This year, my cyber security company will hire 40 recent college graduates into technical, finance and sales positions. Not one of them will have any formal computer security education.
Our experience is not unique. Nationally, companies are hiring 30,000 to 40,000 cyber security workers a year, along with the handful who graduated from the various small, accredited information assurance programs. That doesn’t begin to meet the demand.
Leaders at all levels need knowledge of data security. It can’t be limited to front-line workers that protect data centers. We have to start training future leaders in business school about an issue that is becoming more important to every company, nonprofit organization and government agency. (If there’s any doubt on that point, read the sober government report about the Target data breach.)
The gap between the C-Suite and the data center has never been greater. When we’re called in to investigate a data breach, we immediately get a lot of finger pointing. The IT team will tell us they raised concerns about outdated processes, systems and tools, but that management refused to give them the resources needed to properly defend the company. Senior executives will say they never received the timely warnings that would have spurred them to quicker action. Or the risk was mentioned, but not in a way that put it in a broader business context—like the company’s could lose 10% of its stock value in a 24-hour period, or the CEO could be out of a job.
Managers who understand technology-related risks can ask earlier, smarter and more pointed questions. A handful of business schools understand this and have begun addressing this problem. But except for a couple of degree programs that focus on the subject and a smattering of elective courses, there’s not much out there. At our nation’s top business schools, the subject has barely hit the curriculum.
Yet the news reminds us that company leaders cannot simply delegate Internet security to their technical team and forget about everything but the annual budget requests. The reputation and financial risks from a major data breach are now so severe that protecting company information requires a continuous effort by managers throughout the organization—all the way up to the boardroom.
Many government and commercial organizations have a lot to gain by sharing their material and expertise with business schools. Frustrated by this escalating problem—and a lack of solutions–companies already work together through such organizations as the Information Sharing and Analysis Centers (ISAC) and the FBI InfraGard program and have proven curriculum ready for schools that want to give students the tools they’ll need to help fight this escalating problem.
Let’s not get so caught up in our race to develop cyber weapons—both for defense and offense—that we forget we need to train the next generation of cyber-oriented leaders. After all, this can be a bet-your-business issue.