Internships alone insufficient for cybersecurity education

Internships alone insufficient for cybersecurity education

Summary: Short internship stints aren't enough for students to learn about IT security, and their skills may be irrelevant by the time they enter the workforce due to changing threat landscape.


SINGAPORE--Internship stints run too short for students to pick up core skills crucial in the IT security environment, which is rapidly evolving with new threats emerging daily. On top of that, skillsets of Singapore IT professionals are still rooted in traditional perimeter and network security.

Even though internships provide students a flavor and overview of what the IT security profession entails, its main limitation lies in its short duration of two to six months, noted Subhendu Sahu, Symantec's business development director for government and public sector.

Speaking to ZDNet Asia in an interview here Wednesday, he explained the duration is not sufficient for organizations to provide basic training and awareness for students specializing in the IT security field.

Basic training which Symantec imparts in corporate training programs includes how to prevent a security breach, shutting down a compromised asset, and defense and counter measures against hackers. These require more than a few months to train, lasting longer than the duration of the internship, Sahu said.

Steven Miller, vice provost of research and dean of School of Information Systems at Singapore Management University (SMU), added IT industries including IT security are not static and are always changing. New technology and security threats evolve everyday, and companies change business direction after a few months, explained Miller who was also present at the interview.

"Students need to learn continuously when it comes to IT security. Whatever they learn during the internship would be irrelevant by the time they come out and work, due to the fast-paced nature of the industry," he noted.

Sahu said, though, it would be "unrealistic" for students to spend a year interning at an organization as it would affect the time they need to graduate.

Miller said schools should, hence, play a bigger part by giving students the ability to adapt to the industry changes as well as the principles to guide their future experiences.

It is with this in mind that Symantec and SMU last month established a Memorandum of Understanding(MoU) to equip students with the latest knowledge and skillsets in information security. In addition to offering student internships at Symantec under this memorandum, the security vendor will mentor the students in their research project, hold in-depth discussions with students on IT security issues, and conduct security intelligence briefings for students, Sahu said.

Singapore IT talent lacking in mobility, cloud skills
While Singapore has been proactive in cybersecurity education, with several self-organized interest groups including the Association of Information Security Professionals (AISPs), the local IT security industry still faces challenges in finding people with the right skills, Miller pointed out.

He said the skillsets of IT security professionals are still focused on traditional security tactics at the perimeter and network such as intrusion detection system (IDS) and network monitoring.

However, the IT security landscape is ever-changing, with the cyber environment becoming more "complicated", Miller pointed out. There are new issues surrounding mobility, especially with the bring-your-own-device (BYOD) trend, the emphasis on data security and issues of data privacy with Singapore's Personal Data Protection Act, and the widespread usage of cloud by companies which also poses security risks, he noted.

In this complex IT environment, IT professionals need to start picking up skills which deal with data security and privacy, along with software and application security, Miller remarked.

He said SMU's School of Information Systems, under the MoU with Symantec, will be working on core projects around mobility and data, to help students keep up with the latest IT trends and potential security issues.

Topics: Security, Singapore, Education

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Change is the only thing that is constant ..

    Agree with the writer .. These days one should think out of the box to get better results ... like few best essay writing service
    Abby Smith
  • Not just for security

    For just about any IT-related subfield, as well as in most other job fields, a short-term internship should never be seen as a replacement for formal training & education. Yes, it helps with some valuable 'on-the-job' training. But if there's no foundation for that training to build off of, you're left with a very shaky & limited background to work with.

    To put it better in perspective, who would you trust more to act as a financial adviser for your business: the person that has a degree in financial planning and at least 1 professional certification in it...or the person that attended a 2-day seminar about financial planning & now says they're "qualified"?
    • IT security field and so-called college education

      Even with a "so-called" college degree ( which by the way isn't worth the paper its printed on) people will be behind. It takes hands on training and constant learning with the product to be able to keep up. A college degree nowadays just means you know how to flip burgers at a McDonalds or making tacos at a "Toxic Hell".
      Vergil Lawrence
      • Maybe a "communications" degree

        And anyway, if that were the case, that would mean *your* degree would be "worthless" as well.... and therefore *you* weren't qualified to do anything but "flip burgers" either.

        To say that a college graduate has *no* edge in knowledge/training, or even classroom-based experience, over a person with no college-level training (especially someone straight out of high school) is simply ridiculous. And before you start trying to hold up child or teen prodigies that supposedly blow away college graduates, realize that you're comparing individuals from the "cream of the crop" to the "average". Try comparing those non-college-attending prodigies with their peers that went on to attend college, & I guarantee you'll see a marked difference in knowledge & skill levels among the college graduates.

        But better yet, the next time you get sick and need to see a medical professional, try finding a "qualified" medical professional that *didn't* at least achieve a bachelor's degree, let alone went the full medical school/residency path...especially when you need more specialized treatments (i.e. surgery, organ transplants, chemotherapy, endocronology testing, etc.). After all, since the knowledge is just available in books or online, people should be able to "teach themselves" & become just as expert as the "idiots" that paid to attend college...right?