Every day we read another report lamenting the limited workforce that possesses the technical skills so badly needed in cybersecurity. This is a significant challenge for our educational system to address. We need computer scientists, coders, and engineers, and we need to attract young people to those professions.
But there is another challenge in the development of the cyber workforce – understanding that a range of “non-technical” knowledge is also essential to our future success. Why? Because we need innovation coupled with an understanding of policy, economics, business, behavior, and organizations. In other words, we need to attract those who are not interested in a technical degree per se to help form the foundation of cyber practice. That is, we need people who can provide context to the technical data. And we must develop “cyber literacy” throughout our entire workforce.
In his wonderful book, The Innovators, Walter Isaacson writes about the pioneers of the digital age who were able to “think differently,” because they were not exclusively locked into one discipline. We have the same need today. We need the same passion for cross-disciplinary knowledge and skills.
But can academia provide what successful innovators, threat analysts, business entrepreneurs, and policy makers need? There’s recognition in academia that multidisciplinary programs with a cyber emphasis will make important contributions to the digital world. And they will, provided that they are able to break barriers in academic fiefdoms and are not viewed as competitive with pure technical programs. We have some good success stories already, and the best programs offer a cross section of knowledge from business to technology to policy. These programs also offer substantial experiential education such as simulations and “gaming.” Yet it is challenging to institute and fund these programs, as they must truly bridge distinct “schools” and compete for tuition dollars, staff, and research funding.
Not all the potential cyber workforce will come from multidisciplinary programs. Many will only be attracted to the cyber industry if their own academic disciplines recognize and support some study of cybersecurity. This is occurring incrementally in academia, particularly in business schools. But cybersecurity is a national security issue, and if you consult course listings and concentrations for many U.S. schools of international affairs or public policy, you will find a handful of courses or a few mentions in “survey” national security courses. Many of these programs were created with an emphasis on the threat of nuclear proliferation and have been slow to adjust their offerings to the growing impact of cyber. We can change that imbalance by providing more depth in cybersecurity courses and ensuring that certain broad based skills, such as critical thinking and an understanding of the technical environment, are required as part of a cyber curriculum. Francesca Spidalieri’s Pell Center report on gaps in training future leaders offers excellent insights and data on meeting these needs.
Academia cannot magically produce all the human capital we need in the cyber industry, but it can and should challenge our students to reach beyond single focus disciplines to build the skills and knowledge that span across the cyber spectrum.