Cyberspace was once a place that seemed far removed from everyday lives — an abstract world or an online realm we logged into.
Fast forward to today and the world lives in cyberspace — from light bulbs and locks in our homes to our cars and cellphones. Just as we need people to maintain the security of the physical spaces where we live, we also need humans to maintain the security of cyberspace.
While cybersecurity is critical to national security, the demand for professionals in the field exceeds the supply. Between 2013 and 2021, the number of unfilled cybersecurity jobs around the world grew 350%, according to Cybersecurity Ventures.
What are the forces in play that are preventing organizations from preparing cyber professionals to fill the gaps?
Filling the cybersecurity expertise gap
One clear challenge is the level of expertise and training required to enter the field.
“As our society embraces the digital world more and more, we need more cybersecurity professionals. It is difficult to train them because they operate on a much deeper level than what is necessary for a software engineer,” says Yan Shoshitaishvili, assistant professor in the School of Computing and Augmented Intelligence, part of the Ira A. Fulton Schools of Engineering at Arizona State University, and acting director of the Center for Cybersecurity and Trusted Foundations.
In many ways, defending ourselves and our nation starts with education, and filling some of those gaps in the field is not only conventionally achieved by the pros.
“It is crucial that we educate our workforce, not just cybersecurity professionals, but everyone, or the ‘end user’ as we refer to them in computer science,” says Carlos Rubio-Medrano, an ASU alumnus who is now an assistant professor at Texas A&M.
The end user is often more vulnerable when cybersecurity incidents occur, and they need to be able to protect themselves and their families online.
“Let’s say there is a data leak; your information is housed by the company, and they have an incident, losing their data to hackers. There's often nothing the end user can physically do about it,” Rubio-Medrano says. “Provide people with training — it does not need to be a lot — to help them understand and make informed security decisions.”
“The problem is that trillions of dollars flow across computers every day, as we have integrated them into every portion of our lives,” says Erik Trickel, a computer science doctoral student in SCAI, and a CTF affiliate. “Whether through ransomware, malware or hacking into servers, companies have to hire people who can also protect themselves. Although the gap continues to grow, I feel that we are taking appropriate steps to stem the tide.”
Expanding the reach of ASU’s cybersecurity training
ASU continues to raise the bar of excellence higher each year and to be a great place to gain hands-on training through education that prepares students for complex fields such as cybersecurity.
Addressing effective cybersecurity education is a known challenge and one that increases in difficulty when scaled up to fit the demand for trained cybersecurity professionals.
"The faculty at ASU spent a lot of time brainstorming how cybersecurity education should be done at scale, and we came up with this model which the university now provides as an open-source service to the world,” Shoshitaishvili says.
This open-to-the-world platform is pwn.college, preparing the next generation of cybersecurity experts with the moves to thwart cyberattacks.
“Pwn.college comes at it from the hacker’s perspective,” says Jamie Winterton, director of strategy at ASU’s Global Security Initiative. “To defend networks, it’s really essential to know how people think and what they may be doing offensively to your network. It’s impossible to do without that hands-on skill. You can play better defense when you know the offense.”
Pwn.college provides a series of training modules that build on each other, equipping students with theoretical approaches on how best to handle any given situation.
“Then, it just becomes rinse and repeat, over and over again, for each of the many skills to help them grow,” Trickel says.
ASU’s hands-on approach to cybersecurity education
This year, U.S. News & World Report once again ranked ASU as the No. 1 school for innovation, for the eighth consecutive year.
ASU’s DNA is infused with innovation, a universitywide goal to “spark, support and manifest new ideas,” ASU President Michael M. Crow says.
“With cybersecurity at ASU, there is this idea of innovation where if you have an idea, you can spin it into reality,” says Jackie LeFevers, assistant director of the Center for Cybersecurity and Trusted Foundations.
The center is designated a National Center of Academic Excellence in cyber defense and research by a joint National Security Agency and U.S. Department of Homeland Security program.
“We are engaging and developing cybersecurity talent, and really instilling a passion for cybersecurity at the high school level,” Shoshitaishvili says. “At the undergraduate level, we have students participating in hacking conventions across the world at events such as DEF CON. We have positioned ASU as the place to go, both physically and digitally, to research, develop and learn about cybersecurity.”
The center's partnership with the U.S. Department of Defense made possible the practice-based cybersecurity education platform that teaches the world critical security concepts. By learning these concepts, students gain a strong foundation in cybersecurity.
“We need to be able to give people basic skills and the assurance that as a university, we are working on cybersecurity challenges at the student level and beyond,” says Trickel, who is nearing completion of his degree.
“As an ASU graduate, I was educated by very talented people who taught me transferable skills needed to tackle problems, provide solutions and also to provide evidence on the effectiveness of those solutions,” Rubio-Medrano says.
"With so much of our lives taking place online, cybersecurity is everyone’s concern."
– Sally C. Morton, executive vice president of Knowledge Enterprise at ASU
3 critical tactics for cybersecurity professionals
1. Think like a hacker.
One crucial skill that bodes well in the cybersecurity field is having a hacking mindset, or being able to think about a computer system and try to find ways to break in.
“Stay up to date with developing technologies, continue to learn new things, report vulnerabilities as you come across them and most of all: think like a hacker,” Rubio-Medrano says.
2. Develop core competencies.
It is important to develop the core competencies and skills of basic programming languages and be able to demonstrate those abilities, a key requirement of a potential employer.
“You have to ask yourself: Am I interested in this position? Have I demonstrated that I am trainable? What intrinsic motivations make me hireable?” advises Trickel.
3. Become a lifelong learner.
“Cybersecurity is a constant journey of learning, ever more than computer science itself,” Shoshitaishvili says. “What you learn rapidly becomes outdated, so you have to continue learning as you will need to adapt quickly for the rest of your career as a cybersecurity professional.”
ASU’s cybersecurity resources
ASU has a wide variety of resources designed to increase cybersecurity awareness and expertise. Here is a sampling:
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally. ASU participates as a National Cybersecurity Awareness month champion.
The online educational platform provides training modules to aspiring cybersecurity professionals both within and outside ASU.
Through SCAI, the BS program in computer science with a concentration in cybersecurity provides students with the knowledge and skills needed to build dependable and secure information systems and networks and to ensure the integrity and quality of information being stored, processed and transmitted.
ASU is committed to raising the bar when it comes to cybersecurity awareness. Get involved with events and campaigns this October.
The Center for Cybersecurity and Trusted Foundations is partially supported by Arizona’s Technology and Research Initiative Fund. TRIF investment has enabled hands-on training for tens of thousands of students across Arizona’s universities, thousands of scientific discoveries and patented technologies, and hundreds of new startup companies. Publicly supported through voter approval, TRIF is an essential resource for growing Arizona’s economy and providing opportunities for Arizona residents to work, learn and thrive.