In recent months, the requests for interns for me has transformed from specific bit-flipping needs to overall strategists. I have found this to be true when seeking internships for students, as well as in talking to potential government and corporate employers for our newly minted graduates. They ask for strategists — not managers, not generalists — strategists. One agency also asked me for policy creators and analysts. They wanted interns who are ready to write, implement and enforce policy.
They need people to put good security design into play — passing it through the development lifecycle into new implementation strategies. The need for the security strategist has been coming for a while. Meeting business-driven demands and technical needs is a combined effort now. It no longer has a clear delineation.
If we look at undergraduate and graduate programs in information assurance, we see a focus on coding and database management, but more emphasis might be needed on the analysis of information assurance, the preparation of security analysts. Not just the “how to,” but also the “why” and the “what's that” and the “hmm...what do we do about that?” I also must say that I speak from the perspective of a program that prepares students as information assurance (IA) strategists.
The focus of our curricula should be on training the security strategist — the person who looks at current events and trends (not just technical events) to see if there could be an impact on their own system.
It is certainly hoped that our curricula will create a well-rounded security strategist. This does not mean that specializing is no longer needed, as there is always a need for the specialist in forensics, packet analysis, et al. So, as summer gives way to the new academic year, it will bring with it our new IA hopefuls. We have a lot of work to do.
Well, school bell's ringin'. I gotta run.