Flunking Cyber Education

We live in great times for cyber employment and training.  Rapidly developing and expanding STEM programs in schools.  Congressional bills supporting funding of myriad training programs.  

A recent summit held by the White House on July 19th - under the auspices of the new National Cyber Director - to find ways to encourage people to join the cyber work force and develop education programs supporting the effort.  Lots of talk about the 700,000 person job gaps in the cyber field and the need to fill those jobs.

As a cyber expert and college professor who teaches cyber, I applaud these developments.  But, as someone who is in the cyber business and now in the education game, I tell you it’s not going to be easy. Ignoring whether 700,000 people want to join the cyber community of workers - and not everyone does or has the skills to do so - you have to think of what kind of education you need to do the job. One of the big corporate challenges  - private or public - is not people learning code.  It’s middle managers learning the vastness of cyber, its organization costs, and getting those on the cyber coal face to speak understandably/or translate to those that run the places. Currently, despite best efforts, they are talking past each other.

Three Layers of the Cyber Cake

The connection between the decision makers and the cyber people on the coal face has always been problematic. Neither really understands the others’ need. They come from two different worlds. It is, in my experience,  the poor middle managers who are whipsawed between the two – explaining to their bosses why good cyber structure is needed and understanding of the cost of failure.  And, then, explaining to the people on the coal face why cost remains one of the most important factors despite the potentially troublesome challenges of a “lesser” solution.

Starting in reverse order, the Third “Cake” Layer I speak of is the technicians/the guys on the cyber coal face. Bluntly, in the land of the cyber “gun fight,” they are the ballistic experts. They speak a very specific tech language and think the guys above them are ignorant or indifferent because they don't understand their language.  The Third Layer wants more support and rarely understands the cost factor. It is their world. They know what needs to be done to make it work.

The First Layer is composed the Senior Managers whose lives are devoted to cost, profit and explaining to their overlords the levels of success and failure. They are “gun slingers”. They just want their “gun” to work. They can spell IT. They have a vague idea about exactly what cyber does as primarily it costs them money -- off the bottom line, without any real metrics as to return on investment and the potential of losing their jobs if something screws up.  They could use some education too - but they haven't got the time or, in many cases, the inclination.

And, then in non-ordinal order and an unenviable position, is the Second Layer -- the mid-level managers.  Paraphrasing the late American U.N. Ambassador Adlai Stevenson, they are the peaceful makers who catch hell from both sides.  The Second Level need to know enough about what Level Three is doing to explain it to Level One. And they need to know what Level one is facing to guide the efforts in Level Three.  

An Educational Opportunity Missed

Frankly, few schools have dealt with the Second Layer problem.  They favor extensive training for the coal face; engineering schools devoted to systems management and software development, for instance. And they occasionally give seminars for the First Level – usually as corporate retreats with everyone distracted by their I-phones as they try to run their business from afar. They rarely attempt to educate the Second Layer.  I think that is a major mistake.

We need to develop more classes that bridge that Middle Management gap - creating understanding of cyber needs and structure in both a policy way and a tech way.  We don’t need cyber experts, but we do expertise; a basis of understanding that allows for the needed translations.  

In other words, Level Two need to understand the general substance of the tech problems that are brought to them so they can explain it to the Decision Maker – who ultimately risk manage the cost versus potential failure of the organization. And these Middle managers need to explain to the cyber guys on the coal face why Level One are concerned about cost and to better explain what the decision makers risk assessment is – what is possible given cost.

Until that gap is closed, we are going to continue to go around in this endless loop of failure where the managers blame the IT guys and the IT guys think the senior managers are hopelessly out of touch.

Frankly, the American public ultimately pays the price for this gap. They deserve better. And, in my opinion, colleges and universities are missing a whole segment of a very large potential student population.


Ronald A. Marks III is a Visiting Professor of Cyber and Intelligence at George Mason University’s Schar School of Policy and Government.  Marks has also spent two decades managing or owning cyber related enterprises.


You Might Also Read: 

The Limits Of Social Media Soft Power:

 

« Google Chrome Extension Used To Steal Emails
Publicly Reported Ransomware Incidents Are Just The Tip Of An Iceberg »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / Zero Trust Network Access Guide

Perimeter 81 / Zero Trust Network Access Guide

Curious how you can Implement a Zero Trust roadmap with insights from Gartner? Download this free report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

Combined Selection Group (CSG)

Combined Selection Group (CSG)

CSG are Global Talent Experts, we operate across 7 specialist sectors, including Information Technology and Cybersecurity, and take a pro-active approach to executive search and headhunting.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

Pixm

Pixm

Pixm’s computer vision based approach offers a truly unique and effective means to protect organizations from web-based phishing attacks.

Mindtree

Mindtree

Mindtree is a global technology consulting and services company. Areas of expertise include Enterprise IT Transformation, Data & Intelligence and Cloud Services.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.