What is Cyber Security?
First, the spelling of the word varies from one source to another. You will see the term used as one word and two. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) uses it as one word. In most cases, it is one word, for example, cyberspace, cyberbullying, cyber attack, cyber terrorism, and cybersex. The name or prefix cyber has become synonymous with the internet. One of the first applications of the designation occurred in 1948 by U.S. mathematician, Norbert Wiener (1894-1964). He coined the noun cybernetics to refer to the “theory or study of communication and control.”
The origin of cybernetics is as old as the Greek language. The word kybernetes meant steersman, which came from kybernan, defined as – to steer a ship or direct it as a pilot.
Before the proliferation of computers, there were a few pioneers in the fraud business. John Draper, a computer programmer, discovered that the long-distance phone the AT&T system had a tone of 2600 Hz. While testing a pirate radio signal, a caller informed him that the toy whistle in Captain Crunch cereal emitted exactly 2600 Hz. Further experimentation leads to Draper’s creation of the Little Blue Box. Consumers using the box’s tone would be able to call long-distance for free! Consequently, wire fraud increased significantly.
Two years later, in 1973, a New York bank teller uses a computer to embezzle over two million dollars. Fast forward to 1996, when CIA Director John Deutsch testified that the U.S. government had over 650,000 attacks by hackers, and 60% were successful.
80% of organizations reported they could not match the technological advances of hackers.
In a November 2018 report by the NIST, employers in the private and public sectors in the United States estimated the demand for cybersecurity professionals at 313,735. That is in addition to the 715,000-plus cybersecurity workers currently employed in the U.S. then. In the same report, the metropolitan area of Washington, D.C., had job openings for 44,058 in the field. New York was second with a need for 20,243 cybersecurity workers.
Therefore, as documented, the demand far exceeds the supply. We arrive at the question of: What is the path to work in cybersecurity? It is a broad field with a variety of titles, such as white/ethical hacker, security architect, information security, network security, security engineer, security software developer, computer security incident responder, and more. The path has as many branches as there are areas to work in the profession.
A logical choice is a Bachelor of Science in Cybersecurity or Computer Science. The latter provides courses in software development, data structures, software engineering, algorithms, and computer networks. The former would typically have coursework in It systems security, information networks, penetration testing, data algorithms for IT, firewalls, and foundations of cybersecurity.
There are also specializations, for example, Utica College offers an online B.S. in Cybersecurity with a choice of four concentrations:
- Network Forensics and Intrusion Investigation
- Information Assurance
- Cybercrime and Fraud Investigation
- Cyber Operations
How important is a Degree?
Your journey may not take the conventional route, that is, earning a degree in computer science, cybersecurity, or IT. Professionals have a degree in math or philosophy. However, what is paramount is the technical skills to work on network switches, computer software, and firewalls. Most experts recommend that you know code. Future cybersecurity professionals should learn these programming languages:
- C and C++: These languages provide access to low-level IT infrastructures, such as RAM and system processes.
- Python: A higher level of language that is used to perform malware analysis and create intrusion detection systems.
- PHP: A programming language used to develop websites. Skills in this language help thwart DDoS (Denial of service) attacks.
- SQL: Structured Query Language is used to manage databases by maintaining and retrieving data.
The path should include cybersecurity certifications. The right ones can be as important as a college degree or equivalent. Certifications such as CISSP (Certified Information Systems Security Professional), Security+, Network+, and CEH (Certified Ethical Hacker) show employers that you understand fundamental cybersecurity elements. Some certifications require work experience. For example, the CEH demands at least two years of experience in the information technology industry before taking the exam. The CISSP requires five years of paid experience in a full-time job related to the exam material for this certification.
Self-taught vs. College Route
There are advocates for both paths. One malware researcher opined that the college courses were not relevant to his position as a security researcher. Others gleaned their information by enrolling in Massive Open Online Courses (MOOCs). Those employed in cyber security for decades did not have the range of degrees offered currently. There is no shortage of colleges and universities with programs related to IT and cyber security at the undergraduate and graduate levels.
Individuals who are undecided on which path to take should speak to those in the profession. Visit firms in the business. A review of job postings on sites as Indeed and Monster will illustrate the preferred degrees and qualifications.