If you have something valuable, odds are there is someone else who wants it. That's as true online as it is anywhere.
"As there's more financial gain in the cyber world, the cyber threats increase," said Dr. Andrew Hurd. That's one of the reasons behind the new bachelor's in cyber security being offered by Southern New Hampshire University (SNHU) beginning in September. The four-year, competency-based program will prepare students to take on the tasks of a security analyst by helping them develop the skills required to work as a security analyst immediately after they graduate, said SNHU Associate Dean Jonathan Kamyck.
"We want students to be able to be effectively operating day one after graduation," he said. "We want to give them all the tools, techniques, methods (and) tradecraft necessary to succeed out of the gate."
What Is Cyber Security?
Cyber security analysts are charged with protecting their organization's computer networks and the information stored on those networks. There is a huge array of strategies and tactics that analysts have to develop to thwart hackers intent on stealing or otherwise accessing digital information without permission. Some of the duties a typical analyst performs, according to the U.S. Bureau of Labor Statistics, include:
- Monitoring computer networks for intrusions and investigate breaches if they occur.
- Using software to protect network assets.
- Documenting cyber attacks and breaches and assess any damage inflicted.
- Conducting "penetration testing," by simulating attacks to assess network defenses.
- Recommending security improvements to organization managers.
Security analysts are also tasked with developing or assisting in writing an organization's business continuity and disaster recovery plan, according to BLS. A recovery plan often includes preventative measures, such as routinely copying and backing up data to safe locations so it can be recovered in case of a cyber attack.
Analysts have to continuously stay up to date on new methods hackers are creating and the best practices being developed to combat them.
Although security analyst is a common job title, similar tasks are applicable in many positions, including:
- Security engineer
- Software development engineer
- Security manager
- Information technology security analyst
- Information security manager
- Information systems security administrator
- Security policy analyst
As cyber-based threats continue to mature and spread, more security analysts are being sought by companies. The field is expected to grow by 28% by 2026 and in 2017, analysts made a median salary of $95,510, according to BLS.
Cyber Security Degree vs. IT Concentration
SNHU has long offered a cyber security concentration within its bachelor's in information technology program. Kamyck said the difference between a degree in cyber security and the IT concentration is a matter of breadth and depth.
"The (bachelor's) in cyber security ... is much more focused," he said. "... They are fully immersed in the life of a cyber security practitioner."
A concentration in cyber security under the IT umbrella is best suited to someone interested in working as an IT manager, someone who needs to understand the foundations of cyber security but isn't necessarily a practitioner. In addition to including a deeper dive into the skills a security analyst needs to develop, the SNHU program is structured around concepts of systems and adversarial thinking. These concepts, Kamyck said, are critical to developing the "security mindset" needed to defend against an adaptive enemy.
"You have this cycle of competition between the good folks and the bad folks, so to speak," he said. "There's a huge demand for (security analysts) because they help organizations that weren't built to handle these types of threats continuously adapt and continue to operate in spite of them.
Building a New Kind of Cyber Degree
Cyber security was a good candidate for a new kind of online program because the discipline is skill-focused and can effectively leverage online labs and simulation environments. The requirement of ensuring students develop "day one operating capabilities" in their post-graduate careers influenced overall program design. Each cyber security course is based on three competencies students will master, Kamyck said, calling the program "lab-intensive and biased towards authentic, practical work-related performances"
Dr. Dennis Backherms, who worked in the private sector before coming to SNHU as a technical program facilitator, described the projects as something that "shrinks the gap" between what students are learning throughout courses and demonstrating discrete job-relevant skills.
"It's really different," he said. "It brings a lot of hands-on, real-world, relevant experience into the course."
Kamyck said the program focuses heavily on using fundamental security design principles to help solve security-related problems in areas like:
- Computer Networking
- Systems Security
- Application Security
- Incident Response
Students are also provided with opportunities to improve their skills in computer scripting and programming. The overall goal is to prepare students to work as security analysts - the role they're most likely to fill immediately following graduation.
"Those individuals are the people responsible for frontline defense for companies," Hurd said. "They're the people who are going to understand the policy side. They're the people who are going to understand the technical side, the people who are going to understand the risk-management side."
Kamyck said the first and most important step in developing the new program was aligning it with the National Security Agency's Center of Academic Excellence in Cyber Defense Knowledge Units and Topics. This standard is widely regarded and helps to ensure the program includes the critical skills and abilities students will need to succeed in the rapidly changing field of cyber security. The program also incorporated standards from the Cyber Security Education Consortium and the National Initiative for Cybersecurity Education to ensure that a variety of expert perspectives are represented, Kamyck said.
Why Cyber Security is Vital
Cyber security attacks can be devastating. In 2017, "Wired" magazine published an article with just some of the most impactful breaches of that year, including the theft of National Security Agency's spying tools, the WannaCry virus that spread worldwide and crippled thousands of networks including those of large companies, public utility companies and the United Kingdom's National Health Service.
The threats, Kamyck said, are everywhere and targets are not limited to government agencies and Fortune 500 companies. In its "2017 State of Cybersecurity in Small & Medium-Sized Businesses," the Ponemon Institute reported startling numbers based on survey responses, including 61% that said they were affected by a cyber attack and 52% that said they were targeted by a ransomware attack.
Before computers and computer networks became so integral to business, many companies focused solely on their product or service and finding ways to develop marketplace advantage. Many companies were founded and developed before cyber security was a concern and have since had to integrate safety measures with other business imperatives.
"There's no industry that isn't touched by cyber security because they're all connected and are all under attack," Kamyck said. "There's a huge demand for (security analysts) because they help organizations that weren't built to handle these types of threats adapt and continue to operate in spite of them."
Hurd, who worked as a software engineer and network engineer before entering higher education nearly two decades ago, said security analysts are the ground soldiers guarding against cyber intrusions and can "increase the cyber culture of any institution they go into." That, he said, is more important than ever.
"If there's money to be made, then the bad people are going to try to get it," Hurd said.
Joe Cote is a staff writer at Southern New Hampshire University. Follow him on Twitter @JoeCo2323.