Sunday, July 31, 2022

Cybersecurity Students in the Real World

Interesting article over on KTVB.com about a program at a Boise State where cybersecurity students are being paired up with small rural government agencies and businesses to give the students real world experience and the small entities valuable cybersecurity assistance, that even if they could afford it, would have a hard time finding people to do the work. Great idea that with the right mentoring support may prove to be very valuable. The article is well worth the read.

I do have a couple of small problems…

The first, I have already mentioned on TWITTER®: Who assumes liability for the work being done by the student? Students make errors, it’s a valuable part of the learning process. Who takes financial responsibility for the stuff inevitably ‘broken’ by the students. I suspect that it is the system owner, they get what they pay for after all.

The bigger problem is not with the program, but, well here’s the pull quote:

“"If an individual is graduating with a certificate or a degree in cybersecurity and they have no practical experience, if I were in the CEO seat or a chief technology officer, I'd have a hard time letting them start working on my live network and company assets," Secrist said.”

Now I understand that attitude in a shop where they are hiring a one-person cybersecurity department. That one person has to be CISO, Incident Response, Help Desk, System Integrator and whatever else needs to be done. But, here is the thing, that one-person shop cannot possibly work; too much stuff, not enough time. And the person with all of that knowledge and experience is going to be working somewhere with an adequate staff. Small businesses hire accountants to handle payroll and taxes, they need to hire cybersecurity services as well.

Now if I were a cybersecurity pro (I am not; I’m a cyber user, an out-of-date programmer and a gadfly, and increasingly a curmudgeon) who was getting burnt out on the cybersecurity highway, I think that I would take all that ‘big money’ (I know) I had been stashing away and would start up a small cybersecurity shop about a hundred miles away from the nearest big city. I would hire a bunch of tech school grads and provide cybersecurity services to the local government and business community at a reasonable price. The kids would get to go to one Bsides on the company dime each year, and I would catch up on some fishing.

No comments:

 
/* Use this with templates/template-twocol.html */