By Leslie Mertz
We live a connected life, but it’s not necessarily a secure connected life, says Daniel Shoemaker, Ph.D., professor and director of the cybersecurity program at University of Detroit Mercy in Detroit.
“This is a national security issue at the highest level. The United States population is about as exposed as it could possibly be, and the same holds true for local businesses. The image I use is that we are a flock of sheep, and the only reason we haven’t been eaten by the wolves is that the wolves haven’t gotten around to us yet.”
The danger doesn’t end there. Any interconnected device is vulnerable to hacking, not only to steal personal information but also potentially to alter the function of those devices, according to Barbara L. Ciaramitaro, Ph.D., chair of decision sciences and director of the Center for Cybersecurity Leadership at Walsh College in Troy, Mich. That includes smart stoves and refrigerators, wireless home security systems and even baby monitors.
“A 2014 study by Hewlett-Packard found that 70 to 80 percent of these devices didn’t even have basic security, so breaching them is a tremendous problem. We’re talking about things like stopping interconnected healthcare devices from working properly and hacking smart automobiles, so these are things that can do actual physical harm. These are the issues cybersecurity deals with,” Ciaramitaro says.
“Cybersecurity is the one area that has negative employment. We have more jobs available than we have people in the pipeline.”
– Daniel Shoemaker, Ph.D.
Centers of academic excellence
To counter the increasing risk of having personal information stolen and interconnected devices hijacked, five educational institutions in Michigan have developed curricula focusing on cybersecurity, and become National Security Agency (NSA) Centers of Academic Excellence in Cyber Defense Education. They include Walsh, University of Detroit Mercy, Eastern Michigan University in Ypsilanti, Ferris State University in Big Rapids and Davenport University in Grand Rapids.
The college programs vary. University of Detroit Mercy, for instance, offers a master’s degree in cybersecurity. Walsh offers a master’s degree in information technology with cybersecurity coursework, bachelor’s degree in information technology with cybersecurity coursework, a new cybersecurity concentration and a cybersecurity certificate for graduate students.
All of the programs at the five institutions meet NSA requirements and follow the academic framework spelled out by the National Initiative for Cybersecurity Education (NICE). The institutions are also members of the Midwest chapter of the Colloquium for Information Systems Security Education (CISSE), which provides a venue for discussions about trends in cybersecurity and the best ways to prepare students in the field.
In addition to the guidance of the NSA and NICE, and collaboration afforded through CISSE, insights from experts are critical to providing students with training in the field of cybersecurity, which is constantly evolving as new threats emerge, Shoemaker says.
“What we’re trying to do is give our students the most advanced knowledge from authoritative sources.”
Ciaramitaro agrees. One of the ways that Walsh stays up to date is by hiring experienced professionals as adjunct instructors for its courses, she says.
“We bring in people who are on the cutting edge of cybersecurity, so they can pass along up-to-the-minute information to students.”
In high demand
The demand for employees with cybersecurity skills is already at a fever pitch, and shows no signs of letting up, Ciaramitaro says.
“At every conference I attend, I hear again and again from industry leaders and business owners that they cannot fill their cybersecurity positions. The need is everywhere. It’s in healthcare, finance, manufacturing, education… I can’t think of any area that isn’t short of cybersecurity employees.”
As an example, Shoemaker notes that even the Department of Homeland Security was only able to fill half of the 700,000 jobs it advertised two years ago.
“Cybersecurity is the one area that has negative employment. We have more jobs available than we have people in the pipeline,” he says. “That’s why students are enrolling in our programs. It’s an area where they can find a job.”
Shoemaker says two primary types of positions are available. One is an entry-level cybersecurity threat analyst, which has the task of identifying areas of weakness or vulnerability that could potentially be exploited. The second is a higher level position known as a cybersecurity architect.
“Cybersecurity architects are the people who put together the defenses, which can include everything from building firewall configurations to ensuring that employees aren’t engaging in insecure activities or that one of your internal people isn’t purposely stealing you blind,” he says.
Whether the job is cybersecurity threat analyst or cybersecurity architect, education in the field is a marketable asset for a huge variety of professions. Ciaramitaro provides examples.
“One of our graduate students is just finishing. With her cybersecurity education, she has been able to move from a help desk position at an automotive company to a position on the company’s cyber-incident team. Another student who was in our undergrad program is a police officer, and his education in cybersecurity helped him pass the test for Certified Information Systems Security Professional certification, which is highly desirable certification in law enforcement,” Ciaramitaro says, adding, “There are a lot of other stories just like those.”
The five Michigan Centers for Academic Excellence are providing an important service for their students, for local businesses and for the state overall, Ciaramitaro says.
“Michigan is a stronghold of finance, healthcare and manufacturing, and cybersecurity touches all of them. We need to build cybersecurity talent to support those industries, and we need to educate our students to provide it. Through the five Centers of Academic Excellence in Michigan, we are doing that.”
Competition Builds Security-Savvy Youth
In this age of online and wireless communication, even kids need to understand that they are not immune to cybercrime. One way to reach the younger generation is through the Air Force Association’s CyberPatriot Youth Cyber Defense Competition, according to Colloquium for Information Systems Security Education director Tamara Shoemaker, who is championing the competition among Michigan students.
“Kids know about cell phones and games, but this national virtual competition is something that actually teaches middle and high school students awareness, and helps them get their minds around the idea that while these are great technological tools, there are some things to be careful about.”
The competition is designed as a role-playing game, in which teams of middle and high school students act as information technology professionals hired by a small company to manage its network, find cybersecurity vulnerabilities and fix them. The best teams move on to the National Finals Competition in the Washington, D.C., area, and even get to meet the President, Shoemaker says.
“It’s really an amazing thing.”
She began promoting the competition in Michigan for a couple of reasons. First, it’s easy for teachers to field a team, because it just takes five kids, two functional computers and Internet access, Shoemaker says. Second, the students learn real-life lessons about the importance of protecting their own devices and communications. Finally, the students realize that there’s a need for cybersecurity professionals.
“Overall what we are trying to do is not to scare kids,” says Shoemaker, “but to empower them, and as an added advantage, interest them in pursuing a career in cybersecurity, which will benefit them and the business community in Michigan."