Asee peer logo

From Degree to Chief Information Security Officer (CISO): A Framework for Consideration

Download Paper |

Conference

2020 ASEE Virtual Annual Conference Content Access

Location

Virtual On line

Publication Date

June 22, 2020

Start Date

June 22, 2020

End Date

June 26, 2021

Conference Session

Computing and Information Technology Division Technical Session 9

Tagged Division

Computing and Information Technology

Page Count

37

DOI

10.18260/1-2--34694

Permanent URL

https://peer.asee.org/34694

Download Count

672

Request a correction

Paper Authors

biography

Wendi M. Kappers Embry-Riddle Aeronautical University, Daytona Beach Orcid 16x16 orcid.org/0000-0002-7491-5276

visit author page

Wendi M. Kappers has a Ph.D. in Instructional Technology from the University of Central Florida (UCF). Her thesis work explored how educational video game effects upon mathematics achievement and motivation scores differed between the sexes. During her tenure at Seminole Community College working as a tenured Professor and Program Manager of the Network Engineering Program, she was Co-PI for the CSEMS NSF grant that explored collaborative administration and industry mentorship planning used to increase enrollments of woman and minorities with declared majors in the areas of Computer Science (CS), Engineering (E), Mathematics (M), and Science (S). Currently, Dr. Kappers is an Assistant Professor within the M.S. in Information Security & Assurance (MISA) within Embry-Riddle Aeronautical University's (ERAU) College of Business, Worldwide Campus, and teaches within the College of Engineering for the Daytona Beach Campus of ERAU. Teaching responsibilities include: RSCH 202 – Introduction to Research, CS120 – Introduction to Computing in Aviation, and the entire collection of MISA-related program courses as needed. Both positions allow her to stay focused upon real-life educational and classroom issues while designing courses that explore technology utilization that is based on structured learning principles and practices. She is an experienced Computer Engineer, Teaching and Learning Center Director, and an Instructional Designer, designing in Blackboard, WebCT, eCollege, and Canvas, and holds many industry-related certifications including the Microsoft Certified Systems Engineer (MCSE) and Trainer (MCT) certificates.

visit author page

biography

Martha Nanette Harrell Arkansas Tech University

visit author page

Dr. Nan Harrell is an assistant professor in the College of Engineering and Applied Science for Arkansas Tech University. Prior to this position, she was the Information Systems Manager and Cyber Security Officer for the Arkansas Office of Health Information Technology (OHIT). She worked with the team at OHIT to implement the State Health Alliance for Records Exchange (SHARE). Dr. Harrell has over 25 years’ experience with the technology field, serving as an educator, implementer, and manager. Dr. Harrell is a certified Project Manager and a Certified Public Manager. She has worked with the Arkansas State Cyber Security Office to ensure successful implementation of many State security projects, one of which received the George C. Askew Outstanding Project Award for Certified Public Managers.

visit author page

Download Paper |

Abstract

Abstract: Educational entities are establishing program degree content designed to ensure cybersecurity and information security assurance skills are adequate and efficient for preparing students to be successful in this very important field. Many Master’s level programs include courses that address these skills in an attempt to provide a well-rounded program of study. However, undergraduates who are in the practitioner’s world have other alternatives to gain these skills. These individuals can gain various certifications, such as the Certified Information Systems Security Professional (CISSP) or the Certified Information Security Manager (CISM). Due to a perceived gap between academics and field knowledge, it appears that academic programs may not fully consider the very specific competencies of C-Suite members (e.g. Chief Information Security Officer (CISO)) since field certification may be the only validation of such skills. Therefore, a framework from degree to industry employment acceptance is needed. To this end, the current study suggests the use of a framework in which to examine and compare C-Suite competencies versus academic preparations. Ultimately, this framework will assist researchers in examining the actual, current job tasks of C-Suite members. Since the CISO position is new to the industry, becoming a common job title within only the last few years, the reporting structure for the CISO varies widely and various organizations have differing expectations of the position [1]. Therefore, the initial phases of this study focus solely upon this position as the starting benchmark. This paper explores historical aspects of the workforce skills gap in the area of computer security while providing survey validation results from Phase I of this project. This pilot investigation invited faculty (n=5; 24% response rate) who are both practitioners and academicians to support this examination and the acceptance of said framework. Demographic data includes a comparison between degree attainment and employment position, and asked respondents to compare academic preparatory tasks to that of required job market skills - those skills collected from the literature and employment position descriptions taken from Yahoo, Google, Monster, Indeed, and other HR-advertised locations. Lastly, respondents were asked to rank these skills by importance to establish the framework baseline of comparison. Future phases of this project will include a larger sample and Delphi results gathered during the ranking phase of this effort. Recommendations for future program designs will be provided upon the completion of the overall study. Keywords: C-Suite, Skills gap, CISO, Security, Information Assurance, Curriculum, Industry Competencies

Kappers, W. M., & Harrell, M. N. (2020, June), From Degree to Chief Information Security Officer (CISO): A Framework for Consideration Paper presented at 2020 ASEE Virtual Annual Conference Content Access, Virtual On line . 10.18260/1-2--34694

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2020 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015