In March 2020, the global working population endured a mass migration from office work to work from home, leading to a huge increase in the number of remote connections through which people interact with their co-workers. In a survey by IBM Security, over 53% of those polled reported using their own personal devices for work while 90% reported conducting business over home networks – all of this without added security measures in place. For this reason, cybersecurity work is not just becoming increasingly important, said Joseph Greenfield, associate professor of Information Technology Practice at the USC Viterbi School of Engineering, but also one of the fastest growing industries. College cybersecurity programs are stepping in to meet this demand.
“The first student who enrolled with this curriculum in 2006 was interested in cybersecurity. The Intelligence and Cyber Operations program (INCO) – now in its third year – was born out of an increasing need to fulfill students’ interests and meet an emerging gap in a critical industry,” Greenfield said.
The INCO program focuses on an interdisciplinary approach to cybersecurity. Said Greenfield: “Cybersecurity is not just an engineering problem, because there is a big human element to it. INCO creates a natural pairing between topics like geo-politics and applied technical cybersecurity.”
With over half a million job openings in the industry and with increased reliance on insecure networks and infrastructures, Greenfield said that now more than ever, students pursuing college cybersecurity programs are essential to keeping data secure. And cybersecurity represents one of the most stable fields.
The COVID-19 pandemic accelerated a phenomenon that was already in progress: mass migration to remote work. Nearly overnight, companies abruptly shifted from a primarily on-premises workforce to a majority work-from-home configuration. Many experts speculate that many employees may remain in a remote arrangement indefinitely.
This has brought to light concerns over safety and security procedures, while at the same time creating an even bigger gap between available jobs and qualified specialists to fill them.
New and increased concerns lie in securing remote workers who are using home networks, personal devices, and personal applications to connect to company assets, rather than working behind a corporate firewall.
Greenfield said, “This [college cybersecurity program] is about meeting today’s needs and our future needs as well. These problems are not going to go away.”
Design of college cybersecurity programs
Interdisciplinary programs are buzzworthy in today’s academic lexicon – largely because modern professions largely need expertise across multiple topic areas.
In designing the program, Greenfield and Richard Fliegel, associate dean of undergraduate programs at USC Dornsife College, created a balance between the technical aspects and the human and cultural aspects.
“We knew that half of the program had to be an understanding of why cybersecurity is an issue,” Greenfield said. “What do students need to know about the regions where cyberattacks come from?”
This program focuses on four international geographic regions: Russia/Eurasia, the Middle East, East Asia and Africa. Greenfield said that it is necessary to better understand motivations and desires that tie into “threat intelligence” from these regions.
“The more you understand about a potential adversary, the more you understand why you and your organization are a target and what data they’re going after,” Greenfield said.
Different motivations, like religion or financial desires, can help cybersecurity professionals better understand not only how to mitigate current threats, but prevent future attacks, Greenfield said. “If a hacker’s motivation is monetary, he doesn’t want you to go out of business, but if it’s religious, then wholesale destruction isn’t off the table.”
This breadth of focus is a huge selling point to incoming students in college cybersecurity programs. USC Viterbi senior Paige Godvin said the program combined interest in a breadth of topics including technology, international relations, and the Middle East.
In the program, she took a particular affinity to “social engineering.” “This is the idea that psychology and human tendencies can be leveraged to gain access to certain systems – whether they be physical or digital. It allowed me to use my knowledge of psychology [which I gained through a general education course] in a relevant fashion to cybersecurity and red-teaming (providing simulations that expose how well prepared a company/individual’s networks are to real-life attacks) in particular,” she said.
Sama Manchanda said the INCO program gave her the confidence to pursue cybersecurity as a profession.
Manchanda said: “One of the most memorable classes I took was Advanced Digital Forensics, taught by Professor Greenfield. We got to put our skills to the test with mock cases and labs. They truly prepared me to be successful in my current role as a digital forensics consultant. Today, I apply the basic set of skills and knowledge that I learned in my security classes every day, to help clients identify, detect, respond and recover from cybercrime incidents, which happen on a daily basis.”
The grand challenges of engineering and humanity
“There’s been discussion on how to use AI to achieve this goal, however, as long as there is some human element to cybersecurity, I don’t think AI will be a sole viable solution. You need to educate more people and approach the problem from a community perspective,” Greenfield said.
In other words: it takes a village to secure a village. If there is a single weak point, Greenfield said, there will be a breach no matter how much technical protection is in place.
“Today, many companies have pivoted to nearly entirely digital platforms. However, as we go more and more online, it creates more and more risk. Most organizations don’t fully understand this, and often won’t, until they experience a breach,” Greenfield said.
Achieving gender parity via college cybersecurity programs
According to Cybersecurity Ventures, there will be up to 3.5 million job openings by 2021. Meanwhile, women make up only 20% of the cybersecurity workforce. While that’s up from a mere 11% in 2013, there’s still a great opportunity to close this gap.
Karla Rivera, an academic advisor for USC Dornsife undergraduate programs, said that historically, the INCO major began with a close balance between female and male students enrolled. Currently, of 79 students, 43% are female.
Part of INCO’s role is also shifting the demographics of the cybersecurity industry.
Greenfield said both providing the best foundation for decision-making and diversifying the decision-maker pool through college cybersecurity programs were key in keeping up with threats. “At the end of the day, cybersecurity is advising decision makers to make the right decisions,” Greenfield said.
Tabletop card game teaches cybersecurity fundamentals
Teaching the next generation of cryptographic hardware experts