Security Awareness Programs & Computer-Based Training

Creating the Cybersecurity Renaissance Man

Expanding IT Security Education Beyond the Technical
Creating the Cybersecurity Renaissance Man
The next generation of cybersecurity professional needs to be schooled not only in technology but in such diverse subjects as law, ethics, business strategy and human relations. In a sense, the IT security expert must become a renaissance man or woman to meet the challenges of securing IT systems in a dangerous world where comprehending human behavior will be as crucial as understanding bits and bytes.

"We should be developing a new breed of multidisciplinary cybersecurity experts educated in the areas of people, such as psychology and organizational behavior and processes, such as management, business process and the law," says Anita D'Amico, a PhD psychologist who is director of the Secure Decisions division of Applied Visions, a maker of cyber-situational awareness software.

Security practitioners traditionally have been trained rather than educated, D'Amico says, with an emphasis on specifics applications, tools and techniques rather than gaining an understanding of the principles and behaviors that inform cyber security. It's a point others endorse.

"There is a need for multidisciplinary courses that introduce important matters relating to management, law, policy, human behavior, and the international dimensions of cybersecurity," says Seymour Goodman, professor of international affairs and computing at Georgia Institute of Technology. "Only a small number of universities have serious courses of this kind. They should be designed with the intention of facilitating export to many institutions since few have faculty in positions to work on these aspects at this time."

D'Amico says those training future cybersecurity professionals need to understand why perceptions of security risk does not match reality. "Risk perception is critical to helping us understand how to motivate secure behavior, make better decisions and create policies that discourage destructive or invasive behavior through real consequences," she says.

Cornell University Computer Science Professor Fred Schneider envisions a cybersecurity professional degree that not only would cover technical subjects - computer security principles, distributed systems and networking, systems reliability, software engineering, cryptography and - user interfaces and human factors - but non-technical ones such as cyber-law (intellectual property, communications and privacy law), ethics, economics of computing and networking, business strategy and human relations, including the management of people.

Schneider proffers a multidiscipline undergraduate program for system trustworthiness, which he says would be analogous to pre-law or pre-med, with courses offered from various academic departments.

"This broad education would enable a cybersecurity professional to use all conceivable technical and policy tools for achieving trustworthiness," Schneider says. "It would also ensure that solutions could be evaluated in a broader societal context, so that risk-management and trade-offs between different social values - such as privacy versus accountability - can be contemplated."

The comments from D'Amico, Goodman and Schneider come from testimony they submitted to the House Committee on Science and Technology's Subcommittee on Research and Science Education. Here are related stories based on their testimony:

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.