This article is based on a presentation at IBA’s Analytics Conference on Cybersecurity given by Scott Shakelford, Professor of Business Law & Ethics; Executive Director, Ostrom Workshop; Director, Ostrom Workshop Program on Cybersecurity & Internet Governance; Executive Director, Center for Applied Cybersecurity Research; Provost Professor.
According to Scott Shackelford, Professor of Business Law and Ethics at Indiana University’s Kelley School of Business, the cybersecurity workforce demands around the world are massive.
The numbers speak for themselves: the global cybersecurity workforce shortage is 1.8 million jobs, including 314,000 jobs in the United States. There are ample job opportunities in cybersecurity, from data protection to professional certifications and even space cybersecurity, and interested students can get the training they need for these careers through IU.
“It’s amazing that these workforce demands just seem to keep growing,” Shackelford said. “The arena of cybersecurity, and a lot of sub-areas, are truly recession-proof.”
Shackelford is the Executive Director of IU’s Center for Applied Cybersecurity Research (CACR), a pervasive technology institute that specializes in cybersecurity for research and development, and a director for the Ostrom Workshop at IU. In his presentation on the Future of Analytics in Cybersecurity during the 2022 Analytics Conference on Cybersecurity, Shackelford touched on a number of cybersecurity initiatives that are taking place at IU and across the country, and how students can get involved.
New initiatives and opportunities
Initiatives started in 2022 included a new consortium of universities that have cybersecurity clinics, which was founded in partnership with the Massachusetts Institute of Technology (MIT) and University of California at Berkeley. A new collaboration is also being released with Purdue University and the Indiana Office of Technology, in which 342 assessments will be given across Indiana counties, localities, and towns to measure technology and cybersecurity practices.
“The idea for the 2022 effort is to see how cybersecurity, insurance, and Artificial Intelligence (AI) practices and attitudes have changed during the pandemic,” Shackelford said. “We’ll have a much better sense for where we stand as a state, and hopefully, we can do a better job of guiding some of the bipartisan infrastructure funding.”
IU’s Cybersecurity Risk Management MS AI track, which Shackelford helped establish only about five years ago, continues to grow. The AI track spans across disciplines, giving students the opportunity to take courses at Kelley and the Luddy School of Informatics, Computing, and Engineering.
IU’s Master’s of Science in Cybersecurity Risk Management, IU’s first triple-school Master’s degree, was recently ranked #4 globally by Fortune Magazine. Students who pursue this degree are encouraged to get on-the-ground experience through IU’s Cybersecurity Clinic and the course Hacking for Defense.
“One focus of this particular area is applied service learning,” Shackelford said. “With programs like Hacking for Defense, students work in interdisciplinary teams with actual Department of Defense clients, and for local communities in need through the IU Cybersecurity Clinic.”
Understanding Cyber Threats
Among the first documented cyber attacks, Shackelford said, took place in November 1988 by a graduate student who, while working on a research project, accidentally launched a distributed denial-of-service (DDoS) attack on MIT. Cyber attacks have quickly proliferated in numbers, sophistication, and severity, though, and are targeting both companies and countries, but companies are also responding with help.
“Microsoft has documented more than 342 cyber attacks on civilian-critical infrastructure in Ukraine as a part of the concerted effort to turn the lights off,” Shackelford said. “I think what they’ve been able to do in response, both in terms of combating cyber warfare and disinformation, is really laudable. It’s really amazing what they’ve been able to do in the midst of an active war zone.”
Closer to home, the 2020 State of Hoosier Cybersecurity Snapshot reported that 95% of organizations were either somewhat or very concerned about the cyber risks that they’re facing. The most common attacks experienced in early 2020 in Indiana were ransomware, phishing, and wire and financial fraud, and more than half of organizations responded by purchasing cyber risk insurance.
Still, many organizations didn’t take preventative steps because they were unsure what steps to take, which Shackelford said should be a “call to action” to those in cybersecurity-related academia.
“I think we need to do more to define what reasonable cybersecurity really is, how it’s evolving, and how it plays out industry to industry, sector to sector,” Shackelford said.
Managing cyber attacks
There are a number of technical vulnerabilities that should be considered to manage cyber attacks, including hardware, protocols, code, and users. The bottom line, though, is that organizations and individuals need to be more proactive about cybersecurity.
“We need to build in cybersecurity best practices from the start, not just bolt them on after the fact,” Shackelford said. “AI and analytics are two key pieces of that equation.”
Getting involved with cybersecurity at IU
In addition to the opportunities and degree tracks listed above, students may also be able to attend cybersecurity conferences, like Black Hat and RSA, for free with student passes. On campus, CACR and the Ostrom Workshop regularly host events for students interested in cybersecurity.
Leave a Reply