The infosec industry appears to be willing to adopt alternative—and innovative—ways of thinking to attract students into the field at a young age. But, there is no clear strategy, and there is no book of rules that outlines the skills to be taught to succeed in this industry.
The infosec industry appears to be willing to adopt alternative—and innovative—ways of thinking to attract students into the field at a young age. But, there is no clear strategy, and there is no book of rules that outlines the skills to be taught to succeed in this industry
As a former chief security officer with over 30 years in security, intelligence, and risk, one of our guests today, Kim Jones, has seen a lot of good happen lately—but no doubt, there is plenty of room for improvement.
There is an overall level of difficulty finding highly-skilled professionals. And even when you find them, they are often good technologists coming out of the computer science fields with a passion for technology and the exciting prospect of hacking for a living. In Kim's experience as an InfoSec leader, they sure understood the code and the tech but didn't often understand how to operationalize it, the governance surrounding it, nor the process enabling it.
"[Professional candidates] were absolutely horrific at trying to communicate highly technical concepts in a very simple and straightforward manner."—Kim Jones
Many practitioners understand the fundamentals of computer science behind information security and how the technical stack works. And others are actually executing on it and understand that angle of the program. But there's the language that sits between the two; that's what is missing.
"You have CISOs that know what they need and what they want, and colleges that aren't quite matching that need, nor want."—Cecilia Murtagh Marinier
There are countless opportunities here, and it seems we have a view into where the gaps are and what the challenges are in reaching them. The question is, how do we close the gaps and overcome the obstacles?
Kim and Cecilia talk us through some ideas driven by Kim's work at Arizona State University and Cecilia's work with the RSA Conference College Day program (and more).
Cecilia Murtagh Marinier, RSA Conference Program Director, Innovation and Scholars
Kim Jones, Director, Cybersecurity Education Consortium, Arizona State University
RSAC College Day: https://www.rsaconference.com/rsac-programs/college-day
Cybersecurity Education Consortium: https://cec.asu.edu/ (@asu_cec on Twitter)
This Episode’s Sponsors:
To see and hear more The Academy content on ITSPmagazine, visit:
Are you interested in sponsoring an ITSPmagazine Channel?