What Do You Learn in a Cybersecurity Program?
Written By: Mike McCarthy
Published: 4/29/2022
The number of cybersecurity degrees is increasing as politicians, businesses, and individuals become more aware of the serious effects of cybercrime and espionage. But how do these degree programs prepare students to join the information security workforce? The answer is that faculty in these programs are well-prepared to boost students' technical and relevant non-technical knowledge, skills, and abilities (KSAs). These KSAs can lead to careers in the cybersecurity field as a security architect or IT security engineer, for example, and can also translate to jobs in other sectors.
On this page, we discuss KSAs that are commonly taught in cybersecurity programs and highly valued by employers, according to the 2021 workforce survey by the International Information System Security Certification Consortium, or (ISC)². As you research cybersecurity degrees, you can use this information to ensure that an associate, bachelor's degree, or master's degree program covers the most important subjects.
Written By: Mike McCarthy
Published: 4/29/2022
The number of cybersecurity degrees is increasing as politicians, businesses, and individuals become more aware of the serious effects of cybercrime and espionage. But how do these degree programs prepare students to join the information security workforce? The answer is that faculty in these programs are well-prepared to boost students' technical and relevant non-technical knowledge, skills, and abilities (KSAs). These KSAs can lead to careers in the cybersecurity field as a security architect or IT security engineer, for example, and can also translate to jobs in other sectors.
On this page, we discuss KSAs that are commonly taught in cybersecurity programs and highly valued by employers, according to the 2021 workforce survey by the International Information System Security Certification Consortium, or (ISC)². As you research cybersecurity degrees, you can use this information to ensure that an associate, bachelor's degree, or master's degree program covers the most important subjects.
ADVERTISEMENT
Online Cybersecurity Degrees You May Be Interested In
Southern New Hampshire University Online
Annual Tuition: $9,600
6 Programs (view all)
ECPI University Online
Annual Tuition: $16,639 - $17,479
2 Programs (view all)
Grand Canyon University
Annual Tuition: $17,800
5 Programs (view all)
KSA 1: Technical Tools and Software
Developers debut cybersecurity technology tools all the time, and there's never a guarantee that the platforms you use in one job will translate to the work you'll do in the next. This is why cybersecurity degree programs tend to emphasize broad technical aptitude and adaptability. You'll learn particular software for some classes, and you may even use it for the duration of your degree, but your ability to pick up new tools and processes quickly is more important.
Below, we've listed some of the more common types of tools that cybersecurity faculty cover in their courses.
Antivirus software detects viruses, malware, ransomware, and other harmful programs infecting an employer's computer systems. Bitdefender and Norton are popular choices for learning.
Encryption software converts data into forms that are unreadable to anyone without the proper authorization. Examples include AxCrypt and Folder Lock.
Network intrusion detectors scan for malignant actors on a network and alert administrators of their findings. You may learn to use Security Onion, Snort, or SolarWinds Security Event Manager.
Penetration testing tools help you understand your system's weaknesses by attempting a harmless attack. You may learn tools that security professionals often use, such as Damn Vulnerable Web Applicable, Metasploitable, and Wireshark.
Programming languages form the basis of computer programs, including those used to defend against hackers. You will likely work with C++, JavaScript, Python, and SQL during your studies.
KSA 2: Cloud Security
As the (ISC)2 survey notes, many professionals had a tough time securing their employers' networks when the COVID-19 pandemic forced many workers to unexpectedly work remotely. But corporations and governments had been concerned about cloud security well before 2020; many organizations adopted a distributed workforce model in recent years, but even then couldn't always be sure who was on the other end of a network.
Cybersecurity professors recognized these concerns and developed classes on cloud security. These courses typically cover the following topics:
- The architecture of major cloud services, such as Amazon Web Services and Microsoft Azure
- The various vulnerabilities of software-as-a-service, infrastructure-as-a-service, and platform-as-a-service systems
- Account hijacking and challenges to remote access authorization
- Data leakage and abuse
KSA 3: Threat Intelligence and Analysis
Cybersecurity professionals try to protect sensitive data from prying eyes in order to safeguard their employers' operations. Threat intelligence and analysis form an important role in this process: If you understand the cyber threats an entity faces, you can plan to counter or mitigate them.
Courses in this KSA focus on practicing intelligence collection and analysis techniques rather than covering current threats in depth. This is because hackers develop new methods just as quickly as security experts can identify them. Professors want to ensure that you have the critical thinking and analytical skills necessary to identify and counter threats that don't exist yet.
If you understand the cyber threats an entity faces, you can plan to counter or mitigate them.
KSA 4: Risk Assessment and Management
This KSA is closely related to threat intelligence, but it refers to the potential consequences of cyberattacks rather than the forms they might take. For example, how might a newly identified malware program allow cybercriminals to steal customers' bank information?
As a student, you might take several courses on vulnerability assessments, penetration testing, ethical hacking, red team analysis, and risk management frameworks. Regulatory compliance is a related topic that is featured in some of these classes — government agencies and publicly traded companies must disclose certain information to regulators or shareholders, so they need to conform to security regulations and reporting requirements.
KSA 5: Computer Forensics
Not every cyber defense succeeds, and sometimes you need to figure out what happened after an attack. Computer forensics experts collect digital evidence from computers, systems, and networks to aid investigators and prosecutors in criminal proceedings.
Most degree programs include an introductory survey of this discipline that covers the chain of evidence, electronic document recovery, hash values, and forensic copies. If your program includes a concentration in computer forensics, you'll also study relevant legislation and case law, investigational ethics, and courtroom procedures.
KSA 6: Non-Technical Skills
Beyond technical knowledge, a cybersecurity major also emphasizes a skillset of adaptable abilities that you can apply to new situations. Below, we've listed the soft skills most highly prized by cybersecurity recruiters, according to the (ISC)2 survey and data from the analytics company Burning Glass Technologies. We also note possible assignments that might help you practice these skills during your degree program.
Problem-solving: Identifying the source of a distributed-denial-of-service attack, patching a vulnerability in a cloud-based network, running remote diagnostics on an operating system
Curiosity: Digging deep into digital forensics by examining files for digital fingerprints, running Metasploitable to find network security vulnerabilities, designing a new penetration test
Communication: Presenting a red team analysis to classmates and faculty, formatting a written regulatory report, using guided questioning to elicit information when troubleshooting
Strategic thinking: Analyzing strengths, weaknesses, opportunities, and threats after a penetration test to identify a virus's effects on a company's profitability, planning a system upgrade to minimize latency
Is Cybersecurity the Right Choice For Me?
Going by the numbers alone, cybersecurity is a great profession to enter — information security analysts earn high median salaries and the field is growing at a dizzying rate. In fact, this major continued to offer one of the best returns on investment during the tumult of the pandemic.
But the question is about more than numbers: Is cybersecurity the right career for you specifically? One way to approach an answer is to examine your existing strengths and abilities. Do you have an aptitude for learning programming languages, complex information technology software, and computer science concepts? Do you find yourself wondering how hackers pulled off a major breach of a retailer's firewall? Have you run a free penetration testing tool to check the strength of your own passwords? If you answered yes to these and related questions, then a cybersecurity career might suit you.
If you’re interested in cybersecurity, a degree in Information Technology may be another good option for you. Here’s what you need to know about the difference between a cybersecurity and information technology degree.
A cybersecurity major continued to offer one of the best returns on investment during the tumult of the pandemic.
However, it's OK if your existing knowledge doesn't sync perfectly with the KSAs that professors commonly teach in cybersecurity degree programs. It's more important that you have the willingness and ability to learn the fundamentals. A strong interest in the subject matter also helps — if that's the case, then cybersecurity may offer a chance to pursue your passion while embarking on a potentially lucrative and stable career path.
KSA 1: Technical Tools and Software
Developers debut cybersecurity technology tools all the time, and there's never a guarantee that the platforms you use in one job will translate to the work you'll do in the next. This is why cybersecurity degree programs tend to emphasize broad technical aptitude and adaptability. You'll learn particular software for some classes, and you may even use it for the duration of your degree, but your ability to pick up new tools and processes quickly is more important.
Below, we've listed some of the more common types of tools that cybersecurity faculty cover in their courses.
Antivirus software detects viruses, malware, ransomware, and other harmful programs infecting an employer's computer systems. Bitdefender and Norton are popular choices for learning.
Encryption software converts data into forms that are unreadable to anyone without the proper authorization. Examples include AxCrypt and Folder Lock.
Network intrusion detectors scan for malignant actors on a network and alert administrators of their findings. You may learn to use Security Onion, Snort, or SolarWinds Security Event Manager.
Penetration testing tools help you understand your system's weaknesses by attempting a harmless attack. You may learn tools that security professionals often use, such as Damn Vulnerable Web Applicable, Metasploitable, and Wireshark.
Programming languages form the basis of computer programs, including those used to defend against hackers. You will likely work with C++, JavaScript, Python, and SQL during your studies.
KSA 2: Cloud Security
As the (ISC)2 survey notes, many professionals had a tough time securing their employers' networks when the COVID-19 pandemic forced many workers to unexpectedly work remotely. But corporations and governments had been concerned about cloud security well before 2020; many organizations adopted a distributed workforce model in recent years, but even then couldn't always be sure who was on the other end of a network.
Cybersecurity professors recognized these concerns and developed classes on cloud security. These courses typically cover the following topics:
- The architecture of major cloud services, such as Amazon Web Services and Microsoft Azure
- The various vulnerabilities of software-as-a-service, infrastructure-as-a-service, and platform-as-a-service systems
- Account hijacking and challenges to remote access authorization
- Data leakage and abuse
KSA 3: Threat Intelligence and Analysis
Cybersecurity professionals try to protect sensitive data from prying eyes in order to safeguard their employers' operations. Threat intelligence and analysis form an important role in this process: If you understand the cyber threats an entity faces, you can plan to counter or mitigate them.
Courses in this KSA focus on practicing intelligence collection and analysis techniques rather than covering current threats in depth. This is because hackers develop new methods just as quickly as security experts can identify them. Professors want to ensure that you have the critical thinking and analytical skills necessary to identify and counter threats that don't exist yet.
If you understand the cyber threats an entity faces, you can plan to counter or mitigate them.
KSA 4: Risk Assessment and Management
This KSA is closely related to threat intelligence, but it refers to the potential consequences of cyberattacks rather than the forms they might take. For example, how might a newly identified malware program allow cybercriminals to steal customers' bank information?
As a student, you might take several courses on vulnerability assessments, penetration testing, ethical hacking, red team analysis, and risk management frameworks. Regulatory compliance is a related topic that is featured in some of these classes — government agencies and publicly traded companies must disclose certain information to regulators or shareholders, so they need to conform to security regulations and reporting requirements.
KSA 5: Computer Forensics
Not every cyber defense succeeds, and sometimes you need to figure out what happened after an attack. Computer forensics experts collect digital evidence from computers, systems, and networks to aid investigators and prosecutors in criminal proceedings.
Most degree programs include an introductory survey of this discipline that covers the chain of evidence, electronic document recovery, hash values, and forensic copies. If your program includes a concentration in computer forensics, you'll also study relevant legislation and case law, investigational ethics, and courtroom procedures.
KSA 6: Non-Technical Skills
Beyond technical knowledge, a cybersecurity major also emphasizes a skillset of adaptable abilities that you can apply to new situations. Below, we've listed the soft skills most highly prized by cybersecurity recruiters, according to the (ISC)2 survey and data from the analytics company Burning Glass Technologies. We also note possible assignments that might help you practice these skills during your degree program.
Problem-solving: Identifying the source of a distributed-denial-of-service attack, patching a vulnerability in a cloud-based network, running remote diagnostics on an operating system
Curiosity: Digging deep into digital forensics by examining files for digital fingerprints, running Metasploitable to find network security vulnerabilities, designing a new penetration test
Communication: Presenting a red team analysis to classmates and faculty, formatting a written regulatory report, using guided questioning to elicit information when troubleshooting
Strategic thinking: Analyzing strengths, weaknesses, opportunities, and threats after a penetration test to identify a virus's effects on a company's profitability, planning a system upgrade to minimize latency
Is Cybersecurity the Right Choice For Me?
Going by the numbers alone, cybersecurity is a great profession to enter — information security analysts earn high median salaries and the field is growing at a dizzying rate. In fact, this major continued to offer one of the best returns on investment during the tumult of the pandemic.
But the question is about more than numbers: Is cybersecurity the right career for you specifically? One way to approach an answer is to examine your existing strengths and abilities. Do you have an aptitude for learning programming languages, complex information technology software, and computer science concepts? Do you find yourself wondering how hackers pulled off a major breach of a retailer's firewall? Have you run a free penetration testing tool to check the strength of your own passwords? If you answered yes to these and related questions, then a cybersecurity career might suit you.
If you’re interested in cybersecurity, a degree in Information Technology may be another good option for you. Here’s what you need to know about the difference between a cybersecurity and information technology degree.
A cybersecurity major continued to offer one of the best returns on investment during the tumult of the pandemic.
However, it's OK if your existing knowledge doesn't sync perfectly with the KSAs that professors commonly teach in cybersecurity degree programs. It's more important that you have the willingness and ability to learn the fundamentals. A strong interest in the subject matter also helps — if that's the case, then cybersecurity may offer a chance to pursue your passion while embarking on a potentially lucrative and stable career path.
Related Articles
2023 Best Online Cybersecurity Degrees
Cybersecurity is a popular field, and an online bachelor's program can be a smart choice. Find the best schools in 2023 for online cybersecurity degrees.
By OnlineU Staff Writers | 3/14/2023