In Episode 34 of the Alliance Podcast, Mary Dickerson and John Godfrey of the University of Houston and Kansas University Medical Center weigh in on the challenges of educating the next generation of cyber security professionals.
What is currently being done?
What are the barriers preventing more students from entering the field?
What are the biggest challenges Universities face with regards to Information Security?
What resources are available for security professionals to continue their ongoing education?
Join Host AJ Eads, Director of Communications for the Alliance along with two incredible guests to learn more about this fascinating topic and how two of our executive members are making an incredible difference.
What are the initiatives that you are currently addressed in?
Mary: One of the key things to realize is that kids are already using technology, the challenge to to make security engaging and exciting. The Cyber Patriot Program is a great resource that is sponsored by the U.S. Air Force, at almost no cost for the schools involved. The kids learn about the systems, how to protect those systems, and also the other challenges security professionals face like answering a call from a customer who needs access to their account.
Mentoring is another huge factor, we need professionals that are willing to interact with the kids and show them this is a fun career field and this can be an incredibly rewarding way to earn a great living.
John: I’m currently working on my doctorate in Cyber Security at the Capital Technology University just north of Washington D.C. I also teach undergraduate courses for the university where we take the core skills that our students have coming out of high school and build upon that with our curriculum.
Mentoring is also an important and I’m working with a team member to help identify start ups in the Kansas City area that are working on the next generation of applications and software, and provide feedback and insight on how they can be better.
I’m also working on a concept around badging, or micro-certifications. For example, if a student were to attend a particular conference, they could earn a badge, and these badges can stack up on each other and earn certifications or college credit in a way that we haven’t been able to do before. It gives us a way to start educating kids early, and then allows them to demonstrate their skills in way that’s new.
What factors are keeping kids from getting engaged in this space?
Mary: A huge part is perception, their is a mistaken believe that to do security extremely well, you have to be extremely technical. The bigger factor is a desire to learn, and an inquisitive nature. Another problem is that many of our teacher are timid with their own technology skills, so they aren’t as likely to want to engage their students.
In Houston, we work on educating teachers on technology so they can feel more confident and pass that along to their students.
John: Cyber security is more than what you see on TV and Movies, and there is an enormous opportunity to be in the space. We look more at the inquisitive nature of our potential interns than we do their technical skills.
We found a student that had a background in respiratory therapy, and a side passion for IT, and the diagnosing nature of the individual has allowed them to become an incredible analyst.
What are some of the challenges inherent in securing an educational institution?
Mary; We have to be so many things to so many different types of users. We have very public environments like a football stadium and a large arts facility. We also have very stringent security segments of the university like medical centers, research facilities and financial transactions. Being a state agency we have some fiscal constraints so we have to balance all of our users needs with a secure environment.
John: Hipaa is of course a really big concern for us here. We have research, education and our clinical enterprise so we become the target of many criminal enterprises more than some public businesses. We are a state agency so we are subject to the open records act and other regulation and oversight that makes our job challenging. One of the things we focus on is targeting the overlap in compliance and oversight requirements and do a great job in all of those areas.
What are the resources you look to for your own ongoing education?
Mary: Networking through all of the professional organization is a great place to start. It’s the relationships that you are able to develop with other security leaders in fields outside of the educational field. I look for experts in the financial sector to help me better understand how we should address our financial concerns on campus.
Organizations of value:
John: I couldn’t agree with Mary more, the inter-disciplinary relationships that I have developed over the years have been of huge value. Going to conferences are as much or more about the networking then the actual content being delivered. Having that network of other security leaders means that when I’m evaluating a strategy or solution provider, it’s often just an email to a few colleagues.