Security

Are cybersecurity bachelor's degrees worth the time?

Some are pushing the need for cybersecurity degree programs, but would those graduates lack the general IT skills necessary?

Cybersecurity is a major issue right now. However, there is a shortage of professionals who are trained to work within that area. So is the best way to deal with the shortage of cybersecurity professionals to funnel students into cybersecurity degree programs? Ira Winkler wrote a thought-provoking piece for ComputerWorld that raises the question: How valuable would cybersecurity degree programs be?

Basically his argument is that if you offer a college program that is all about cybersecurity, then you're graduating people who won't have the general tech background that is needed to make proactive decisions in regard to security or any technology. He says,

"The issue is to create not a handful of people who have a little extra specialized education, but to ensure that the future computer professional community, as a whole, at least has the fundamental knowledge to begin proactively securing their work products."

It would be great if learning institutions taught a general IT curriculum first and then allowed students to have a concentration in an area like security. But, as Winkler points out, few of the textbooks used in computer science have even one chapter devoted to security. And it doesn't look like this issue can be fixed easily because of the lengthy approval processes curriculums have to go through.

Some might make the argument that there will be a plethora of cybersecurity jobs just waiting on the cybersecurity graduate. But, as Winkler points out,

"Take a look at the NSA's cybersecurity professional development program. It wants people with strong programming skills. But many cybersecurity undergraduate programs do not offer any programming coursework. It's been cut out to make room for more classes in things like writing security policies."

I wonder if colleges couldn't offer a post-bacc specialty that could be pursued after a graduate gets a degree? Sort of like med school. It would mean extra time in school, but wouldn't it be worth it?

About

Toni Bowers is Managing Editor of TechRepublic and is the award-winning blogger of the Career Management blog. She has edited newsletters, books, and web sites pertaining to software, IT career, and IT management issues.

11 comments
XCobra9
XCobra9

I need an opinion from someone that’s been in the IT security field for a while or an IT Security manager.

I’m going for a Business Information System degree that has a specialization in IT Assurance including a class for Security+ (total of about 4 classes for the specialization). I’m currently working in the IT Service Desk (first level IT) department of a corporation and I will have about 2-3 years experience by the time I finish my school. Will this type of bachelor degree and the experience be enough to get me my first IT Security job?

sai5002
sai5002

As someone who will graduate in just less than two weeks with a bachelor's degree in Security and Risk Analysis (SRA) from Penn State, I disagree with this article. I started out in the Information Science and Technology (IST) program, but switched to SRA after it started being offered. I am a driven individual and know a great deal about IT. Often I believe that my peers and I know more about IT than regular IT majors. One of my specialties is programming even though there is only one programming class required for the SRA program. I've written an app for both iOS and Android. I've taken several of the computer science programming courses just for fun. Apart from courses centered on network security, cyber forensics, policy, the legal environment of IT, and a few others; the bulk of the course work comes from the general IT programs. The fact that my peers (both graduating this semester and next) have already accepted very promising job offers from big companies like PNC, Accenture, and Capital One shows the promise this type of degree program can have. The SRA program at Penn State is even endorsed by the NSA. I can't speak for the other universities offering cyber security programs, but the SRA program at Penn State is not what is described in this article.

bobdavis321
bobdavis321

I have been in IT for over 35 years. "The Internet used to be like going to a library and looking at books. Now it is like walking through a mine field." - me EVERYONE in IT needs serious security training! BTW I have NO college degree, but I have been to several colleges......was even the head of IT at one.

Datacommguy
Datacommguy

As we've discussed so many times, it depends on who's doing the hiring. If it's up to HR, then a degree which appears to fit in well with the job title could be the final deciding factor. If the IT manager gets to review the candidates, he/she will be much more likely to look for experience and background. For decades now, job postings have usually included some reference to a BS in Computer Science but also included 'or equivilent experience' buried in there as well. And even now, many of the managers started in 'Data Processing' long before there even was a degree in Computer Science and are very comfortable hiring someone who has a proven record.

Dr_Zinj
Dr_Zinj

A graduate of a bachelor's level degree in cyber security would be pretty darn worthless as an employee, and totally unfit as a solo entrepreneur. You need the background in hardware and software that a BS in Computer Science or Information Systems gives you as the basics. And at least 3 to 5 years of actual experience. If anything, a cyber security certificate program on top of the BS, or in conjunction with a master's program would be acceptable.

AnsuGisalas
AnsuGisalas

It sounds like a stillborn idea. It would be far more worthwhile to have it as a Master's Programme (2 years of narrow-field advanced studies to build on top of a Bachelor's degree that has 3 years of wide-focus general studies). Like a Bachelor's degree in Networking with a Master's programme booster pack of hardcore infosec specialization.

Charles Bundy
Charles Bundy

are as ephemeral as the industry itself. Today it is cyber security, but two years from now who knows? Higher education should concern itself with fundamental concepts. Unfortunately colleges often go off in the weeds by teaching fundamentals without considering specific application. Thus formal education is often highly overrated by all concerned. Worse it doesn't prepare the newly minted for gainful employment outside of academia. Thus I would have to say "run screaming" from any such specific degree. Certification program on top of a degree would be my advice. And CEU requirements for said specialty would be useful. At the very least it might formalize/normalize ongoing IT training.

tusharnene
tusharnene

bboyd above has it right. that kind of cybersecurity degree (replacing coding with more policy coursework) should in my opinion be replaced with concentrations. many facets of the subject could covered by offering concentrations in computer science, computer/electrical engineering, MIS and business, both at the undergrad and graduate levels. this would ensure that schools are graduating a number of different folks (engineers, IT/IS, computer scientists and managers) that not only hit all of the security targets industry is looking for, but do it without sacrificing the technical background needed to really make it work.

bboyd
bboyd

They are like most degrees focused on the "wants" of business. The old horse analogy set the tone right. A race horse designed by committee is a mule. Why does the world have so many types of horses or cars or weapons systems. Not one fits all jobs. If you design one to do so you will get a tool unsuited to performing well at most any job except the unglamorous ones like a mule. These degrees are needed but they will take a while to mature. Personally I've always thought they needed to be specialties of IT and CS degrees. In my career field, mechanical engineering, a similar field industrial engineering is being absorbed into the degree as a specialty.

AnsuGisalas
AnsuGisalas

if it's open to people with existing degrees in related fields, as well as people with less academic background, but with solid work experience, it could be a real gem.

mikewor
mikewor

You have Master's for Database, Networking, Human Computer Interaction etc. Security has to be a Master's level that build on the Bachelor's