Guide to Choosing a Cyber Security Degree Program
What is Cybersecurity?
With an increase in cybercrimes, Cybersecurity has grown in importance among both companies and individuals. Cybercriminals are becoming more sophisticated using advanced tools to commit an increasing number of crimes within a shorter period of time. In 2005, there were 157 data breaches reported in the U.S., with the number increasing to 783 (almost +500%) in 2014 and 1,244 in 2018. The number of records exposed has surged from 33.6 million (2016) to 446.5 million (2018) (Statista).
Cybersecurity is defined as the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access (Digital Guardian). As more private information is being digitized, the threat of cybercrimes continues to increase, making advanced Cybersecurity a top priority for companies and heightening the need for Cybersecurity professionals. Cybersecurity spending in the U.S. is estimated to have reached $66B in 2018 (Statista).
What Careers are Available in Cybersecurity?
The U.S. Bureau of Labor Statistics estimates the expected job growth in Cybersecurity will be 28% through 2026. As the demand for Cybersecurity professionals outpaces the pool of qualified applicants by 25% (Cap Gemini Cybersecurity Talent Report), companies are forced to offer lucrative salaries to attract much-needed talent. The highest paid Cybersecurity positions include DevSecOps Engineers, InfoSec Managers, Application Security Engineers, Network Security Engineers, and Cybersecurity Engineers (CIO). Experienced professionals working in these positions can garner salaries between $100K to $200K, on average, making it one of the highest paid fields due to the high demand and low supply of available talent.
Besides a degree or coursework in Cybersecurity, those interested in pursuing a career in this field should remain current on specific cyberthreats and best practices used to address those threats. Soft skills such as communication and teamwork to ensure that security issues and threats are dealt with in an efficient and timely manner. Specific job requirements and responsibilities for Cybersecurity positions will vary across different organizations and industries, with some jobs having a slight overlap.
Cybersecurity Engineers can have a diverse set of responsibilities, but in general, they are tasked with protecting a company’s network, computers, and data from potential threats of attacks and unauthorized access. More specifically, their responsibilities would include testing the security infrastructure and identifying weaknesses, responding to and troubleshooting problems, responding to and addressing security breaches and the overall planning and management of the company’s systems and data security.
Network Security Engineers focus their efforts on a subset of Cybersecurity Engineers’ responsibilities, including safeguarding data that is sent through devices on a company’s network. They are tasked with keeping a company’s networks and systems safe from hacking threats and unauthorized access to data. Job responsibilities may include the configuration of routers, firewalls and VPN’s. In addition, Network Security Engineers may be responsible for executing network security assessments, developing policies to keep networks secure, and contributing to the creation of disaster recovery strategies (Infosec Institute).
The role of Application Security Engineers has become more vital over time as industries’ use of applications increases. IT professionals in this role are responsible for the implementation, testing and secure operation of applications used by a company. Application Security Engineers ensure that these applications are secure through continuous testing and debugging. Engineers in this role also review code to identify improvements that can be made to the security of the application.
InfoSec (Information Security) Managers oversee a team of Information Security Analysts tasked with keeping applications and systems secure. More importantly, well-qualified Info Sec Managers can see the bigger picture of Cybersecurity situations and determine a plan to quickly and effectively address them. InfoSec Managers also govern security procedures and strategies and are responsible for communicating them to other department heads within the organization. Overseeing improvements and upgrades to a company’s infrastructure also falls within the responsibilities of an InfoSec Manager.
The main role of DevSecOps (Development, Security, and Operations) Engineers is to ensure the development of secure software by DevOps (Development and Operations) Engineers. They work alongside them during the software development process, continually testing the software for potential security threats. IT professionals in DevSecOps roles require an advanced knowledge of automation tools that test the vulnerabilities of software during development.
What Cybersecurity Degree Programs are Available?
With the demand for Cybersecurity professionals outpacing the available talent, there has been a steady increase in degree programs available in this field. When selecting a program, applicants may consider Ponemon Institute’s list of the best Cybersecurity degree programs as well as the National Security Agency’s Center of Academic Excellence (CAE) Cyber Defense (CD) designated schools.
Associates in Cybersecurity
Most Cybersecurity jobs may require a Bachelor’s degree, but earning an Associate’s degree can lead to entry-level jobs in the industry. However, for those currently working in a different area within IT, an Associate’s degree can help change their focus to Cybersecurity without having to enter a Bachelor’s degree program, which requires a longer time commitment and larger financial investment. Others seek an Associate’s degree in Cybersecurity as a means to gain acceptance to a Bachelor’s program, as many institutions will accept transfer credits to fulfill degree requirements.
When pursuing an Associates degree in Cybersecurity, students can concentrate their studies in a few different areas. Some examples include Security/Information Assurance, Network Security/Administration, and Computer Forensics. Learning institutions offer slight variations in concentrations and curriculums.
There are many options to choose from when selecting a program, including online learning opportunities. Many local community colleges offer an Associate’s program, making the degree affordable for many. Programs take two years (four semesters) to complete if attending full time, but some programs may offer accelerated options that take 1.5 years.
Bachelor’s in Cybersecurity
Earning a Bachelor’s degree in Cybersecurity will give graduates the qualifications to apply to entry level and, in some cases, managerial jobs in the industry. There are many colleges that offer traditional four-year Bachelor’s degree programs in Cybersecurity requiring students to attend classes in-person. However, there are many reputable online programs that offer more flexibility for students looking to work while earning their degree. Online programs expand the options available to interested students as geographical location is eliminated as a program selection criterion.
A well-rounded Bachelor’s degree curriculum may include topics in Digital Forensics, Cyber Law and Policy, Ethical Hacking Principles, and Business Processes in addition to introduction courses in Computer Science and Programming. As curriculum varies across institutions, naming conventions for degrees granted also can differ. For example, Rochester Institute of Technology offers a Bachelor’s in Computing Security. Other colleges offer more general Bachelor’s degrees with the option to concentrate coursework in Cybersecurity or Information Security. Boston University students in the Bachelor of Computer Science program can elect a Cryptography and Data Security concentration if they are interested in pursuing a career in Cybersecurity.
Top learning institutions for Cybersecurity Bachelor programs have substantial investments made to this area of study. The University of Maryland has established the Maryland Cybersecurity Center with a mission of research, education, and outreach. The Center facilitates many opportunities for undergraduates interested in the Cybersecurity industry. The ACES program (Advanced Cybersecurity Experience for Students) gives participants valuable opportunities to be mentored by industry professionals and take part in innovative research.
Master’s degree in Cybersecurity
Those IT professionals looking to advance their Cybersecurity career or transition into this field may benefit from pursuing a Masters in Cybersecurity. Although an advanced degree is not required to enter the field of Cybersecurity, the degree helps graduates market themselves competitively when applying for higher paying positions that may have more managerial responsibilities. Some Masters programs may require capstone or thesis projects that showcase the skills and knowledge attained as a graduate student. These projects provide valuable experience that can be highlighted when pursuing Cybersecurity positions.
A Bachelor’s degree is a prerequisite for Masters in Cybersecurity degree programs, with some requiring it to be Computer Science related. Professional work experience may be required as well, as many programs find it helps students gain a richer experience during their Masters program. More reputable programs require a competitive grade point average (GPA) to reflect the student’s ability to handle the rigorous course load. Many programs look to accept applicants with a GPA of 3.0 or higher.
In most cases, pursuing a Masters degree in a Cybersecurity area will require students to select a specific topic of concentration. Examples of concentrations include Network Infrastructure, Computer Security, Compliance, Medical Data Security, and Information Assurance. Curriculum may include coursework in Network Security, Applications Security, Ecommerce Security, Cyber Ethics, Software Engineering, Applied Cryptography, Cloud Computing, and Digital Forensics. Required and elective course offerings will vary across programs and applicants should ensure the Cybersecurity courses of interest to them are offered before applying.
The high demand for qualified Cybersecurity professionals has resulted in an ample selection of programs from which applicants can choose. Available programs include both online and traditional in-class programs. Full-time Masters programs typically require two years or four semesters to complete, while part-time programs allow the flexibility for students to continue working while taking courses but will take longer to complete. Students may graduate with a Masters degree in Cybersecurity or a Masters in Science degree with a specialization or concentration in Cybersecurity or a more specific area within this field.
Graduates who earn their Master’s degree in Cybersecurity have many well-paying career options to choose from. An advanced degree can command higher salaries for positions similar to those requiring a Bachelors degree but with a higher level of responsibilities. In addition, a Masters degree can pave the career path for those wishing to pursue managerial or executive level positions such as Security Director, Lead Software Security Engineer, and Chief Infosec Officer.
What are Examples of How Cybersecurity is Utilized in the Real World?
Cybersecurity in the Field of Medicine – The electronic health record (EHR) system was developed to increase the accessibility of health records for patients and their healthcare providers and improve the overall efficiency of patient care. Although medical professionals, hospital administration, and patients recognize the benefits of EHR systems, there is growing concern over network and data security as it relates to patient records. The U.S. government acknowledged potential threats posed by the digitization of patient records through its establishment of the Health care Industry Cybersecurity (HCIC) Task Force. The HCIC’s aim is to research Cybersecurity in the healthcare industry and make recommendations to hospitals and clinics.
As hospitals made substantial investments in EHR systems, a relatively smaller level of resources was dedicated to Cybersecurity. Because of the inequality, hospitals are playing catch up to build up security for its EHR systems. It has been less than ten years since hospitals have begun to devote resources to protecting patient data, and the systems that house this data, from external attacks and unauthorized access. Although hospitals and healthcare clinics are recognizing the need to invest in Cybersecurity, many of the smaller ones do not have the necessary financial resources to devote to it. Because the U.S. healthcare system is interconnected, this poses a problem for larger facilities which can be exposed to cyberattacks through the unprotected systems of smaller clinics and hospitals.
In addition to investments in hardware, the healthcare industry is looking to continually increase its expenditures on human capital in IT through the training and hiring of qualified Cybersecurity professionals. More healthcare facilities are hiring professionals such as Network Security Engineers or Cybersecurity Engineers who proactively test the EHR systems for vulnerabilities and address them. The healthcare industry also looks to executive and managerial level administrative employees to create security policies and promote a culture that prioritizes data and system security. Educating all healthcare employees on the threats of cyber attacks and best practices to promote a secure data environment may help alleviate some of the external threats on the system.
With 39% of healthcare organizations reporting daily or weekly cyberattacks on their systems and 44% experiencing a crypto mining or ransomware attack (Radware Report), the healthcare industry was the second most targeted sector behind the government. The constant threat of an attack warrants a clear and detailed response plan to be formulated to mitigate the costly effects. Having a thorough and well-communicated plan allows healthcare IT personnel to react quickly to cyberattacks.