Real success in a cybersecurity career depends on a broad liberal arts background, knowledge of politics and international affairs, and strong written- and oral -communication skills—not just detailed technical know-how and days spent glued to a computer screen, cyber experts told current and prospective students at University of Maryland University College (UMUC) “Interconnected and Unprotected – The Cybersecurity Dilemma” conference, Nov.4.
“Technology is just an enabler,” said Deborah Frincke, director of research at the National Security Agency. “Information sharing is [finding] a way to engage with humans with trust and confidence when we don’t know them. It all gets back to human engagement and human interaction.”
Fricke said it’s a mistake to approach cybersecurity by starting with the computer and determining how to make it safer. She suggested a better approach is to start by determining what you want humans to accomplish with the computer and then figure out the technology.
The conference was aimed at UMUC’s growing body of cybersecurity students in undergraduate and graduate programs alike, who aspire to benefit from burgeoning employment opportunities in the field.
UMUC President Javier Miyares said the job demand for cybersecurity professionals “continues to grow at unprecedented levels.” More than 200,000 cybersecurity jobs in the United States are unfilled, he said, and postings are up 74 percent from the last five years. In addition, cybersecurity jobs are expected to grow by 53 percent through 2018 and 10-fold in the next decade.
But the knowledge and skills required of a cybersecurity professional are still being defined, some conference speakers said. And, as the nature of the threat changes, the requirements needed to succeed in the profession change as well. One thing is for certain, the skills needed go far beyond technology.
“I need people who study political science,” said David DeVries, chief information officer at the Federal Office of Personnel Management. “I need people with a political science background to think about data and [determine,] 'How do I analyze things differently.'”
After all, the safest computer is one that is turned off and sitting in the corner. But it’s not doing much work, he said.
Troy Thompson, a first-class student at the U.S. Naval Academy, said that instead of being a technological robot, a cybersecurity professional needs “that liberal arts understanding of how to identify a problem, then how to work around [or work] through that problem to create a solution.”
Many people don’t explore cybersecurity education because they perceive that learning how to code is hard, said Thompson, who is writing a paper on K-12 education to foster the idea that [coding] is not difficult.
“You have to overcome that [perception] by making it fun,” he said. “It’s something that each and every one of us can do. It’s more psychology than technology.”
Jeff Daniels, senior manager at Lockheed Martin, said he enlists high school students as interns.
“They bring fantastic skill sets,” he said. “And then when they marry up the process and the technology together in a business setting, it opens their eyes.”
Linda Cureton, CEO and founder of Muse Technologies, Inc., said that for emerging cybersecurity professionals, “honing your leadership and your soft skills, and being able to communicate are very important.”
Michael Echols, executive director and CEO of the International Association of Certified ISAOs, said there is a two-way street between a person with a technical education and someone with a liberal arts education. Each needs to know about the other.
“You have a lot of technical people pushed in the direction that they need to know how to code, [that] they need to be a guy sitting in a dark room and typing on a computer and not talking to other people. That is so far from the truth,” he said.
In fact, now, Echols said, most of the people he is talking to are lawyers and accountants who have a cybersecurity spin to what they do. Cybersecurity has become just another aspect of doing business.
“For a student deciding where [he or she] should go, I always [say] that even if you are studying something in the liberal arts, make sure you are taking cybersecurity classes,” he said. “There is some aspect of something you will do in the future that is going to center around protecting data and protecting what is important to you.”
Echols said he always pushes for cybersecurity professionals to have a diverse education, because as new sciences and new business functions are developed, new skill sets become important for understanding how to improve security.
“The ability to write and speak clearly are very important if you are going to move up the ladder,” said Curtis Rose, president and CEO of Curtis W. Rose & Associates. “There will always be a need for a professional who can distill information and explain it. You need to add that emotional intelligence, those interpersonal skills. Don’t ignore that.”
A more expansive knowledge of the world, especially in economics and politics, is important when a cybersecurity professional is using his mathematical skills to work on the latest new device as well.
“Think of the broader world economically and politically, because that context will help you do a better job in your own field,” he said. “If you are working on a problem, sometimes something will click about the broader context and you’ll [realize,] ‘Ha! I think I know what they’re up to.’”
Interpersonal skills also are essential when cybersecurity professionals are trying to build partnerships to share information among government, business and academia, said Zach Furness, technical director, National Cybersecurity FFRDC. Not enough is being done now to build those partnerships to share the context of a problem as well as technology, he added.
“If you just silo it off, you are not going to understand the advancements that need to tie into the problems at hand,” he said. “We need more ways to share information across organizations. Then we will make faster progress.”
Keeping certifications up-to-date is essential throughout one’s cybersecurity career, said Zach Lawrence, assistant professor of information and engineering technology at Prince George’s Community College.
“Certifications are very much like a burning match,” he said. “You get this big bright glow, and then it fizzles over time.”
But being certified in everything is impossible, Lawrence added and suggested that a cybersecurity professional should pick out three to five certifications and then update them periodically.
“The need for continuous education is something that the millennials say, of course,” said Tim Bennett, director general and CEO of the Trans-Atlantic Business Council. “It's the baby boomers who have the problem.”
But, he added, change is so much more rapid now and job competition is global, and that’s putting “tremendous pressure” on millennials.
“The folks who are wearing the black hats—organized crime and state-sponsored actors—they are not getting certifications,” Bennett said. “They are doing it through their own abilities and interacting in the underworld. The need to constantly keep up with your skills is a permanent part of the job landscape now.”