NCSAM Week 5: Building the next generation of cyber professionals
Editor’s note: We’re wrapping up National Cyber Security Awareness Month (NCSAM) with a post from guest author Dr. John Hale, professor of Computer Science at the University of Tulsa. Read our other NCSAM posts here.
One thing can be said about the quickening pace of technology innovation in the information age: the revolution is coming to us. How we prepare our next generation of cyber professionals is key to our ability to adapt and thrive in such a dynamic environment. Three elements of professional preparation for a career in information technology stand out: (i) a solid technical foundation, (ii) a mastery of safe and secure computing practices, and (iii) a sound ethical grounding.
A solid technical foundation
The next generation of cyber professionals will benefit from an appreciation of the fundamental aspects of information management, processing and networking. While technological innovation frequently comes dressed in new clothes (languages, platforms, hardware), the fundamentals seldom change. Knowledge of and familiarity with the theoretical and conceptual basis of information system solutions and characteristics creates more resilient and adaptive “future proof” professionals. In this regard, the ideal educational experience engages hands-on training to reinforce fundamental concepts and techniques.
A mastery of safe and secure computing practices
We continue to discover new hazards posed by our reliance on computers and networks. The core dimensions of information security are: confidentiality, integrity and availability.
- Confidentiality: the secrecy of information.
- Integrity: the accuracy/validity of data or its origin.
- Availability: the accessibility of an information resource or service in timely manner.
Problems can occur when these properties are violated in critical systems or sensitive data. Awareness of the risks associated with operating information systems is only the first step for the cyber professional. They must be trained to apply security controls and processes to protect the data and systems in their care. While knowledge of the technical aspects of computer security may prove valuable, habit and culture are equally important.
A sound ethical grounding
Cyber professionals have a responsibility to behave ethically in the execution of their duties. The digital world offers ample opportunity to get lost in grey areas of ethics and moral judgment. System administrators and operators must balance individual privacy against the common good. Software engineers must weight their obligations to build, test and validate mission- and safety-critical applications. The development of a basis for making sound ethical decisions should not be on the job training. The consideration of ethical dilemmas and exposure to frameworks for ethical decision-making should be a standard part of a cyber professional’s training.
The full potential of information technology can only be realized by a cyber professional workforce prepared to cope with a fast changing landscape. This includes a technical foundation that will endure rapid transformations to the state of the art in hardware and software. It also includes the mastery of safe and secure computing practices. Lastly, the next generation cyber professional must be equipped with the tools to confront emerging ethical challenges in the field. Our responsibility as educators is to create opportunities for students and professionals alike to pursue training in each of these three areas.
About Dr. John Hale
Dr. John Hale is a Professor of Computer Science and holds the Tandy Endowed Chair In Bioinformatics and Computational Biology at the University of Tulsa. He is a founding member of the TU Institute of Bioinformatics and Computational Biology (IBCB), and a faculty research scholar in the Institute for Information Security (iSec). His research has been funded by the US Air Force, the National Science Foundation (NSF), the Defense Advanced Research Projects Agency (DARPA), the National Security Agency (NSA), and the National Institute of Justice (NIJ). These projects include research on neuroinformatics, cyber trust, information privacy, attack modeling, secure software development, and cyber-physical system security. He has testified before Congress on three separate occasions as an information security expert, and in 2004 was awarded a patent on technology he co-developed to thwart digital piracy on file sharing networks. In 2000, Professor Hale earned a prestigious NSF CAREER award for his educational and research contributions to the field of information assurance.