Reading Time: 5 minutes
Back to school – Cybersecurity is missing from college campuses

Edward Cindric

Not a single day goes by without a devastating security breach affecting someone, somewhere. In the first six months of 2019 alone, over 4 billion records around the globe have been exposed due to easily preventable data leaks. The number of breaches has already witnessed a whopping 54 percent increase from last year. Some recognizable company profiles subject to such damaging circumstances include Capital One, Citrix, LabCorp, Toyota, and Facebook.

    The most common takeaway is that organizations are slipping when it comes to proper security defense, whereas malicious hackers are becoming too sophisticated and adaptable to prevent recurring threats. However, if you take a few steps back, you will find that fundamental security knowledge, although vital, is severely lacking from the very cradle – or college campus.

      Missing cybersecurity syllabus

      Top white-hat hacker, Jack Cable notes that “universities are partly to blame” for what seems to be increasing organizational unpreparedness and the prevalence of poor security practices. Indeed, among the top 20 computer science schools in the U.S., only one lists a security course as a core requirement. Another 2016 study showed that only 1 of the top 36 computer science programs in the country required a cybersecurity course for graduation, and 3 of the top 10 programs offered no cybersecurity classes at all. In 2018, the professional association ISACA found that 61 percent of organizations believed that fewer than half of all applicants for open cybersecurity positions were actually qualified for the job.

        Theory but no practice

        Even when educational institutions do include cybersecurity within the curriculum, the most common complaint is that it tends to over-emphasize theory and book learning, leaving students with a shortage of hands-on, practical skills. The cybersecurity training nonprofit organization U.S. Cyber Challenge notes, “the common thread across the most effective public, private, domestic, or international cyber workforce training programs is hands-on, applied learning methods.”

        learn coding

          While some propose standardized courses that would teach the basics of building secure software, including popular security vulnerabilities, secure coding practices, and application security – others found success with incorporating cyber ranges and cybersecurity competitions that mimic real-world environments and enable participants to “build practical skills while also improving their ability to work as teams in fast-paced, adversarial environments.”

            Avatao addresses the gap

            Given the shortage of nearly 3 million cybersecurity experts around the world, most of our clients come to us facing similar challenges. Too much theory, ineffective or insufficient classroom-style learning, not enough assurance in secure coding skills. “Companies are struggling to find and hire qualified staff, whereas traditional training methods are simply too costly and time-consuming,” says Avatao CEO, Mark Felegyhazi. Avatao’s first-of-its-kind security training platform was launched within a university environment and is therefore adept at addressing and filling security gaps most commonly found among developers and engineers. “We developed a platform that’s fun, intuitive, and engaging – but also rigorous and powerfully equipped to teach secure coding to a wide variety of individuals”. Mark also highlights that CTFs and Hackathons are widely sought after by clients as “introductory events” that “probe existing knowledge” and “generate enthusiasm” among developers for future learning.

            It’ll take some time before cybersecurity is fully ingrained across computer science curriculums, therefore pushing companies to search for alternative solutions in the meantime. Whether it’s through traditional learning, workshops, or hands-on training via online platforms – invest in your fresh graduates and existing employees. They’re your first line of defense.

            Related Articles

            Python best practices and common issues

            Python best practices and common issues

            Reading Time: 9 minutes Python is a high-level, flexible programming language that offers some great features. To be as effective as possible, it is important to possess the knowledge to make the most out of coding with Python.

            Where the money is: Financial cybersecurity

            Where the money is: Financial cybersecurity

            Reading Time: 7 minutes Money management moves towards complete automation, and the evolution of cybercrime follows along. The money heist has changed, we all know that. Cyberspace takes more and more of that cake, but the reason behind attacks remains the same: money, in any form.

            Security Champions: Interview with Alexander Antukh, CISO of Glovo

            Security Champions: Interview with Alexander Antukh, CISO of Glovo

            Reading Time: 7 minutes Security champions represent an essential part of any security programs. They lead their teams on security projects, ensure internal security and help keeping security on the top of your mind. But how exactly they operate in a business? We asked Alexander Antukh, Director of Security at Glovo for professional insights.

            Why do you need a security champions program?

            Why do you need a security champions program?

            Reading Time: 6 minutes As the company grows the leadership wants to establish a security program to ensure the solid and undisrupted operation of the business. Security at this point is essential, especially when calculating the loss from a halted business, even for a few hours.

            Sensitive data exposure – It’s in your hands

            Sensitive data exposure – It’s in your hands

            Reading Time: 8 minutes Exposing data, especially sensitive data, is a long-time-coming threat. Since personal information such as addresses, payment details, non-hashed passwords, config files, and so on are very popular targets among attackers, it’s obvious that sensitive information is supposed to be protected from unauthorized access.

            Compliance training for developers – From security awareness by design

            Compliance training for developers – From security awareness by design

            Reading Time: 8 minutes Compliance standards are a valuable but mostly misunderstood part of the corporate culture. Like any other certificate, a compliance certificate demonstrates that the entity/business operates according to a commonly accepted standard and signals trust towards third parties. A successful compliance certificate eases regulatory processes, opens new markets, and in general speeds up revenue generation, which is the key metric for businesses.