Many academic programs strive to be responsive to the needs of the job market. This often means that instructors focus on tangible and practical skills that graduates can use in a future workplace.
But that’s not all employers want. Scott Buck, university program director at Intel Corporation, is working with industry and academic leaders to draft a document that gives guidance on undergraduate cybersecurity curricula. A joint effort of several associations, including the Association for Computing Machinery and the IEEE Computer Society, the draft document offers a defense of a liberal and interdisciplinary education, which focuses on things like communication skills and ethics.
Quick change keeps programs current, but time is needed to ensure quality. The challenge: finding a way to have both.
Mr. Buck spoke with The Chronicle about industry’s perspective on cybersecurity curriculum and how Intel sponsors faculty members to develop certain courses. The interview has been edited for length and clarity.
Q. A draft of the curriculum document mentioned a lot of soft skills that industry seemed to want, like the ability to communicate and work with a team, as well as knowledge of interdisciplinary contexts, like the legal and policy framework. What are the most important skills to Intel and to industry at large?
A. In terms of general skills, teamwork and the ability to work in a very fluid environment. Ninety-nine percent of the people coming out of academia don’t necessarily have the right skill set needed. What they have is the knowledge area to learn those skill sets. They come into industry, they get brought into teams, they get sent out to technical training and then brought up to speed in those areas.
But when you look at what happens in industry, Intel is governed a lot by ethics and perception of things that students might not really have. There’s ethical training inside Intel about the right to privacy and how you deal with the different ethnicities and cultures within Intel, which is a global company. Students in the U.S. and elsewhere, they don’t have those skill sets yet; they need to be developed.
Q. Do you want the ethical training and the intercultural awareness to be taught within the major, or is it better to have it be learned on the job?
A. It’s both. There’s a foundation that can be derived from the academic community and finalized within their job role. For each company that hires and for each role, there’s going to be a different perspective. But a lot of things that we are now discussing around machine learning, around cybersecurity, is the ethical approach to privacy and handling personal data. Is there protection around that information that’s considered private information or sensitive information? I don’t think students in school really have a grasp on that. Students need to understand that it’s not just data. Those can be people’s lives.
Q. Because technology changes so fast, have you thought about what the ideal relationship is between industry and academe to make sure that curricula keep pace with market demand in terms of skills?
A. I’ve had this discussion so many times. That’s a big challenge because things do move so fast and the academic community does not. That’s always been one of those tug of wars: How do you keep standards up and keep what students are learning in perspective?
When I [as university program director at Intel] sponsor a faculty member to create content, it usually takes them a semester to create the content, usually having a graduate student or a postdoc help. Then the second semester they teach it, refine it, and then I get that end product. Well, that’s a year investment for Intel.
Q. What are the other barriers as you see it to advancing cybersecurity education?
A. If we look at a computer-science degree, it is packed with more content than can be taught in the number of degree hours. So in order to add more, we have to take away from other areas. And that’s a balance. What do you take out of your degree program to add in more cybersecurity? Even though there’s a lot of market demand from both industry and the government for skilled cybersecurity students, how do you get the institute to commit to that? They might say, cybersecurity is not where we want to start adding courses. We might want to look at adding machine learning, deep learning, or artificial-intelligence courses because that looks like it’s the new demand.
