Universities rush to meet cybersecurity job demand

  • Comments
  • Print

Indiana is the land of opportunity for college students interested in pursuing cybersecurity training. Pretty much every school of note, including Indiana University, Purdue University, the University of Notre Dame, Ball State University and Ivy Tech Community College (which offers a well-regarded two-year associate’s degree certified by the National Security Agency) offers an option.

There’s a good reason for so much choice. The field is white hot, with pundits projecting a seller’s market for degree holders that could last a decade or more.

“We’re not moving farther away from technology; we’re embracing it more and more,” said Marcus Rogers, department head and professor in the Department of Computer and Information Technology at Purdue Polytechnic Institute. “We’ve seen attacks on garage door openers, smart thermostats, coffeemakers, robotic vacuum cleaners. There’s been an attack on pretty much everything that we now have connected.”

Hence the demand for computer experts who can thwart such attacks and legal experts who can develop laws and political policies for coping with them. According to Illena Armstrong, vice president and editor for SC Media, a cybersecurity online magazine, the field could add another 1.5 million cybersecurity-specific jobs by 2020. Currently, the U.S. Department of Labor estimates that roughly half the nation’s IT/high-tech workforce already works in this field.

Indiana University and Purdue University are no strangers to cybersecurity studies. Both of their long-standing educational programs enjoy high profiles nationwide.

IU is recognized by the government as a National Center of Academic Excellence in both information assurance research and information assurance education. For its part, Purdue was recently ranked as the nation’s best cybersecurity college by CyberDegrees.org, a Washington, D.C.-based publisher of international websites about education. Its assessment cites, among a great many other Purdue assets, the university’s Center for Education and Research in Information Assurance and Security, calling it one of the top labs in the nation, and in the same league with facilities at MIT and Carnegie Mellon.

Given their disparate strengths, IU and Purdue come at cybersecurity from different angles. IU’s programs are geared toward legal and policy issues, while Purdue focuses mostly on computers and software.

In 2017, IU’s Kelley School of Business, Maurer School of Law, and the School of Informatics, Computing and Engineering came together to offer a master’s degree in cybersecurity risk management.

“Each Indiana institution has unique strengths in answering this need,” said Scott James Shackelford, IU’s cybersecurity program chairman; director of the Ostrom Workshop Program on Cybersecurity and Internet Governance; and associate professor at the Kelley School of Business. “However, IU has the only degree program to offer an introduction to the three unique fields of cybersecurity risk management—technical, business and legal.”

The master’s degree, which can be obtained via a hybrid online format, offers ways to address policy, legal and ethical cybersecurity questions increasingly rearing their heads in our wired world.

“We believe IU Maurer Law was the first U.S. law school to teach cybersecurity law as a separate, stand-alone course; the first to offer more than one cybersecurity law course; and among the first to offer information privacy law,” said Austen L. Parrish, dean and James H. Rudy Professor of Law at IU’s Maurer School of Law. “Today, it offers one of the United States’ largest curricula in information privacy and cybersecurity law and policy.”

For years, IU offered majors and minors in various aspects of cybersecurity, but the new master’s program reflects the field’s growing importance. According to Parrish, cybersecurity is, like environmental law and intellectual property law before it, becoming an independent legal specialty.

That’s certainly the case over at Purdue, which has offered master’s degrees and doctorates in the field for a dozen years, and recently added an undergraduate program.

“We had cybersecurity, but it was spread throughout the different majors,” Rogers said. “So we pulled everything together and made it an official degree about two years ago.”

Just as at IU, Purdue’s cybersecurity offerings reside in three departments—computer science, engineering and the Purdue Polytechnic Institute. But that’s pretty much where the similarities end.

Spaces in the program fill quickly and are highly contested, mostly because of the skyrocketing demand for its graduates—something Rogers said Purdue predicted for years.

“The need is not increasing linearly,” he said. “The increase is geometric, if not exponential. There’s not enough university programs in the United States to put out enough people to satisfy the need now, let alone in the coming years.”

Which is bad news for employers, but stellar news for cybersecurity grads.

“We have a 100 percent placement rate for our students at the undergraduate level, and we like to say we have a 200 percent placement rate for our graduate students, because they all have multiple job offers,” Rogers said.•

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our updated comment policy that will govern how comments are moderated.