The EU needs more cybersecurity graduates to plug the political bloc's shortage of skilled infosec bods, according to a report from the ENISA online security agency.
The public sectors of EU countries should "support a unified approach" to infosec-focused higher education, it says, addressing an issue that is by no means unique to the bloc.
In a new report titled "Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education", academics Jason Nurse and Konstantinos Adamos, together with ENISA's Athanasios Grammatopoulos and Fabio Di Franco, said the European Union needs to get more students signing up for cybersecurity degrees.
The report found that the majority of cybersecurity degrees offered across the 27-states – 77 per cent – are at master's degree level. Just under a fifth (17 per cent) are undergraduate degrees while 6 per cent are at "postgraduate" level.
Professor Nurse, of the University of Kent, told The Register that infosec degrees are a valuable method of training new professionals for the industry: "A multi-tiered approach stands a much better chance at a long-lasting solution."
He added: "Professional certifications are valuable but these often only come into play for professionals already in industry. By developing the skills of students in higher education, it raises the base level of future professionals and develops a more sustainable pool of individuals that can work in – and are initially trained for – the infosec sector."
The UK has a small but growing infosec degree programme of its own, with the National Cyber Security Centre sponsoring degree programmes at similar academic levels. A list of those degrees is on its website.
Nurse said of the ENISA research that while degree programmes in EU universities broadly meet the EU infosec industry's needs, the "less technical" sides of cyber security need more focus.
"The reality," he told us, "is that cyber is not purely technical and topics like governance, risk, compliance and law will become more important in the future."
Cybersecurity education is a hot topic in the West with demand for skilled infosec personnel rising higher and higher amid weekly attacks on the public and private sectors.
- Give put-upon infosec bods professional recognition to keep them working for you, says chartered institute
- Why waste away in a cubicle when you could be a goddamn infosec neuromancer on £50k*?
- Cyber security: Do the experts need letters after their name?
- How good are you at scoring security vulnerabilities, really? Boffins seek infosec pros to take rating skill survey
While industry has a bewildering array of certifications available for infosec personnel, many of them are aimed at people who already have professional experience in the workplace.
Yet the quality of education offered through cybersecurity degrees is vital, even if they're not always a method of breaking into the industry for people with minimal tech skills.
Nurse said: "In my opinion, the prominence of master's programmes as compared to undergraduate degrees is not necessarily because of the prerequisite need for a great degree of computing skills. This may be more an artefact of how a majority of existing masters courses have been developed – and the harsh truth is that unfortunately, many people still view cybersecurity as just an extension of computing."
Back in September Britain's Chartered Institute of Information Security recommended giving existing staff professional accreditations to promote loyalty and retention. A few years ago the UK government launched its Cyber Skills Immediate Impact Fund, trying to tempt Britons into retraining with cyber security skills - but that was mainly focused on funding vocational skills courses and certifications, rather than academic education.
Perhaps a mix of hands-on British knowledge and EU theoretical grounding is what will pave the way for future successful cybersecurity ventures? ®