From degree to chief information security officer (CISO): A framework for consideration
Computer & Information Science
Educational entities are establishing program degree content designed to ensure cybersecurity and information security assurance skills are adequate and efficient for preparing students to be successful in this very important field. Many Master's level programs include courses that address these skills in an attempt to provide a well-rounded program of study. However, undergraduates who are in the practitioner's world have other alternatives to gain these skills. These individuals can gain various certifications, such as the Certified Information Systems Security Professional (CISSP) or the Certified Information Security Manager (CISM). Due to a perceived gap between academics and field knowledge, it appears that academic programs may not fully consider the very specific competencies of C-Suite members (e.g. Chief Information Security Officer (CISO)) since field certification may be the only validation of such skills. Therefore, a framework from degree to industry employment acceptance is needed. To this end, the current study suggests the use of a framework in which to examine and compare C-Suite competencies versus academic preparations. Ultimately, this framework will assist researchers in examining the actual, current job tasks of C-Suite members. Since the CISO position is new to the industry, becoming a common job title within only the last few years, the reporting structure for the CISO varies widely and various organizations have differing expectations of the position . Therefore, the initial phases of this study focus solely upon this position as the starting benchmark. This paper explores historical aspects of the workforce skills gap in the area of computer security while providing survey validation results from Phase I of this project. This pilot investigation invited faculty (n=5; 24% response rate) who are both practitioners and academicians to support this examination and the acceptance of said framework. Demographic data includes a comparison between degree attainment and employment position, and asked respondents to compare academic preparatory tasks to that of required job market skills-those skills collected from the literature and employment position descriptions taken from Yahoo, Google, Monster, Indeed, and other HR-advertised locations. Lastly, respondents were asked to rank these skills by importance to establish the framework baseline of comparison. Future phases of this project will include a larger sample and Delphi results gathered during the ranking phase of this effort. Recommendations for future program designs will be provided upon the completion of the overall study. © American Society for Engineering Education 2020.
ASEE Annual Conference and Exposition, Conference Proceedings
Kappers, W., & Harrell, M. (2020). From Degree to Chief Information Security Officer (CISO): A Framework for Consideration. 2020 ASEE Virtual Annual Conference Content Access Proceedings. https://doi.org/10.18260/1-2--34694