Why a Cybersecurity Career: it’s not just about hacking, professor says
September 18, 2018It’s no secret that more and more college students are choosing cybersecurity as a major. Career and income prospects are one reason. Many also like the idea of working in a fast-paced, exciting field that tests their problem-solving skills and can involve an element of adventure.
We asked Dr. Mary-Margaret Chantré, a professor of cybersecurity at Capitol Technology University, how young people perceive the cybersecurity field, and what aspects of cyber capture their imaginations and why more and more young people are choosing careers in cybersecurity.
In your experience, what aspects of cybersecurity seem to have the strongest appeal to young people?
They’re very interested in hacking – learning how to get into a system, how to keep someone from doing something that they want to do. They also want to know how to defend a system, locate vulnerabilities, and target where the threat is coming from. The war-gaming and competition aspects of cyber are a big draw.
Although they may be fascinated by hacking, many don’t know much about it. Our job as educators is not only to incorporate these skills, but to redirect their thought process in terms of understanding exactly what is needed to penetrate a system.
What are some ways in which these skills are incorporated into the courses at Capitol?
Firstly, I want to stress that we don’t teach students to go out and destroy someone’s computer system. We’re teaching them how to defend ourselves from getting attacked. Students start with the foundations -- the different types of attacks, and the varieties of malware, viruses, and worms. They learn exactly what is out there and what they need to do to defend themselves. They learn risk management and best practices: what to do and not do when using anything that is connected to the internet.
We teach an array of specific skills. Linux commands are one of the most important. We incorporate Python in teaching them how to code and protect their systems. Hardening the system is something we really stress. In essence, that means making your system as secure as possible so that you aren’t vulnerable to attacks.
What are students often surprised about as they explore cybersecurity more deeply?
Typically, our undergraduate students are coming here straight from high school. When they start the program at Capitol, it’s a pleasant surprise for them that they’re not just being herded into a classroom and talked at about theory, having terms thrown at them while they sit at their desks. They crave hands-on, and at Capitol that’s what we deliver.
Of course, they’re going to have to understand the theory and terminology along with it. In my classroom, I endeavor to blend it: I’m talking while they’re working. That way they’re not just sitting there passively. It keeps their interest. Because the students are so eager to get into the trenches and start doing things, there’s a certain resistance to being taught concepts. But they need that knowledge too – for instance, to pass their certifications.
What are some common misconceptions about the cybersecurity field?
As I mentioned earlier, there’s a strong interest in hacking. People think that if they study cybersecurity they will learn how to hack. But that’s only one aspect. Fundamentally, cybersecurity is about learning skills that will help you protect yourself and others, or protect organizations that you work for. You’re learning how to put in the right software, licenses, encryptions, and everything else you need to protect your systems and data.
Yes, when students come to Capitol they will learn penetration testing and things like that. In the competition setting, students do get the opportunity to have fun and do things to test whether the other teams recognize vulnerabilities in their systems. But we’re not teaching them how to go out and launch a ransomware attack against someone. We’re not teaching them unethical behavior; we’re teaching them how to defend.
Let’s say your organization has suffered a serious cybersecurity breach. What should be done?
Security planning and disaster recovery are something we teach here at Capitol from the lowest levels all the way through the graduate courses. It’s that important.
Everyone hopes they won’t be attacked. The reality is that sooner or later they probably will be. Know how to recover from an incident is an important part of the cybersecurity equation. That includes establishing and practicing a disaster recovery plan – it’s almost like conducting a fire drill. Consider that an organization is far more likely to be hit by a cyber attack than experience a fire. Attacks are highly probable. The difference between good and great in an organization often depends on how prepared they are to recover from them.
It’s also important to look at attacks in the past, and to make sure that the vulnerabilities that were discovered then have been mitigated.