Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Management & Strategy

The Cyber Security Gap in Education

SAN FRANCISCO – In last year’s workforce study from ISC2, 56 percent of those surveyed said their security organization was short-staffed. A year later, figuring out what to do about that remains a challenge, and it is one not far from the minds of some of the attendees at the RSA Conference.

SAN FRANCISCO – In last year’s workforce study from ISC2, 56 percent of those surveyed said their security organization was short-staffed. A year later, figuring out what to do about that remains a challenge, and it is one not far from the minds of some of the attendees at the RSA Conference.

One answer may be to make sure that all aspects of IT consider security as a critical part of their operation. But that process often gets off to a rocky start for aspiring IT professionals, as many universities are not doing a good enough job of educating students on security – particularly those not going directly into the security field, argued Jacob West, HP’s CTO of Enterprise Security Products. 

“Honestly I think we’re doing almost nothing at the university level today to teach security,” he told SecurityWeek at the conference, where he presented on the topic earlier in the day.

For those pursuing a career in cyber-security, there is at least a clear career path and opportunities, he said. But for anyone seeking a career in IT where security is not their primary responsibility, the danger of security falling through the cracks is very real.

“[Developers] are not getting realistic expectations placed on them at the university level around the kind of coding that they do,” he said. “They are basically asked to provide certain functionality…and are supposed to provide it with a certain level of performance perhaps – some cases not even that – but they’re not expected to provide it in a robust way. They are not graded against frankly the same standards that code in the real world is graded against today, which is being in an adversarial environment and where a small mistake can lead to a huge security problem.”

Adding to the challenge of preparing a workforce is the dynamic realities of IT security, where change is perhaps the only constant. In a panel discussion, representatives from security certification body (ISC)² stressed that seeking professional certifications can help not only bolster an employee’s credentials, but also serve as proof of expertise regarding real-world situations.

The test for the group’s CISSP certification is updated with new questions every few months, and the test has to be retaken every three years for the credential to stay in good standing, explained Vehbi Tasar, director of professional programs development for (ISC) ², explained to SecurityWeek. When it comes to education, he said, the best learning usually comes on the job.

Advertisement. Scroll to continue reading.

“All good security people learned their job doing the job,” he said. “They didn’t learn at the university. That is a big gap in my opinion because universities are teaching just the basic stuff. They are not necessarily teaching different angles that people will encounter. They cannot really; you cannot expect them to do it.”

West said during his presentation he would like to see additional programs from both the government and the tech industry to support those seeking to get into the field, and added later that it was critical to recruit women, who he said as a group continue to be underrepresented in IT security. To that end, earlier in the week, HP announced it was making $250,000 available in scholarships for women studying information security.

“It’s not as simple as adding a new class on security,” he said. “It’s the idea that we have to build security and the requirements of robust programming into everything we teach at the university level, and that’s a much broader problem.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.