Introduction Ever since humanity has discovered the power of computers, we also have been finding ways to exploit them, and so emerges the field of cybersecurity. Lie the many innovations that other computer science fields en!oy, cybersecurity experiences its own maturation. "rom the first self#replicating program, to the first information warfare policy, and to $tuxnet, cybersecurity has come a long way. Even though we have many papers of %enial of $ervice Attacs &%o$', we do not have a clear picture of how to organi(e our cyber defense tas forces. )he Committee on *rofessionali(ing the +ation,s Cybersecurity -orforce was tased to examine this very issue. At the end of their report, they concluded that .whether and how to professionali(e /cybersecurity0 will vary according to role and context.1 2&p34' -hile indeed cybersecurity is a complex field, it is not only important that cybersecurity professionals be held at similar standards but also academic institutions must also contribute professionals to the field. What is Cybersecurity? At its core, cybersecurity .focuses on protecting computers, networs, programs and data from unintended or unauthori(ed access, change, or destruction.1 5 A specialist often ensures an organi(ation,s security protocol is strictly followed but also implements defense mechanisms that deter infiltration. 6t seems that this is a highly technical !ob but in fact, it also re7uires understanding how attacers thin and how policies should be managed. "or instance, a computer forensics specialist should understand how to reconstruct a suspect,s computer session and also how the law re7uires court evidence to be handled. As we can see, cybersecurity is an interdisciplinary field that fans out into a wide range of applications, and thus, difficult to organi(e into a coherent definition. Why Consider Professionalization? 6t is 7uite reasonable to thin that cybersecurity is a field that should not be professionali(ed. A goal of professionali(ation is to regulate the worers by means of enforcing codes of conduct and ethics. )hese regulations may hamper the wor of a cybersecurity specialist because combating cyber threats often re7uires flexibility and maneuverability around a system,s control mechanisms. -hile this is a legitimate concern, since cybersecurity wor often deals with sensitive information, it is important that employers now that their employees are held at a certain standard of conduct by another controlling entity. "urthermore, professionali(ing often .enhance/s0 public trust and confidence.1 2&p89' )rust and confidence are probably the most important factors for a cybersecurity worer to ride upon. :therwise, not only may the specialist lose their !ob, it limits their ability to do their wor without having to report their every movement to the supervisors. ;oreover, having a professional title garners respect from the public because the !ob is not something that any ordinary person can pic up but rather it re7uires honing and specific sill sets that cannot be easily learned without proper guidance. As we can see, there are many reasons to professionali(e cybersecurity and the benefits liely outweigh the negatives. Demand and Supply 6n order to !ustify the need to professionali(e cybersecurity worers, we must first identify that there is a demand for professionals from employers and the sheer number of available worers. According to the <ureau of Labor $tatistics, employment is !ust over =>>,>>> for the occupation .information security analysts.1 2&p5' -ith such a vague !ob title, it is very difficult to measure the demand for cybersecurity worers. 6f we do choose to professionali(e this !ob, then it will be more simpler to estimate the demand for worers and subse7uently, the supply for the available !ob title because we will have created a more concrete !ob description. )hus, rather than asing companies about their need for .information security analysts,1 we will be able to as specific professions in cybersecurity about their demand in industry. Professionalization A big issue about professionali(ation is how we go about professionali(ing cybersecurity. )he common method to do this is through certification. ./Certification serves0 as an indication of nowledge at a particular point in time.1 2&p85'
6ndeed, certification is important to employers because an employer would be able to have a basic understanding of the nowledge of the prospective employee and that they are being held at a certain ethical standard by the occupation. Examples of current professionally recogni(ed certificates include Certified 6nformation $ystems $ecurity *rofessional &C6$$*' and Certified *enetration )ester. ?owever, some employers don,t regard certification as a necessity@ rather, they loo at experience and educational achievements. "urthermore, it has been noted that the more silled cybersecurity specialists don,t hold any certification and this can seriously hurt the pool of silled applications. <ecause cybersecurity has a large range of worer types, certification may not be the route to go when considering professionali(ing cybersecurity. Recommendation by Report )he authors conclude that .activities by the federal government and other entities to professionali(e a cybersecurity occupation should be undertaen only when that occupation has well#defined and stable characteristics...1 2&p3A' 6n a sense, the report suggests that professionali(ation should be postponed. Each occupation in cybersecurity is continually changing as new threats emerge as a result of innovative technology that is being created every year. )his is definitely the accurate approach. -ith all the flurry of demand for cybersecurity worers, we should not immediately conclude that cybersecurity needs a professional title. -e need to openly discuss this and act accordingly as the community sees fit. )his report is the starting point and from here, our next step is to thin about more ways of professionali(ation, and more importantly, who should perform the professionali(ation. Future is ducation -hile we wait until each profession has matured, we should focus on the education aspect of cybersecurity, that is, training our future cybersecurity professionals. )he first step is for academic institutions to tae charge and we are seeing this happen right now. Cal *oly recently opened the Cal *oly Cybersecurity Center funded by +orthrup Brumman = and the University of $outh "lorida is proposing to build the "lorida Center for Cybersecurity 4 . -hen universities offer these programs, the pool of cybersecurity worers will increase as more students will be able to enroll and learn specific sills and nowledge re7uired to wor in the field. "urthermore, governments of all levels and corporations should help fund these initiatives. Establishing the first stepping stone for prospective cybersecurity professionals should be a concerted effort by the whole community. )he next step is to develop a practical and lean curriculum for the students and to update our existing curriculum. )he 6nformation $ecurity Curriculum produced in 8AA4 .does not address /the0 cyber#threats currently faced.1 8&p2' 6n order to prepare students for fieldwor, the curriculum must cover preparation, defense, and action, the common mentality of cybersecurity specialists. )o build upon this sill set, institutions should provide lab wor for students as cyber defense demands a more practical approach to teaching. All of these assets will build a valuable toolbox for students to tae with them once they enter the field. Why is ducation Important? Education does not only help students prepare for industry but also helps the industry,s organi(ation. )he ultimate goal we hope is to have cybersecurity, or its sub#fields, professionali(ed. -ith academic institutions taing the charge, curriculum will be developed for many cybersecurity !obs. Cuite possibly over time, refinements will be done to a curriculum and possibly even more defined occupations will be created. All of this benefits the progress towards professionali(ation because there will be more defined !ob descriptions for each aspect of cybersecurity. "rom there, we will have a systematic way of bringing a person from a student to a licensed professional. )hus, rather than fumbling around countless certifications, we should turn to education and universities for the solution to professionali(ation. Conclusion )he debate about professionali(ation is !ust getting started. -e have made the first step of identifying a possible need to professionali(e cybersecurity and have even made some suggestions as to when and how we should go about this process. -e should consider pushing universities to tae charge in preparing the students for field wor and at the same time shape the very definitions of each profession within cybersecurity. )he pathway to professionali(ation will be much more well#defined and in turn, cybersecurity will begin a new chapter in its history. References 8. Estrom D, Lunt <, Eowe %, editors. *roceedings of the 3>88 conference on 6nformation technology education@ 3>88 :ct 8A#33@ -est *oint, +F. +ew ForG AC;@ 3>88 :ct 3>. A p. doiG 8>.8842H3>452A4.3>4593I 3. Evans J, Eeeder ". A human capital crisis in cybersecurity. -ashington %CG Center for $trategic and 6nternational $tudies. 3>8> +ov. 49 p. Available fromG httpGHHdspace.cigilibrary.orgH!spuiHbitstreamH83=4295IAH=> >AIH8HAK3>?umanK3>CapitalK3>CrisisK3>in K3>Cybersecurity.pdfL8 =. Bonslaves. A. Cal poly !oins national cybersecurity educational effort. *C Advisor /6nternet0. /*lace Unnown0G /*ublisher Unnown0@ 3>8= /updated 3>8= +ov 35@ cited 3>8= %ec =0. Available fromG httpGHHwww.pcadvisor.co.uHnewsHsecurityH=4A8398Hcal# poly#!oins#national#cybersecurity#educational#effortH 4. ?ayes, $. U$" could become a hub for cybersecurity training. )ampa <ay )imes /6nternet0. 89 +ov 3>8= /cited 3>8= %ec =0. Available fromG httpGHHwww.tampabay.comHnewsHeducationHcollegeHusf# could#become#a#hub#for#cybersecurity#trainingH3823I== 2. +ational Academy of $ciences &U$'. *rofessionali(ing the nationMs cybersecurity worforceL /6nternet0. -ashington %C &U$'G +ational Academies *ress. c3>8= /cited 3>8= %ec =0. Available fromG httpGHHwww.nap.eduHopenboo.phpL recordNidO8I449PpageOE3 9. *erera, %. "ierceBovernment6) /6nternet0. /*lace Unnown0G /*ublisher Unnown0@ 3>8= /updated 3>8= $pep 8I@ cited 3>8= %ec=0. Available fromG httpGHHwww.fiercegovernmentit.comHstoryHcybersecurity# occupation#not#profession#says#reportH3>8=#>A#8I 5. University of ;aryland University College /6nternet0. Cybersecurity primer. /*lace Unnown0G /*ublisher Unnown0@ /date unnown0 /cited 3>8= %ec =0. Available fromG httpGHHwww.umuc.eduHcybersecurityHaboutHcybersecurity# basics.cfm