The State of Security EducationEugene Spafford Assesses Strengths, Weaknesses of Academic Programs, Partnerships
Executive director of the Purdue University Center for Education and Research in Information Assurance and Security, Spafford says we have made very little progress in improving how we prepare students for information security careers.
"Most of the traditional education arenas do not have access to typical commercial products that are in use, so our students seldom get the opportunity to learn and use real equipment," he says in an exclusive interview with Tom Field, editorial director for Information Security Management Group. "The enterprise is still lacking in enough good materials in terms of teaching, education and standardization."
What discourages Spafford most is that there is a small number of students getting into this field vs. the greater need for qualified professionals. "In sum, we are not providing enough education to the right people and not getting enough people who are getting an in-depth education in this arena."
As part of a complete information assurance education, Spafford says, students must have a background in computing and supporting areas of logic; they have to read and write well; be aware of context; and have a broader understanding of security.
On the flip side, Spafford is encouraged by the renewed focus on issues pertaining to cybersecurity, as well as the growing awareness from government and industry that education in this area is needed.
For more of Spafford's assessment of the state of information assurance education, listen to the full interview.