From Degree to Chief Information Security Officer (CISO): A Framework for Consideration

Wendi M. Kappers; Martha Nanette Harrell

Download Paper | Permalink

Conference: 2020 ASEE Virtual Annual Conference Content Access
Location: Virtual On line
Publication Date: June 22, 2020
Start Date: June 22, 2020
End Date: June 26, 2021
Conference Session: Computing and Information Technology Division Technical Session 9
Tagged Division: Computing and Information Technology
Page Count: 37
DOI: 10.18260/1-2--34694
Permanent URL: https://peer.asee.org/34694
Download Count: 858

Paper Authors

biography

Wendi M. Kappers Embry-Riddle Aeronautical University, Daytona Beach orcid.org/0000-0002-7491-5276

visit author page

Wendi M. Kappers has a Ph.D. in Instructional Technology from the University of Central Florida (UCF). Her thesis work explored how educational video game effects upon mathematics achievement and motivation scores differed between the sexes. During her tenure at Seminole Community College working as a tenured Professor and Program Manager of the Network Engineering Program, she was Co-PI for the CSEMS NSF grant that explored collaborative administration and industry mentorship planning used to increase enrollments of woman and minorities with declared majors in the areas of Computer Science (CS), Engineering (E), Mathematics (M), and Science (S). Currently, Dr. Kappers is an Assistant Professor within the M.S. in Information Security & Assurance (MISA) within Embry-Riddle Aeronautical University's (ERAU) College of Business, Worldwide Campus, and teaches within the College of Engineering for the Daytona Beach Campus of ERAU. Teaching responsibilities include: RSCH 202 – Introduction to Research, CS120 – Introduction to Computing in Aviation, and the entire collection of MISA-related program courses as needed. Both positions allow her to stay focused upon real-life educational and classroom issues while designing courses that explore technology utilization that is based on structured learning principles and practices. She is an experienced Computer Engineer, Teaching and Learning Center Director, and an Instructional Designer, designing in Blackboard, WebCT, eCollege, and Canvas, and holds many industry-related certifications including the Microsoft Certified Systems Engineer (MCSE) and Trainer (MCT) certificates.

visit author page

biography

Martha Nanette Harrell Arkansas Tech University

visit author page

Dr. Nan Harrell is an assistant professor in the College of Engineering and Applied Science for Arkansas Tech University. Prior to this position, she was the Information Systems Manager and Cyber Security Officer for the Arkansas Office of Health Information Technology (OHIT). She worked with the team at OHIT to implement the State Health Alliance for Records Exchange (SHARE). Dr. Harrell has over 25 years’ experience with the technology field, serving as an educator, implementer, and manager. Dr. Harrell is a certified Project Manager and a Certified Public Manager. She has worked with the Arkansas State Cyber Security Office to ensure successful implementation of many State security projects, one of which received the George C. Askew Outstanding Project Award for Certified Public Managers.

visit author page

Download Paper | Permalink

Abstract

Abstract: Educational entities are establishing program degree content designed to ensure cybersecurity and information security assurance skills are adequate and efficient for preparing students to be successful in this very important field. Many Master’s level programs include courses that address these skills in an attempt to provide a well-rounded program of study. However, undergraduates who are in the practitioner’s world have other alternatives to gain these skills. These individuals can gain various certifications, such as the Certified Information Systems Security Professional (CISSP) or the Certified Information Security Manager (CISM). Due to a perceived gap between academics and field knowledge, it appears that academic programs may not fully consider the very specific competencies of C-Suite members (e.g. Chief Information Security Officer (CISO)) since field certification may be the only validation of such skills. Therefore, a framework from degree to industry employment acceptance is needed. To this end, the current study suggests the use of a framework in which to examine and compare C-Suite competencies versus academic preparations. Ultimately, this framework will assist researchers in examining the actual, current job tasks of C-Suite members. Since the CISO position is new to the industry, becoming a common job title within only the last few years, the reporting structure for the CISO varies widely and various organizations have differing expectations of the position [1]. Therefore, the initial phases of this study focus solely upon this position as the starting benchmark. This paper explores historical aspects of the workforce skills gap in the area of computer security while providing survey validation results from Phase I of this project. This pilot investigation invited faculty (n=5; 24% response rate) who are both practitioners and academicians to support this examination and the acceptance of said framework. Demographic data includes a comparison between degree attainment and employment position, and asked respondents to compare academic preparatory tasks to that of required job market skills - those skills collected from the literature and employment position descriptions taken from Yahoo, Google, Monster, Indeed, and other HR-advertised locations. Lastly, respondents were asked to rank these skills by importance to establish the framework baseline of comparison. Future phases of this project will include a larger sample and Delphi results gathered during the ranking phase of this effort. Recommendations for future program designs will be provided upon the completion of the overall study. Keywords: C-Suite, Skills gap, CISO, Security, Information Assurance, Curriculum, Industry Competencies

Citation
Format

Kappers, W. M., & Harrell, M. N. (2020, June), From Degree to Chief Information Security Officer (CISO): A Framework for Consideration Paper presented at 2020 ASEE Virtual Annual Conference Content Access, Virtual On line . 10.18260/1-2--34694

TY - CPAPER
AB - Abstract: Educational entities are establishing program degree content designed to ensure cybersecurity and information security assurance skills are adequate and efficient for preparing students to be successful in this very important field. Many Master’s level programs include courses that address these skills in an attempt to provide a well-rounded program of study. However, undergraduates who are in the practitioner’s world have other alternatives to gain these skills. These individuals can gain various certifications, such as the Certified Information Systems Security Professional (CISSP) or the Certified Information Security Manager (CISM). Due to a perceived gap between academics and field knowledge, it appears that academic programs may not fully consider the very specific competencies of C-Suite members (e.g. Chief Information Security Officer (CISO)) since field certification may be the only validation of such skills. Therefore, a framework from degree to industry employment acceptance is needed.
To this end, the current study suggests the use of a framework in which to examine and compare C-Suite competencies versus academic preparations. Ultimately, this framework will assist researchers in examining the actual, current job tasks of C-Suite members. Since the CISO position is new to the industry, becoming a common job title within only the last few years, the reporting structure for the CISO varies widely and various organizations have differing expectations of the position [1]. Therefore, the initial phases of this study focus solely upon this position as the starting benchmark.
This paper explores historical aspects of the workforce skills gap in the area of computer security while providing survey validation results from Phase I of this project. This pilot investigation invited faculty (n=5; 24% response rate) who are both practitioners and academicians to support this examination and the acceptance of said framework. Demographic data includes a comparison between degree attainment and employment position, and asked respondents to compare academic preparatory tasks to that of required job market skills - those skills collected from the literature and employment position descriptions taken from Yahoo, Google, Monster, Indeed, and other HR-advertised locations.
Lastly, respondents were asked to rank these skills by importance to establish the framework baseline of comparison. Future phases of this project will include a larger sample and Delphi results gathered during the ranking phase of this effort. Recommendations for future program designs will be provided upon the completion of the overall study.
Keywords: C-Suite, Skills gap, CISO, Security, Information Assurance, Curriculum, Industry Competencies
AU - Wendi M. Kappers
AU - Martha Nanette Harrell
CY - Virtual On line
DA - 2020/06/22
PB - ASEE Conferences
TI - From Degree to Chief Information Security Officer (CISO): A Framework for Consideration
UR - https://peer.asee.org/34694
DO - 10.18260/1-2--34694
ER -