014 business whitepaper on the State of Security Operations1, Hewlett Packard Security Intelligence and Operations Consulting (SIOC) assessed 93 organizations in the public and private sectors, across all industry levels in 13 countries and found that only 30% of the assessed organizations met compliance requirements for cybersecurity. The study also found the cost of data breaches has increased 78% over the last four years.2
Beyond the threats to business and industry, Kim (2014)3 points out that the most dangerous threat to the United States is no longer a physical attack but a cyber attack. “Terrorist organizations, criminal masterminds, enemy nation-states, and lone anarchists alike could cripple the United States if they gain access to networks” (p. 56). Such critical infrastructure attacks could include power grids, gas and oil pipelines, transportation, and banking and financial systems resulting in possible blackouts, flooding, and scarcity of energy sources.
In response to these looming threats, the Defense Department’s cyber budget has doubled to $447 million in 2014.4 The Air Force, for example, since the U.S. Cyber Command became operational, has grown to 5,400 airmen, civilians, and contractor personnel providing continuous support to protect Defense Department networks. This number doesn’t include the additional 11,000 Air Force reservists and Air National Guard members supporting the mission. “And there’s no sign of the growth letting up” (p. 16.)
Zorz (2013)5 states that the information security job market continues to expand and that over the past five years demand for cybersecurity professionals grew 3.5 times faster than that for other Information Technology (IT) jobs. “Demand for security pros is booming, so much so that the gender gap has nearly closed when it comes to pay”6 (p. 16). According to the U.S. Department of Labor Statistics, employment of information security analysts is projected to grow 37% from 2012 to 2022, much faster than the average for all occupations. The median annual wage for information security analysts was $86,170 in May 2012.6
Northeast State Community College (NeSCC) in Blountville, Tennessee has responded to this growing need. In 2012 the Computer and Information Sciences Department at the College developed an Information Assurance (IA) concentration focusing on cybersecurity as part of the Computer and Information Sciences Associate of Applied Science degree programs. Northeast State is working to grow the program by targeting externally to area high schools, the community, and internally to the NeSCC student population in the Business Technologies Division programs.
The Computer and Information Sciences Department regularly meets with its advisory board, which is composed of representatives from local businesses. These industry leaders provide advice for academic programs and keep them informed of the skills needed for success in the job market. Consistently, industry recognizes the strength of the Northeast State programs for preparing students with the necessary technical skills. However, advisory board feedback often centers on the problem of prospective employees’ lack of “soft skills,” such as effective written and oral communication, professionalism, and teamwork.
The Computer and Information Sciences Department recently conducted a required DACUM (Developing A Curriculum) process to identify the top skills IT employers’ seek.7 This process identified numerous technical computer skills, knowledge, and “soft skills” as necessary for success as a cybersecurity professional. `
During the IA DACUM, the panel identified the following “soft skills” as critical:
- Active Listening
- Critical Thinking
- Problem Solving
- Research Methods
- Time Management
Our cybersecurity graduates will be able to meet the needs for both technical and “soft” skills of a wide range of industries. Major employers in northeast Tennessee, where the college is a leading educational institution, are listed in Table 38. The college also meets workforce needs in a larger region, bordering southwest Virginia and western North Carolina. In all, it serves 15 counties with a total population of 1.2 million people.
|Table 3 Northeast Tennessee Employers|
|Mountain States Health Alliance||8,700|
|Wellmont Health Systems||7,000|
|Eastman Chemical Company||6,700|
|K-VA-T Food Stores||3,800|
|East Tennessee State University||2,800|
|VA Medical Center||1,600|
|Advanced Call Center Technologies||1,200|
|American Water Heater||1,200|
|AGC Flat Glass North America||670|
Goals and Objectives
The goals of the cybersecurity and entrepreneurship grant are to provide students with combined technical, entrepreneurial, and "soft skills." The cybersecurity program equips students with the technical skills needed to secure a computer network infrastructure. The Business Department’s entrepreneurial program will provide the "soft skills" students need to sell themselves to business and industry. The cybersecurity program recruitment plans will focus on high school students, NeSCC students, and the community.
The project goals include:
- Integrating “soft skills” (such as teamwork, effective communication, and relationship building) and entrepreneurial skills (such as leadership, salesmanship, accountability, goal orientation, persuasion and influence) into the current IA curriculum and new entrepreneurial course. For the IA courses of Information Security Fundamentals, Enterprise Security Management, Computer Forensics, Network Security, and Secure Electronic Commerce, "soft skills" (such as report writing, documentation of processes, and oral communications) will be incorporated into the courses.
- Building enrollment in the IA program by focusing on area high schools, the community, and industry outreach.
- Developing and disseminating a replicable model curriculum and results from the project through the National CyberWatch Center Clearinghouse and through the South Carolina Advance Technologically Education Center (SCATE).
- Curriculum model that shows how the specific "soft skills" and entrepreneurial skills were incorporated into the curriculum
- The documentation of the results, lessons learned, and procedures used in the curriculum redesign to include the integration of soft/entrepreneurial skills into the Cybersecurity program
- The documentation of the results, lessons learned, and procedures used for conferences for the high school guidance counselors and others
- The results, lessons learned, process, and procedures used for high school recruitment and retention into the Northeast State two-year program
- The results, lessons learned, process and procedures of industry leaders involvement in classroom activities that enhance retention
- Dissemination of the model curriculum and project materials through the National CyberWatch Center Clearinghouse and SCATE
- 1HP Hewlett Packard. (2014). State of security operations: 2014 report of capabilities and maturity of cyber defense organizations [White paper]. Retrieved from https://ssl.www8.hp.com/ww/en/secure/pdf/4aa5-0501enw.pdf
- 2 Ponemon Institute (2010-2013) “Cost of Cyber Crime Study: United States.” Retrieved from http://media.scmagazine.com/documents/54/2013_us_ccc_report_final_6-1_13455.pdf
- 3Kim, J. L. (2014). In the trenches of cyber warfare. Journal of the Air Force Association: Air Force Magazine. v 97 (2). Pages 56-59
- 4Pawlyk, O. (2014). Go cyber now: retrain; gain opportunities for promotions, bonuses and future jobs. Air Force Times, February 17, 2014. Gannett Government Media Corp.
- 5Zorz, Mirko (2013). IT security jobs: What’s in demand and how to meet it. (IN)Secure Magazine. Pg 43: Retrieved from http://www.net-security.org/dl/insecure/INSECURE-Mag-38.pdf
- 6U.S. Bureau of Labor Statistics; January 8, 2014; Occupational Outlook Handbook; Accessed: March 7 2014; Retrieved from http://www.bls.gov/ooh/computer-and-informationtechnology/information-security-analysts.htm
- 7Computer Science Advisory Board Meeting, March 28, 2014, Meeting Minutes: Computer Science Department, Northeast State Community College, Blountville, TN.
- 8Top Employers in the Northeast Tennessee Valley Region September 08, 2011 Retrieved from http://businessclimate.com/northeast-tennessee-valley-economic-development/top-employers-northeast-tennessee-valley-region