SNHU Launches Full Bachelor's in Cybersecurity Program

If you have something valuable, odds are there is someone else who wants it. That's as true online as it is anywhere.

That's one of the reasons behind the new bachelor's in cybersecurity being offered by Southern New Hampshire University (SNHU) beginning in September. The four-year, competency-based program will prepare students to take on the tasks of a security analyst by helping them develop the skills required to work as a security analyst immediately after they graduate, said SNHU Associate Dean Jonathan Kamyck.

"We want students to be able to be effectively operating day one after graduation," he said. "We want to give them all the tools, techniques, methods (and) tradecraft necessary to succeed out of the gate."

What Is Cybersecurity?

Cybersecurity analysts are charged with protecting their organization's computer networks and the information stored on those networks. There is a huge array of strategies and tactics that analysts have to develop to thwart hackers intent on stealing or otherwise accessing digital information without permission. Some of the duties a typical analyst performs, according to the U.S. Bureau of Labor Statistics, include:

• Monitoring computer networks for intrusions and investigate breaches if they occur.
• Using software to protect network assets.
• Documenting cyber attacks and breaches and assess any damage inflicted.
• Conducting "penetration testing," by simulating attacks to assess network defenses.
• Recommending security improvements to organization managers.

Security analysts are also tasked with developing or assisting in writing an organization's business continuity and disaster recovery plan, according to BLS. A recovery plan often includes preventative measures, such as routinely copying and backing up data to safe locations so it can be recovered in case of a cyber attack.

Analysts have to continuously stay up to date on new methods hackers are creating and the best practices being developed to combat them.

Although security analyst is a common job title, similar tasks are applicable in many positions, including:

• Security engineer
• Software development engineer
• Security manager
• Information technology security analyst
• Information security manager
• Information systems security administrator
• Security policy analyst

As cyber-based threats continue to mature and spread, more security analysts are being sought by companies. The field is expected to grow by 28% by 2026 and in 2017, analysts made a median salary of $95,510, according to BLS.

Cybersecurity Degree vs. IT Concentration

SNHU has long offered a cybersecurity concentration within its bachelor's in information technology program. Kamyck said the difference between a degree in cybersecurity and the IT concentration is a matter of breadth and depth.

"The (bachelor's) in cybersecurity ... is much more focused," he said. "... They are fully immersed in the life of a cybersecurity practitioner."

A concentration in cybersecurity under the IT umbrella is best suited to someone interested in working as an IT manager, someone who needs to understand the foundations of cybersecurity but isn't necessarily a practitioner. In addition to including a deeper dive into the skills a security analyst needs to develop, the SNHU program is structured around concepts of systems and adversarial thinking. These concepts, Kamyck said, are critical to developing the "security mindset" needed to defend against an adaptive enemy.

"You have this cycle of competition between the good folks and the bad folks, so to speak," he said. "There's a huge demand for (security analysts) because they help organizations that weren't built to handle these types of threats continuously adapt and continue to operate in spite of them.

Building a New Kind of Cyber Degree

Cybersecurity was a good candidate for a new kind of online program because the discipline is skill-focused and can effectively leverage online labs and simulation environments. The requirement of ensuring students develop "day one operating capabilities" in their post-graduate careers influenced overall program design. Each cybersecurity course is based on three competencies students will master, Kamyck said, calling the program "lab-intensive and biased towards authentic, practical work-related performances"

Dr. Dennis Backherms, who worked in the private sector before coming to SNHU as a technical program facilitator, described the projects as something that "shrinks the gap" between what students are learning throughout courses and demonstrating discrete job-relevant skills.

"It's really different," he said. "It brings a lot of hands-on, real-world, relevant experience into the course."

Kamyck said the program focuses heavily on using fundamental security design principles to help solve security-related problems in areas like:

• Computer Networking
• Systems Security
• Application Security
• Incident Response

Students are also provided with opportunities to improve their skills in computer scripting and programming. The overall goal is to prepare students to work as security analysts - the role they're most likely to fill immediately following graduation.

Kamyck said the first and most important step in developing the new program was aligning it with the National Security Agency's Center of Academic Excellence in Cyber Defense Knowledge Units and Topics. This standard is widely regarded and helps to ensure the program includes the critical skills and abilities students will need to succeed in the rapidly changing field of cybersecurity. The program also incorporated standards from the Cybersecurity Education Consortium and the National Initiative for Cybersecurity Education to ensure that a variety of expert perspectives are represented, Kamyck said.

Why Cybersecurity is Vital

Cybersecurity attacks can be devastating. In 2017, "Wired" magazine published an article with just some of the most impactful breaches of that year, including the theft of National Security Agency's spying tools, the WannaCry virus that spread worldwide and crippled thousands of networks including those of large companies, public utility companies and the United Kingdom's National Health Service.

The threats, Kamyck said, are everywhere and targets are not limited to government agencies and Fortune 500 companies. In its "2017 State of Cybersecurity in Small & Medium-Sized Businesses," the Ponemon Institute reported startling numbers based on survey responses, including 61% that said they were affected by a cyber attack and 52% that said they were targeted by a ransomware attack.

Before computers and computer networks became so integral to business, many companies focused solely on their product or service and finding ways to develop marketplace advantage. Many companies were founded and developed before cybersecurity was a concern and have since had to integrate safety measures with other business imperatives.

"There's no industry that isn't touched by cybersecurity because they're all connected and are all under attack," Kamyck said. "There's a huge demand for (security analysts) because they help organizations that weren't built to handle these types of threats adapt and continue to operate in spite of them."

Joe Cote is a staff writer at Southern New Hampshire University. Follow him on Twitter @JoeCo2323.