Written by Edward Cindric
Not a single day goes by without a devastating security breach affecting someone, somewhere. In the first six months of 2019 alone, over 4 billion records around the globe have been exposed due to easily preventable data leaks. The number of breaches have already witnessed a whopping 54 percent increase from last year. Some recognizable company profiles subject to such damaging circumstances include Capital One, Citrix, LabCorp, Toyota, and Facebook.
The most common takeaway is that organizations are slipping when it comes to proper security defense, whereas malicious hackers are becoming too sophisticated and adaptable to prevent recurring threats. However, if you take a few steps back, you will find that fundamental security knowledge, although vital, is severely lacking from the very cradle – or college campus.
Missing cybersecurity syllabus
Top white-hat hacker, Jack Cable notes that “universities are partly to blame” for what seems to be increasing organizational unpreparedness and the prevalence of poor security practices. Indeed, among the top 20 computer science schools in the U.S., only one lists a security course as a core requirement. Another 2016 study showed that only 1 of the top 36 computer science programs in the country required a cybersecurity course for graduation, and 3 of the top 10 programs offered no cybersecurity classes at all. In 2018, the professional association ISACA found that 61 percent of organizations believed that fewer than half of all applicants for open cybersecurity positions were actually qualified for the job.
Theory but no practice
Even when educational institutions do include cybersecurity within the curriculum, the most common complaint is that it tends to over-emphasize theory and book learning, leaving students with a shortage of hands-on, practical skills. The cybersecurity training nonprofit organization U.S. Cyber Challenge notes, “the common thread across the most effective public, private, domestic, or international cyber workforce training programs is hands-on, applied learning methods.”
While some propose standardized courses that would teach the basics of building secure software, including popular security vulnerabilities, secure coding practices, and application security – others found success with incorporating cyber ranges and cybersecurity competitions that mimic real-world environments and enable participants to “build practical skills while also improving their ability to work as teams in fast-paced, adversarial environments.”
Avatao addresses the gap
Given the shortage of nearly 3 million cybersecurity experts around the world, most of our clients come to us facing similar challenges. Too much theory, ineffective or insufficient classroom-style learning, not enough assurance in secure coding skills. “Companies are struggling to find and hire qualified staff, whereas traditional training methods are simply too costly and time-consuming,” says Avatao CEO, Mark Felegyhazi. Avatao’s first-of-its-kind security training platform was launched within a university environment and is therefore adept at addressing and filling security gaps most commonly found among developers and engineers. “We developed a platform that’s fun, intuitive, and engaging – but also rigorous and powerfully equipped to teach secure coding to a wide variety of individuals”. Mark also highlights that CTFs and Hackathons are widely sought after by clients as “introductory events” that “probe existing knowledge” and “generate enthusiasm” among developers for future learning.
It’ll take some time before cybersecurity is fully ingrained across computer science curriculums, therefore pushing companies to search for alternative solutions in the meantime. Whether it’s through traditional learning, workshops, or hands-on training via online platforms – invest in your fresh graduates and existing employees. They’re your first line of defense.
For most companies, security is considered a side quest, which is partly related to the daily processes. In reality, security ought to be a strong foundation of any organization. To ensure the defense of the enterprise, the relevant teams need strong security knowledge and abilities.
OWASP Top 10 Vulnerabilities in 2021 based on the non-official proposal of Phillippe De Ryck. Here is what we know.
To build an enterprise security program, one has to go back to the well-known fundamentals of organizational change: People, Process, and Technology (originates from Harold Leavitt’s “Applied Organization Change in Industry”, 1964).
If you are working on Java projects you might have heard about other languages that run on the JVM, like Clojure, Kotlin, or Scala. Programmers like to try new things out but is it worth it to pick one of them over Java?