Flunking Cyber Education

Uploaded on 2022-08-03 in JOBS-Training, FREE TO VIEW

We live in great times for cyber employment and training.  Rapidly developing and expanding STEM programs in schools.  Congressional bills supporting funding of myriad training programs.  

A recent summit held by the White House on July 19th - under the auspices of the new National Cyber Director - to find ways to encourage people to join the cyber work force and develop education programs supporting the effort.  Lots of talk about the 700,000 person job gaps in the cyber field and the need to fill those jobs.

As a cyber expert and college professor who teaches cyber, I applaud these developments.  But, as someone who is in the cyber business and now in the education game, I tell you it’s not going to be easy. Ignoring whether 700,000 people want to join the cyber community of workers - and not everyone does or has the skills to do so - you have to think of what kind of education you need to do the job. One of the big corporate challenges  - private or public - is not people learning code.  It’s middle managers learning the vastness of cyber, its organization costs, and getting those on the cyber coal face to speak understandably/or translate to those that run the places. Currently, despite best efforts, they are talking past each other.

Three Layers of the Cyber Cake

The connection between the decision makers and the cyber people on the coal face has always been problematic. Neither really understands the others’ need. They come from two different worlds. It is, in my experience,  the poor middle managers who are whipsawed between the two – explaining to their bosses why good cyber structure is needed and understanding of the cost of failure.  And, then, explaining to the people on the coal face why cost remains one of the most important factors despite the potentially troublesome challenges of a “lesser” solution.

Starting in reverse order, the Third “Cake” Layer I speak of is the technicians/the guys on the cyber coal face. Bluntly, in the land of the cyber “gun fight,” they are the ballistic experts. They speak a very specific tech language and think the guys above them are ignorant or indifferent because they don't understand their language.  The Third Layer wants more support and rarely understands the cost factor. It is their world. They know what needs to be done to make it work.

The First Layer is composed the Senior Managers whose lives are devoted to cost, profit and explaining to their overlords the levels of success and failure. They are “gun slingers”. They just want their “gun” to work. They can spell IT. They have a vague idea about exactly what cyber does as primarily it costs them money -- off the bottom line, without any real metrics as to return on investment and the potential of losing their jobs if something screws up.  They could use some education too - but they haven't got the time or, in many cases, the inclination.

And, then in non-ordinal order and an unenviable position, is the Second Layer -- the mid-level managers.  Paraphrasing the late American U.N. Ambassador Adlai Stevenson, they are the peaceful makers who catch hell from both sides.  The Second Level need to know enough about what Level Three is doing to explain it to Level One. And they need to know what Level one is facing to guide the efforts in Level Three.  

An Educational Opportunity Missed

Frankly, few schools have dealt with the Second Layer problem.  They favor extensive training for the coal face; engineering schools devoted to systems management and software development, for instance. And they occasionally give seminars for the First Level – usually as corporate retreats with everyone distracted by their I-phones as they try to run their business from afar. They rarely attempt to educate the Second Layer.  I think that is a major mistake.

We need to develop more classes that bridge that Middle Management gap - creating understanding of cyber needs and structure in both a policy way and a tech way.  We don’t need cyber experts, but we do expertise; a basis of understanding that allows for the needed translations.  

In other words, Level Two need to understand the general substance of the tech problems that are brought to them so they can explain it to the Decision Maker – who ultimately risk manage the cost versus potential failure of the organization. And these Middle managers need to explain to the cyber guys on the coal face why Level One are concerned about cost and to better explain what the decision makers risk assessment is – what is possible given cost.

Until that gap is closed, we are going to continue to go around in this endless loop of failure where the managers blame the IT guys and the IT guys think the senior managers are hopelessly out of touch.

Frankly, the American public ultimately pays the price for this gap. They deserve better. And, in my opinion, colleges and universities are missing a whole segment of a very large potential student population.

Ronald A. Marks III is a Visiting Professor of Cyber and Intelligence at George Mason University’s Schar School of Policy and Government.  Marks has also spent two decades managing or owning cyber related enterprises.

You Might Also Read: 

The Limits Of Social Media Soft Power:

 

« Google Chrome Extension Used To Steal Emails
Publicly Reported Ransomware Incidents Are Just The Tip Of An Iceberg »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

National Cybersecurity Hub - South Africa

National Cybersecurity Hub - South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

Grayshift

Grayshift

Grayshift is the leading provider of mobile device digital forensics, specializing in lawful access and extraction.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

RedHunt Labs

RedHunt Labs

RedHunt Labs is a premier Cybersecurity Solutions provider, offering Attack Surface Management solution 'NVADR' and Penetration Testing services.

Prevasio

Prevasio

Prevasio is a next-gen Cloud Security Posture Management (CSPM) with a built-in Vulnerability and Anti-Malware Scan for Containers.

ClearVector

ClearVector

ClearVector is a leading provider of realtime, identity-driven security for the cloud.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.

Defendis

Defendis

Defendis develops AI-powered cybersecurity solutions for Government Agencies, Banks, and Businesses, designed to helps them contain data leaks, minimise damage, and proactively hunt for new threats.

National Protective Security Authority (NPSA) - UK

National Protective Security Authority (NPSA) - UK

NPSA is part of MI5 and is the National Technical Authority for physical and personnel protective security. By making the UK more resilient to national security threats, we help to make the UK safe.

Dedge Security

Dedge Security

Dedge Security is on a mission to help organizations to create secure Web3 applications and accelerate their businesses with confidence.