How JMU is meeting the need for cyber security professionals
Science and TechnologyWhen Vernon McCandlish was entering the job market about 25 years ago, jobs such as malware analyst and digital forensics incident responder didn't exist.
Now those jobs, and a host of others in the cyber security industry, are in dire need of people to fill them, said McCandlish, one of seven speakers who participated in a Virginia Cyber Security Commission town hall meeting April 24 at JMU.
A senior malware analyst for General Electric, McCandlish spoke on behalf of the Virginia Cyber Security Partnership, a public-private partnership of cyber professionals devoted to sharing information about cyber threats and providing training and support for combating threats.
"So what are we looking for in cyber security careers?" McCandlish asked. "Anybody. I want anybody. The big one is critical thinking and creative juices."
Dr. Edna Reid, associate professor of intelligence analysis at JMU and a retired FBI intelligence analyst, said JMU is teaching cyber security skills in a number of programs and from a variety of perspectives. "Cyber security teams in government and in industry, they need analytical support and that's what we focus on," she said. "And we use the national cyber security workforce framework."
The framework, developed by the National Initiative for Cybersecurity Education and the Department of Homeland Security, identifies seven categories of cyber security jobs along with the knowledge, skills and abilities they require.
The computer science department is the foundation for cyber security education at JMU, especially on the technical side, Reid said. But other aspects of cyber security are taught in intelligence analysis, the school of communication studies and the College of Business.
The university is looking to augment its cyber security training with professional development short courses that would offer certificates, Reid said.
McCandlish, Reid and the other speakers also stressed the importance of educating the general public about cyber security threats and how they can respond.
Cyber Security Commission member Jennifer Bisceglie said, "We want to make sure we're educating the person in their house, we want to educate the school-aged kids, we want to get to the small- and medium-sized business owners who know they need to protect themselves, but may not know how to do it."
At JMU, "We're looking at how we can do outreach to the community to help enhance the cyber hygiene for our citizens," Reid said.
The university is exploring ways to provide cyber security training to k-12 teachers and is in discussions with the National Integrated Cyber Education Research Center in Bossier City, La. on ways to do that. The center has received a $5 million grant from DHS for k-12 cyber security education and training.
Other ideas, Reid said, include the possibility of setting up kiosks staffed by cyber experts in shopping centers or other public areas and holding a student cyber security video competition. In June, the computer science department will host 20 high school technology teachers from Florida to Wisconsin for a week-long cyber defense boot camp that is funded by the National Security Agency and the National Science Foundation.
McCandlish said the nature of hacking and other cyber threats has changed a great deal since he has been involved with the industry. "Hacking in the '90s was for bragging rights; now there are other motives. We need to know our adversaries."
Among the other motives are organized crime, terrorism and state-sponsored espionage.
"We're looking at how we can do outreach to the community to help enhance the cyber hygiene for our citizens." — Dr. Edna Reid
Cyber Security Commission member Rhonda Eldridge discussed how her company, Technica Corp., is working with DHS on a program called Continuous Diagnostics and Mitigation to monitor web traffic and spot threats before they become major issues. With so much data being passed around the Internet, monitoring the Web traffic going in and out of government agencies and large corporations can be a daunting task, but one that is necessary.
The goal of CDM, Eldridge said, is to look at what data is being gathered and figure out a straightforward way to know what's going on. "It's a methodology so you can choose the right tools and share the right resources," she said.
The town hall meeting was the third of five being held around the state. The final meeting is scheduled for June 9 at Norfolk State University.
Gov. Terry McAuliffe established the Cyber Security Commission in 2014, bringing together experts from the public and private sectors to develop recommendations that will help position Virginia as a leader in cyber security.
"Upon taking office, the governor recognized the imperative to address cyber security issues, not only to protect our own state network, but also to protect networks within the private sector," said Brian Moran, Virginia Secretary of Public Safety and Homeland Security.
More information about the Cyber Security Commission and the town hall meetings is available on its website.