Security education in crisis

[InfoSec News <isn () C4I ORG>]

http://www.fcw.com/fcw/articles/2000/0724/web-secrity-07-27-00.asp

BY Dan Verton
07/27/2000

The information technology industry has become saturated with
20-something whiz kids who lack adequate training, education and
professional discipline, creating a significant knowledge deficit when
it comes to information security, a panel of top educators warned.

"Were in a real crisis in higher education," said John Knight, a
computer science professor at the University of Virginia. Graduate
programs in computer science and information security "are being
decimated" by an IT industry that is filling the growing worker
shortage with college kids who have not completed their degrees, he
said.

Knight and three other educators from top computer science college
programs delivered their warnings July 24 to industry and government
officials at the Cyber Security Planning Summit, held in Pittsburgh
and sponsored by Carnegie Mellon Universitys Institute for Survivable
Systems.

The lack of education and experience among many of industrys software
and security technicians is particularly troublesome given the
complexities of modern computer system architectures, according to
Knight. "It is essential that we regain intellectual control," he
said.

Changes under way throughout higher education will challenge
traditional notions of education, said computer science professor
Charles Reynolds of James Madison University. These changes also may
offer some answers to the personnel problems facing industry and
government.

"The traditional model of education is that education is not
training," Reynolds said. However, this perspective is changing to a
model based on "education that is lifelong training," he said. The
integration of work and learning will characterize higher education in
2010 to 2020, he said, adding that it will shift from being a
teacher-centric experience to a student-centric experience with the
help of distance-learning technology.

Peter Freeman, dean of the College of Computing at the Georgia
Institute of Technology, said students who take jobs before they
graduate from college will in a few years lack the basic skills to
continue their education and take a long-term view of security
research and development. "Information security is not just a
technical problem," he said.

Panel members agreed that a partnership of industry, academia and
government is urgently needed to change the way people think about
information security. "The problem we face is broader and deeper than
the Internet and broader and deeper than security," Knight said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".