Internships alone insufficient for cybersecurity education

Short internship stints aren't enough for students to learn about IT security, and their skills may be irrelevant by the time they enter the workforce due to changing threat landscape.

SINGAPORE--Internship stints run too short for students to pick up core skills crucial in the IT security environment, which is rapidly evolving with new threats emerging daily. On top of that, skillsets of Singapore IT professionals are still rooted in traditional perimeter and network security.

Even though internships provide students a flavor and overview of what the IT security profession entails, its main limitation lies in its short duration of two to six months, noted Subhendu Sahu, Symantec's business development director for government and public sector.

Speaking to ZDNet Asia in an interview here Wednesday, he explained the duration is not sufficient for organizations to provide basic training and awareness for students specializing in the IT security field.

Basic training which Symantec imparts in corporate training programs includes how to prevent a security breach, shutting down a compromised asset, and defense and counter measures against hackers. These require more than a few months to train, lasting longer than the duration of the internship, Sahu said.

Steven Miller, vice provost of research and dean of School of Information Systems at Singapore Management University (SMU), added IT industries including IT security are not static and are always changing. New technology and security threats evolve everyday, and companies change business direction after a few months, explained Miller who was also present at the interview.

"Students need to learn continuously when it comes to IT security. Whatever they learn during the internship would be irrelevant by the time they come out and work, due to the fast-paced nature of the industry," he noted.

Sahu said, though, it would be "unrealistic" for students to spend a year interning at an organization as it would affect the time they need to graduate.

Miller said schools should, hence, play a bigger part by giving students the ability to adapt to the industry changes as well as the principles to guide their future experiences.

It is with this in mind that Symantec and SMU last month established a Memorandum of Understanding(MoU) to equip students with the latest knowledge and skillsets in information security. In addition to offering student internships at Symantec under this memorandum, the security vendor will mentor the students in their research project, hold in-depth discussions with students on IT security issues, and conduct security intelligence briefings for students, Sahu said.

Singapore IT talent lacking in mobility, cloud skills
While Singapore has been proactive in cybersecurity education, with several self-organized interest groups including the Association of Information Security Professionals (AISPs), the local IT security industry still faces challenges in finding people with the right skills, Miller pointed out.

He said the skillsets of IT security professionals are still focused on traditional security tactics at the perimeter and network such as intrusion detection system (IDS) and network monitoring.

However, the IT security landscape is ever-changing, with the cyber environment becoming more "complicated", Miller pointed out. There are new issues surrounding mobility, especially with the bring-your-own-device (BYOD) trend , the emphasis on data security and issues of data privacy with Singapore's Personal Data Protection Act , and the widespread usage of cloud by companies which also poses security risks , he noted.

In this complex IT environment, IT professionals need to start picking up skills which deal with data security and privacy, along with software and application security, Miller remarked.

He said SMU's School of Information Systems, under the MoU with Symantec, will be working on core projects around mobility and data, to help students keep up with the latest IT trends and potential security issues.

Show Comments