Asia's education institutions are not doing enough to offer cybersecurity as a core teaching subject to students, choosing instead to focus on basic IT skills such as software programming and database management.
This is contributing to the lower pay security professionals in the region are earning compared to their counterparts around the world, according to industry watchers.
Scott Robertson, Asia-Pacific vice president of WatchGuard Technologies, said in comparing the curriculum found in tertiary institutions between Asia and America, the main difference is that online security is integrated within the course structure for the latter. In Asia, such topics remain an elective but is not mandatory for students to attend, he noted.
In general, most institutions in the region which offer degree or diploma courses center their curriculum around programming, coding and database management, Robertson pointed out.
The few schools to have made cybersecurity courses mandatory include Singapore's Temasek Polytechnic's Diploma in Cyber & Digital Security as well as Universiti Teknologi Malaysia's Bachelor of Computer Science in Computer Networks and Security, he added.
Corey Schou, vice chairperson of International Information Systems Security Certification Consortium's (ISC2) board of directors, agreed. While it is difficult to generalize across the many different economies in Asia-Pacific since each has its own unique needs, many tertiary institutes in the region generally focus on highly technical aspects instead of cybersecurity, he said.
Schou, who is also the associate dean for computer information systems program at Idaho State University in the United States, said this is "natural" since many of these topics attract bright young students to enroll with the school and it would give them a good grounding in the design and implementation of computer programs.
Both industry watchers' comments are in response to Clayton Jones, managing director of ISC2 Asia-Pacific, who said the salary difference between certified and non-certified security professionals in the region is 23 percent higher in Asia-Pacific than the global average of 33 percent. He attributed this larger gap to the fact that many universities in the region do not have formal and specialized degrees for cybersecurity.
Industry-led recognition of security pros
Beyond bridging the salary gap, Robertson believes schools should look to integrate security courses as part of their core curriculum given that online security has become the one of the top concerns and challenges for businesses today. And more institutions are starting to do so, he added.
The Singapore Management University’s (SMU) School of Information Systems is one school that has made its Information Security and Trust module a core course in its Bachelor of Science in Information Systems Management since 2011.
It has also expanded its range of information security-related elective offerings for the academic year starting August 2013, Steven Miller, the school's dean and vice provost of research, told ZDNet Asia.
In addition, the school has a student special interest group in information security called "SMU White Hats" which organizes cybersecurity-related activities such as seminars and competitions for SMU’s undergraduate student community, Miller added.
Robertson also called for the wider IT industry to recognize the value of security professionals by closing the salary gap between security staff and other IT professionals. This way, security executives will have additional incentive to get the appropriate certification as they improve their skillset and earning power, he stated.
"With more professionals getting certified, there will be a shortage in non-certified professionals, which will likely and hopefully lead to their standard remuneration to increase, leaving less difference between non-certified and certified," the executive said.