Talent Shortage in Cybersecurity Industry Means MBAs Are in Demand
Baylor’s Cybersecurity concentration shows online MBA students how to combine business skills with an in-depth understanding of the industry and its needs.
The students in Dan Pienta’s Cybersecurity Fundamentals seminar find out pretty quickly that career opportunities in the industry are overwhelmingly in their favor. According to data from a Commerce Department grant, there are nearly 465,000 job openings, with a total employed workforce of roughly 955,000.
A report by the SANS Institute found that the percentage of cybersecurity job candidates who have the requisite skills was less than 10 percent. “A lot of those applying do not even demonstrate the entry-level skills to get into cybersecurity, which is a little bit alarming,” Pienta said. “It is in demand, you can see the need, and when you look at the projected growth in the industry versus the number of people who can fill it, it usually tells you there is a zero percent unemployment rate.”Dan Pienta
His class is a core course in the Cybersecurity concentration for Baylor’s online MBA. Pienta calls it an introduction for the “cyber curious.” Students range in age from their 20s to 50s, and most of them say getting an MBA is something they have always wanted to do. For many of them, exploring cybersecurity opens an unexpected door.
“If they are curious about it, it is a great way to start learning,” he said. “There is a broad range of career paths that they can go into. We think of security as a technological path. But what my class tries to introduce is that the cybersecurity industry is a lot broader than someone sitting in front of computer screens detecting threats.”
Cybersecurity Needs Big-Picture MBAs
One of the most important points Pienta tries to convey to students is how cybersecurity is not just about technology; it is about understanding the needs of the wider organization, from its mission to regulators to a host of stakeholders.
“Yes, you need basic technological skills,” he said. “But it is also about grasping the big picture—technology, people and processes. Do you understand people and how they work in the organization in order to draw up compliance policies and processes that work?”
This is the sweet spot where having an MBA with a cybersecurity concentration is a huge advantage.
“It is important to understand that security is not technical alone,” Pienta said. “It is about understanding risk. Businesses have to function, but they also have to be secure at the same time. MBAs can be effective here because they have that understanding of the business domain and context.”
The industry has become more specialized in the last couple of decades, moving out of the IT department and now more woven into the organization as a whole.
“It is a broader, enterprise-wide approach to security,” Pienta said. “It used to be this idea that it is technology, it is an IT problem. Now it is a specialized skillset not grounded in technology alone. It is an essential business capability, and it has spawned companies that specialize in niche-based cybersecurity needs such as training and awareness programs.”
In addition to Pienta’s class, Baylor’s Cybersecurity concentration offers three other courses that cover security policy and planning, tech factors, and cyber warfare and vulnerabilities.
Puzzle Solving, Communicating and Other Skills
Good cybersecurity professionals share common talents and interests. One is a penchant for solving puzzles.
“Do they think outside of the box? Do they have patience to see what is happening in the organization—the technology, people and processes—and are they able to investigate potential incidents appropriately?” Pienta said.
Another essential skill is communication, particularly the ability to translate highly technical information into things that nontechnical people can understand. “Can you abstract complex information to a concrete level across the organization, and can you do that both verbally in presentations and writing?”
An ability to focus on the details is also crucial, especially in analyst and intrusion detection roles. “They have to pay attention to what is going on with large amounts of information, looking for triggers or flags in the systems and using judgment to decide which to elevate and investigate and which are real problems.”
Good cybersecurity professionals also have a strong ethical sense. They have a great deal of power in the organization, being privileged to a lot of sensitive information. Industry standards and regulations are only starting to come out, so having an internal sense of ethics and following the company’s code of conduct can guide how to handle that and do what is best for the organization.
The Cybersecurity Job Market
The industry has a talent shortage in a wide range of jobs. In addition to SOC (security operations center) analysts who do intrusion detection to protect the company’s IT infrastructure, there are stress testers who identify and resolve security vulnerabilities in the company’s systems. Security auditors conduct internal reviews of security controls and information systems. A chief risk officer is accountable for managing the company’s risks and related opportunities. One of Pienta’s former students started as a SOC analyst and is now a chief risk officer.
For students who want to work in cybersecurity but lack the background, jobs are available. Faculty in the concentration help students connect the dots between cybersecurity and many of the skills, such as auditing, they may have used in other industries. With the combination of their MBA, general business experience and the concentration, they offer a formidable package of skills.
A Grounding in the Basics
The Cybersecurity Fundamentals course offers an industry overview. It is based on the kind of skills Pienta’s network of employers and former students are looking for in candidates: understanding, first of all, what cybersecurity is, then the intersection of artificial intelligence and cybersecurity, how the Internet of Things increases risk to the organization, and what malicious activity is and the technologies to address it. In the second half of the course, the focus is all on risk— how to balance business and security risk and countermeasures such as encryption that help achieve this balance.
“It is a lot of information packed in quickly, but it gives them this broad understanding of how we develop a layered defense in the organization,” Pienta said.
Pienta calls on former coworkers in the field to help students gain a footing. In his class last summer, a chief information security officer (CISO) who works at a Fortune 50 company met with the students in an evening session. For those students who knew they wanted to work in the field, Pienta set up mentorships with his contact.
“I am amazed at how involved Baylor alumni are and how they want the best for Baylor students,” he said.
That is one of the many ways Baylor students gain support for their career goals.
At Baylor, “one thing we have a great reputation for is ethics for our students,” Pienta said. “We have world-class faculty who are excellent in research but also teaching.” The relationship moves beyond the course, he notes: While still in school, students can connect with heavy-hitting peers—classmates who are risk officers at big banks, entrepreneurs or former military. Pienta and his colleagues offer advice to students who reach out after they have graduated, OMBA students get together with their online cohort on campus, and the OMBA office is in constant communication with students.
“They feel a part of the university and get ingrained in what it means to go to Baylor,” Pienta said.
A Mission to Protect
Pienta had a career in cybersecurity before becoming a professor at Baylor. With a self-developed background in auditing finance security systems, he expanded a spinoff of his family’s firm to a half-dozen large Midwestern cities. After 15 years, he decided to follow a desire to teach the next generation of security professionals, earning a Ph.D. at Clemson University in business administration with a focus on cybersecurity.
One thing never changed during his years in the industry, he said: a passion for the work.
“CISOs are looking for people who see cybersecurity as a mission. It goes beyond the job. You are called for it, and you are doing it for the greater good of society. It is a dedication you do not find in other areas of the business,” he said. For example, “CISOs and cybersecurity professionals at banks feel like they are protecting the economic system of the U.S. They have that higher calling.”
It is a facet of the work that Baylor is especially attuned to, Pienta added.
“When you get into cybersecurity, you will find that a lot of professionals have this mission to protect and this idea that we are doing something that is a little bit greater than the individual contributor because we are sharing information.
“For me as a professor, that is kind of what inspired me to get in there. How can I impact the world? And you can do that in multiple ways. Baylor is a Christian university, and part of my upbringing was always do service for others. I thought, being a professor, I could do this in a number of different ways—through research, teaching and interacting with students.”
Interested in learning how an Online MBA and Cybersecurity concentration can prepare you for in-demand roles in cybersecurity? Visit our online MBA and cybersecurity pages. Or complete the form below and one of our admissions advisers will contact you directly to help you determine the best path forward.