Amid acute shortages of cybersecurity professionals, acting information security (InfoSec) experts are questioning the relevance of the formal education they received, Kaspersky’s new global research shows.
The survey revealed that one in two cybersecurity professionals were not able to confirm the usefulness of their academic training when it came to helping them in their current role.
As a result, these experts have to invest their resources in further training to tackle the ever-evolving threat landscape and keep up with industry developments.
According to ISC2, the world’s leading organisation for cybersecurity professionals, the existing cybersecurity workforce needs to grow almost two-fold to run at full capacity and support the global economy.
To explore the root causes for the current cybersecurity skills shortage and the lack of InfoSec professionals, Kaspersky commissioned a global study¹ that takes a closer look at the educational aspects of the problem and the influence it has on the career paths of these experts.
Many InfoSec experts point out that the education system is detached from the realities of cybersecurity, resulting in a lack of applicability when it comes to real-life work experience: almost every other professional believes the knowledge taught in formal education was somewhat (14%), slightly (13%) useful or of no use at all (24%) when it came to fulfilling their job duties.
To determine the factors that might be holding back the educational field, respondents were asked additional questions. Less than half of respondents said their college or university programme offered them hands-on experience in real-life cybersecurity scenarios as live projects: 23% ‘strongly agreed’ with this statement, and 26% ‘somewhat agreed’. In addition, access to the latest technologies and equipment, and the quality of internships emerged as the weakest aspects of cybersecurity education.
While one issue is the quality and relevance of educational programmes, another is the availability of cybersecurity and InfoSec training per se. For instance, half of current cybersecurity experts believe that the availability of cybersecurity or information security courses in formal higher education is either ‘poor,’ or ‘very poor.’ Among professionals with two to five years of experience, this figure soars to more than 80%.
“Cybersecurity education is facing certain challenges when it comes to keeping up with developments in the cybersecurity industry,” comments Evgeniya Russkikh, head of cybersecurity education at Kaspersky. “The rapidly evolving nature of cyber threats means that educational programmes often struggle to ensure their content is up to date, leaving cybersecurity professionals with knowledge gaps.
“At Kaspersky, we help universities overcome these challenges and ensure continual learning and adaptation for young professionals by integrating the leading expertise of our industry experts into educational curriculums so that they combine practical hands-on experience with theoretical knowledge.”