“Forget what you learned in college” is one of the most common things a recent graduate hears during their onboarding as they finally get to put their newfound knowledge—the one they’re now apparently required to forget—to use. This process is not always smooth, needless to say. Be it soft or practical skills, there is never a lack of articles and surveys revealing the discontent among employers feeling that graduates are ill-equipped for the job. Cybersecurity is not exempt from the trend, and woefully so, because demand for cyber talent is soaring, and the cost of not having solid defenses is on the rise as well.
Filling a cybersecurity vacancy is often a struggle for a company, as they face a whole range of issues throughout the process. The field is notorious for its major workforce gap, which forces businesses to compete for skilled professionals. Besides demanding a lot of effort, the process is also quite time-consuming, as such vacancies on average take about 20 percent more time to fill compared to other IT-related positions. This adds to the pressure on the company and its cybersecurity team, who are forced to tackle the defenses while understaffed for longer, overwhelmed and exhausted.
Once the contract has been signed, the struggle often continues, some signs indicate, as the new hires, fresh from the college, still need a lot of training. A survey by McAfee and the U.S. Center for International Studies revealed that only 23 percent of employers thought a cyber degree prepared the graduate for a cybersecurity job. The more general Computer Science degree holders did not fare much better in terms of cybersecurity, so much so that the issue drew the attention of the U.S. House of Representatives.
Given the proliferation of cybercrime, any day the new cyber employee has to spend training could mean a cyberattack that has not been tackled properly. This does not have to be this way, though, and the higher education system can work to change the status quo for the better. The problem largely comes down to its focus on the theory. You can’t swim without getting wet, Roger Pielke once said, and, by extension, you can’t learn to swim without getting in the water. Cybersecurity training has to get more hands-on, offering the students an opportunity to develop their hard skills while not making any compromises on theory.
You can’t learn to swim without getting in the water
Universities and colleges need to do more to equip students with practical skills and help them build up the “muscle memory” they will need when working in the field. This will be beneficial both for the students, who will be able to bolster their CVs with the hard skills they have under their belt, and companies, which would not have to spend as much time on introducing their new hires to the job. Thankfully, in today’s world, schools looking to add hands-on training to their programs have a variety of options to choose from.
The most traditional method of introducing students to the real-life workflow is placing them for internships at various companies. In theory, this is as hands-on as it can get, with students learning the ropes and networking as part of an established business operation. However, critics often argue that internships, which are often unpaid, foster the wealth gap and have a larger negative impact on the job market. Such flaws could make us want to reconsider and revamp internships as a mechanism rather than doubling down on them.
A better option for schools is to embrace the digital era and employ interactive learning tools. Hands-on training not only makes the learning process more engaging and entertaining, but it also beefs up students’ educational outcomes. Active learning has proven to be especially effective in STEM studies, and education strategies incorporating it see students perform better.
Virtual learning environments showcase real-life incident response scenarios and introduce learners to the tools and methods they will be using on the job. Furthermore, interactive labs and red team exercises can foster the cybersecurity mindset in students, allowing them to focus on applying their knowledge to solve true-to-life problems in a realistic environment. They also teach students soft skills, such as communication, teamwork, and time and task management, which can make the distinction between doing a good job and doing a great job.
Cybersecurity is a field where a lack of hands-on practice can be the decisive factor in making or breaking a graduate’s career, especially at a time when they are facing increased competition in the wake of the pandemic-induced hiring slump. Cybersecurity graduates are no exception to this, and by giving them a robust practical skillset alongside deeper theoretical knowledge, schools can help them build the foundation for their professional success.