Security education in crisis
- By Dan Verton
- Jul 27, 2000
The information technology industry has become saturated with 20-something
whiz kids who lack adequate training, education and professional discipline,
creating a significant knowledge deficit when it comes to information security,
a panel of top educators warned.
"We're in a real crisis in higher education," said John Knight, a computer
science professor at the University of Virginia. Graduate programs in computer
science and information security "are being decimated" by an IT industry
that is filling the growing worker shortage with college kids who have not
completed their degrees, he said.
Knight and three other educators from top computer science college programs
delivered their warnings July 24 to industry and government officials at
the Cyber Security Planning Summit, held in Pittsburgh and sponsored by
Carnegie Mellon University's Institute for Survivable Systems.
The lack of education and experience among many of industry's software
and security technicians is particularly troublesome given the complexities
of modern computer system architectures, according to Knight. "It is essential
that we regain intellectual control," he said.
Changes under way throughout higher education will challenge traditional
notions of education, said computer science professor Charles Reynolds of
James Madison University. These changes also may offer some answers to the
personnel problems facing industry and government.
"The traditional model of education is that education is not training,"
Reynolds said. However, this perspective is changing to a model based on
"education that is lifelong training," he said. The integration of work
and learning will characterize higher education in 2010 to 2020, he said,
adding that it will shift from being a teacher-centric experience to a student-centric
experience with the help of distance-learning technology.
Peter Freeman, dean of the College of Computing at the Georgia Institute
of Technology, said students who take jobs before they graduate from college
will in a few years lack the basic skills to continue their education and
take a long-term view of security research and development. "Information
security is not just a technical problem," he said.
Panel members agreed that a partnership of industry, academia and government
is urgently needed to change the way people think about information security.
"The problem we face is broader and deeper than the Internet and broader
and deeper than security," Knight said.