While there are many excellent reasons for business schools to begin offering courses and specializations in cybersecurity, schools that choose to do so will need to consider two primary factors related to resource availability—faculty and curriculum.
. Probably the most challenging first step is for schools to have qualified faculty trained in this highly specialized area. Having the right professors will be especially important for schools that want to offer standalone bachelor’s or master’s degree programs in cybersecurity, because at that level they will need to meet AACSB faculty qualifications standards.
While there is only a small pool of qualified candidates with PhDs in this field, many schools have successfully adopted a “grow your own” strategy. Schools work with current faculty members who have doctoral degrees in foundational disciplines, and the schools invest in professional development for these individuals to fill gaps in education or experience. Once schools have committed to cybersecurity programs, they must make sure they have enough faculty to deliver the courses. They don’t want to risk being unable to sustain these programs if key faculty depart.
Schools can support faculty’s ongoing efforts to maintain relevance in the cybersecurity field by providing them opportunities to view webinars, attend conferences and seminars, and keep up with professional reading. Professors can get a good feel for the best professional conferences by visiting Digital Guardian’s “Top 50” list (see digitalguardian.com/blog/top-50-must-attend-information-security-conferences). Another source for conferences, webinars, and training is ISACA, a global nonprofit focused on the development of knowledge and practices for information systems (see isaca.org). Faculty also should cultivate relationships with practicing information security professionals as a way to maintain currency and keep the curriculum relevant.
. Developing a forward-looking, rigorous, current curriculum is no easy task. Deans and school leaders should start by benchmarking against peer schools that have similar resources to get an idea of various structures and curriculum content they could adapt for their own programs.
They also should consider these key questions: Will they deliver all or part of their programs online? What learning facilities, labs, and/or software do they need to support the curriculum? How will they recruit students? What kinds of jobs will they prepare their students to take? How will they place their graduates? School leaders should design their curricula with the answers to these questions already in mind.
At Missouri State University, we have built a master’s in cybersecurity program around what we call the “three pillars of cybersecurity.” The technical pillar covers hacking techniques and incident response options, cloud computing, network security, web application security, and computer forensics. The policy/compliance pillar deals with IT legal issues in cybersecurity and includes a seminar course in cybersecurity focusing on policy. The behavioral pillar deals with organizational behavior and project leadership; it includes a seminar course in social engineering. Our program includes both seated and online courses. Students in our online courses access tools via the cloud. Students in our seated courses utilize our cybersecurity lab to become familiar with best-of-breed security tools used in the industry.
Developing a first-rate cybersecurity program is a daunting task that requires commitment from both faculty and administration. However, schools that educate their students to be highly competent in the knowledge economy will reap dividends at the reputational level as they produce some of the most sought-after graduates in the market.
Stephanie M. Bryant is the dean and David D. Glass Leadership Chair at the Missouri State University College of Business in Springfield. She is chair of the AACSB Accounting Accreditation Committee.