April 13, 2021

CLTC Asks CISOs to Weigh in on the Future of Graduate Cybersecurity Education

What skills and experience will cybersecurity executives of 2025 need to be successful? How do we prepare today’s masters-level cybersecurity students for long-term success? What is the next generation of cybersecurity leaders saying about the value of a professional masters-level cybersecurity education, and what do they look for in a company when they graduate?

We recently asked eight data and cybersecurity executives from diverse industries to share their perspectives on these questions in a round-table discussion. Following are some of the key insights that emerged from the conversation:

  • Companies need business-centric bridge-builders: Aspiring cybersecurity leaders need to have “range,” and be able to wear “multiple hats.” Security professionals need a business-centric mindset, layered on top of technical competency, to feel comfortable reaching across cross-functional gaps to translate technical issues into risk impact.
  • Rapid changes in technology and policy are reshaping the skill sets required: Strategic foresight and maneuverability are becoming increasingly valuable. Tactical applied skills can go out of date quickly, so strategic thinkers who can adapt and respond to changes in the landscape are critical for a successful security organization. Managing security today also requires an understanding of the policy and regulatory debates, and of evolving standards in the U.S. and around the world. Fields like international studies and business management are valuable complements to a cybersecurity education.
  • Do you know how to build a cybersecurity organization?: Security is an organizational process, and knowing how to build the organization - with staffing, resources, and project management - is highly valued. Beyond technical skills, students need the dexterity to consider business-oriented questions like, how do you measure progress? Where do you invest? What does a best-in-class cybersecurity organization look like, and what does it take to get there? “You need builders, not just hardcore technical experts,” one participant said.
  • The art of the memo: Cybersecurity has matured enough as a field where it is becoming democratized into the business; it is no longer a siloed role just for people with technical expertise to find and patch vulnerabilities. The ability to communicate across the organization in simple, non-technical language is crucial. Teaching and training skills are also essential. Given the vast challenges and the shortage of human talent, leadership in cybersecurity practice right now means multiplying your impact by mentoring, teaching, and training others.
  • The best cybersecurity professionals are self-driven and continually learning: A world-class cybersecurity graduate program should ensure students have their eyes on the future. “You’ve got to be comfortable with ambiguity, you’ve got to be a team player,” said one participant. “You’re on this constant learning journey.” The cybersecurity profession, much like medicine, is a calling. It’s much more than a paycheck. And when graduates are choosing a company, they look for the size of the impact that a CISO’s team has on its customers, as well as those within the organization, up and down the chain. They seek out roles that make a difference across the breadth of a company or an industry, rather than roles that are confined to a limited program.

The UC Berkeley Master of Information and Cybersecurity (MICS) program was launched in 2018 to offer an interdisciplinary education for cybersecurity leaders. The curriculum combines theoretical and applied approaches, and emphasizes holistic understanding across the many segmented technical and non-technical aspects of cybersecurity over specialization in a single area. We will take these insights and arguments to heart as we continue to evolve our curriculum to make the program increasingly valuable, relevant, and indispensable.

Head over to the CLTC Bulletin for a more in-depth look at “The Future of Graduate Cybersecurity Education.”

Read more