GW Research Spring 2014 Edition

Rush To Create Profession May Slow Efforts

Diana Burley
GW professor Diana Burley co-led a National Research Council study of whether and how to professionalize the diverse and fluid set of occupations within the field of cybersecurity. (Photo: Jessica McConnell Burt.)
May 01, 2014

Target and Neiman Marcus customers, many of whom have been victims of large-scale financial data breaches in recent months, are among the latest to discover what Diana Burley has known for years: Serious cyberattacks are a fact of consumer life. Any effective response to that threat will require a large and qualified cybersecurity workforce, but efforts to hastily professionalize such a broad group—through certification and licensure, for example—may actually be a stumbling block, according to a new report.

“You cannot professionalize a field; you professionalize occupations within a field,” says Dr. Burley, who co-led the National Research Council study and is an associate professor in GW’s Graduate School of Education and Human Development. Cybersecurity occupations, however, can be hard to define.

Many of the jobs under cybersecurity’s broad aegis vary based on context, or range across multiple disciplines. Cybersecurity workers might wear two or more hats, for instance as law enforcement or health care professionals. And knowledge within cybersecurity is evolving rapidly.

The field’s knowledge base will by nature never be static, Dr. Burley says, but in order to begin to professionalize “it needs to be stable enough that we can identify core principles, in particular occupational categories.”

She is careful to emphasize, though, that none of that is to suggest that cybersecurity professionalization is not needed— only that an oversimplified, blanket approach to the process would be detrimental. Professionalization is intended to address specific deficiencies within an occupation, and the remedies need to match the problems.

Dr. Burley recalls a meeting with congressional aides who emphasized increased educational standards. When she asked what problem they hoped these new standards would solve, a staffer replied: “Well, there aren’t enough people going into the field.”

The conversation was illustrative, Dr. Burley says, of the fundamental mismatch between problem and remedy that results from a panicked rush to professionalize.

“If you’re not careful and thoughtful about [professionalization],” she says, “you will end up doing more harm to the development of this workforce than good.” And that, as anyone whose personal information has been compromised online will agree, is something no one can afford. —Ruth Steinhardt