Hord Tipton, executive director of (ISC)2, Ernest McDuffie, lead of National Initiative for Cybersecurity Education (NICE) NIST, and Michael Murray, a hacker and security expert, sat down to discuss the state of security education at the RSA Conference in San Francisco on Monday.

Tipton and McDuffie took a stance that the industry is not doing enough to support youth that are interested in cyber security. On the other end of the spectrum, school guidance counselors do not recognize information security as a viable field, Tipton added.

Tipton said the industry has to target people at a young age, “who have a knack for this stuff,” and get them on a career path that puts the right components in place and offers them opportunities. 

McDuffie agreed, and added that getting to people at a young age allows more opportunities to shape them. But it is a challenge, he said, because school curriculums are typically developed on the state or county level, and not the federal level.

Murray took an opposite stance. He explained that he would not implore high potential students to enter the industry because it is very challenging and dynamic. They need unprompted passion for the material if they want to succeed, he said.

As far as adult education is concerned – particularly with regard to employee use of technology in an organization – Tipton said companies are missing the boat. McDuffie said that 15 minutes per month of specific training could help modify unsafe behaviors, but Murray said there is no cure for a staffer who simply is not motivated.