Digital defenders: meeting the need for talent, bridging the business-technology gap
October 28, 2019

Nick Herman once led a global corporate campaign to trick people into clicking on a fictitious link. He created fake websites and phishing emails in different languages.
Herman is no cyber fraudster — quite the contrary. Interning at a high-technology manufacturer in Charlotte, N.C., during his freshman year at Virginia Tech, he was put in charge of the phishing project to promote cybersecurity mindfulness throughout the company.
“The biggest issue in cybersecurity is the lack of awareness,” said Herman, who was self-employed as an IT consultant in high school. And lack of cyber education and awareness, he said, can lead to phishing attacks, which “are the number one way cyber criminals infiltrate a system.”

Arpit Soni wants to launch his own business to help organizations better defend themselves against cyber intruders. Network security, he said, is where vulnerabilities are being relentlessly exploited.
Soni values the part-time positions he has held at Apple, Home Depot, and Virginia Tech Dining Services. The sales and customer-service jobs were exceptional learning experiences that let him improve his problem-solving and communication skills, said Soni, who is already well versed in computer languages, some of which he taught himself.
Cybersecurity management and analytics at Pamplin
Herman and Soni, both juniors majoring in business information technology in the Pamplin College of Business, leapt at the chance to pursue a new academic option this fall in cybersecurity management and analytics.
“When I saw that Pamplin will start offering cybersecurity, I immediately booked a one-on-one meeting with my advisor to make the switch from the decision support systems option,” said Soni, who has a second major in finance. The cyber option, he said, would equip him with the skills and knowledge “to protect systems from security threats and damages, as threats to systems will never go away.”
Herman has set his sights on a career in cybersecurity and business. “The cyber option will allow me to take classes that are focused on my goal,” he said. “I want to learn how cybersecurity is important and relevant to business as opposed to being a computer science major who focuses only on the technical aspects and not also the business aspects.”

Herman and Soni can expect that the knowledge and skills they gain will be in great demand when they graduate.
As data breaches and cyberattacks continue to grow, employers — businesses, government agencies, and others — are seeking employees with the right skills to help them.
The tremendous need for such expertise prompted Pamplin to develop the cybersecurity option as part of the college’s business information technology major. The option offers undergraduates a field study with a sponsoring organization in the greater Washington, D.C. metro area.
The option fills a huge gap in cybersecurity education, said Robin Russell, head of Pamplin’s Department of Business Information Technology.
Citing workforce analytics research, Russell notes that the vast majority of cybersecurity education programs are at the graduate level — even though 84% of job postings in cybersecurity require only a bachelor’s degree — and are technically focused, originating in engineering or computer science.
“Our industry partners tell us there is a great need for problem-solvers who have business as well as technical skills,” she said. “They need graduates who understand the technical issues of data, IT, and cyberattacks — and also know how to use data to support business functions and management decisions, including how to articulate the risk and ramifications of alternative cyber strategies.”
Business information technology — the second largest major at Virginia Tech, with 1,200-plus students — deals with data, people, and technology.
Through two long established options for specialization — decision support systems and operations and supply chain management — students learn to build IT systems that help managers run their organizations and make decisions, or learn to use data and technology to manage operations across a global supply chain.
Meeting the demand for talent
The new cyber option would help meet the tremendous need for talent in this field, Russell said. Given the dramatic increases in cyber threats and the continued shortfall of cyber-skilled professionals — 3.5 million cybersecurity jobs are estimated to be unfilled by 2021, according to Cybersecurity Ventures — Russell said the need for more students educated in cybersecurity is a major priority for Virginia, as well as a matter of national security.
n the D.C. area, where Virginia Tech will build its new, technology-focused Innovation Campus, the demand for such professionals is especially intense — more than double the need of the New York metro area, more than five times the Boston area, and almost seven times that of Silicon Valley.
In developing the option, Russell and her faculty have been guided by experts in the industry who also serve on the department’s advisory board, including Deborah Golden of Deloitte & Touche and Baback Bazri of Ernst & Young.
Both Golden and Bazri have noted the need for more professionals who can bring valuable business and management skills and approaches to problem solving and decision making in cybersecurity.

An article in the WashingtonExec newsletter noted Golden’s enthusiasm for bridging the gap between business and technology in her work. “It’s my ability to bring technology and innovation [together] with business and the ability to execute on a problem — while at the same time considering risk and its impact on multiple stakeholders — that makes it exciting for me,” she said.
Said Bazri: “Because there are so many bad actors out there, it is critical that businesses understand, assess, and manage third-party and supply-chain risks, and that includes a knowledge of mission-critical vendors and the risk they pose to their organizations.”
Besides contributing new recruits with cybersecurity and business skills to the workforce, the program will also help fuel the pipeline of graduate student talent for the Innovation Campus.
The curriculum for the option comprises four required courses on networks and telecommunications in business, information security, cybersecurity analytics in business, and internet law, as well as six credit-hours of fieldwork. Students can choose electives from six courses, including a new course on data governance, privacy, and ethics.
The option, which reflects one of Pamplin’s strategic focus areas, is among the ways the college seeks to contribute to Virginia’s Commonwealth Cybersecurity Initiative. Its faculty are also conducting research, teaching courses in the nation’s top-ranked online master’s program in cybersecurity, and offering executive education programs on this subject in the D.C. area.
For Herman and Soni, thoughts of jobs and their professional futures can wait a while. For now, they’re planning on making the most of all the learning experiences that the new cybersecurity option offers them, on campus and beyond, over the next two years.
– Sookhan Ho
By the numbers
80%
Percentage of U.S. companies experiencing serious cyberattacks annually
5,000 ransom attacks
Daily average number of ransom attacks on U.S. industry
195 days
Average number of days companies take to discover a data breach
100 billion dollars
Annual total economic cost of cyberattacks worldwide
3.5 million
Number of unfilled cybersecurity jobs estimated by 2021
