Conclusion, Recommendations, and Resources
Conclusion
In terms of staffing, cybersecurity and privacy are relatively small but quickly growing areas within higher education. As institutions continue to collect more data and adopt new technologies, security and privacy threats and risks will only continue to grow. As a result, cybersecurity and privacy responsibilities will continue to become more complex and far-reaching, necessitating a larger workforce made up of professionals with increasingly diverse and specialized knowledge and skills. To foster a thriving cybersecurity and privacy workforce, institutions should find ways not only to address immediate issues such as staff recruitment, retention, and workload but also to strategically anticipate and plan for the evolution of the two areas, in addition to providing adequate support and opportunities for personal development and growth.
Recommendations
We asked respondents to identify ways in which their institutions could better support their professional development. In their open-ended responses, not only did they identify areas of need related to professional development, but they also identified areas of need relating to their overall ability to perform their work proficiently. Three major areas of need were identified:
Executive buy-in. Respondents identified areas that need more buy-in from stakeholders, especially from top-level executives. Mainly, they noted the need for more support for staff development and training, part of which includes flexible funding options to pursue these opportunities. Respondents also noted that they would like more encouragement from leadership to pursue development opportunities, establishment of a culture in which professional development is more highly valued, and better communication about what financial and other resources are available to support these pursuits.
Time and workload considerations. Time and workload considerations were identified by many respondents. In their responses, they noted that there is a need for reduced workloads to allow not only better job performance but also the pursuit of professional development opportunities. Respondents recommended addressing staffing issues to reduce excessive workloads in addition to allocating designated time to spend on professional development and training.
Improved and additional training opportunities. Respondents highlighted a number of areas in which they felt there could be improved or newer and more mature training opportunities. Specifically, they identified the need for cross-training, management and leadership development, opportunities for up- and re-skilling, and, overall, more robust and easy-to-access training (e.g., in-house and on-campus training programs tailored to meet the needs of individuals in a variety of cybersecurity and privacy roles). Many respondents also expressed a desire for formal mentorship and shadowing programs to help them flourish professionally.
Resources
EDUCAUSE Professional Pathways. For more information on navigating the information security career pathway, check out EDUCAUSE's Professional Pathways: The Information Security Pathway. Professional Pathways can help individuals identify knowledge and skills needed across various career stages. Through this site, you can also access toolkits that will help guide professional development needs and goals.
EDUCAUSE Cybersecurity and Privacy Managers Institute. The EDUCAUSE Cybersecurity and Privacy Managers Institute provides first-time and aspiring managers in cybersecurity and privacy roles with the foundational skills critical for managing and supervising information security projects, units, and people. The institute provides a comprehensive view of the role of manager as well as specific skills development in key management areas, including interpersonal communication, project management, cost management, performance management, and leadership.
Higher Education CPO Primer. The Higher Education Chief Privacy Officers Working Group has created The Higher EDUCATION CPO Primer, which is a welcome and how-to kit for CPOs in higher education. The CPO Primer is intended to provide an overview and introductory knowledge to help new CPOs (or those new to higher education) better understand their job and the challenges unique to colleges and universities.
Cybersecurity and Privacy Guide. EDUCAUSE’s new Cybersecurity and Privacy Guide provides several key resources that institutions can share with their staff to help them advance their workforce knowledge and skills, including a section on Educating the Cybersecurity Workforce.