Applying Medical Internships to InfosecCollaboration Underway to Form IT Security Residency Programs
American graduate schools hand out master's degrees in IT security to a lot of very smart individuals. But despite their "book learning," not all of these people have the work experience to be effective on the job from day one.
"We have a deficit of those individuals who can pick up the ball and run with it very quickly," says William Pelgrin, chief executive officer of the Center for Internet Security, the not-for-profit organization that runs the Multi-State Information Sharing and Analysis Center, known as MS-ISAC.
What we want is not only well-educated graduates, but those who also can walk in to a position and actually start a case immediately.
"People are coming out of the academic institutions really well educated," he says in an interview. "What we want is not only well-educated graduates, but those who also can walk into a position and actually start a case immediately and understand how to do that case, what to look for, how to analyze it, how to do the forensics that make a difference in the ultimate goal of the security of that company."
Pelgrin isn't just lamenting the situation, but is doing something about it.
Modeled on medical internships, the Center for Internet Security is teaming up with the State University of New York at Albany and the City University of New York to create a residency program, initially aimed for those who just earned a graduate degree in information security. Pelgrin, the onetime chief information security officer of New York State, says the program could start as soon as this fall.
Details of the program are still being worked out, and Pelgrin says other colleges have expressed interest in establishing such a program through his organization. Initially, the program would have about 10 residents and last for one semester, although he sees the program being expanded to as many as three semesters. In the program, residents would work side by side with experts in forensics, reverse-engineering and cybersecurity analysis.
Employing real-life cases, the residents would conduct cyber forensics examinations to determine what occurred, how it happened and the consequences of the incident, and then submit a report with the findings and recommendations.
The Center for Internet Security is seeking private companies to help fund the program, and hopes some of those sponsoring organizations would hire the residents as interns after they finish their residencies. Pelgrin sees the program as a workforce feeder system to organizations in need of qualified IT security personnel.
The residents of the program -- which doesn't have a name yet - would receive a stipend and pay no tuition. Yet, they would be expected to donate time during the residency at libraries, schools or senior citizen centers teaching others about cybersecurity.
Pelgrin says the residents should - as he does - feel fortunate to be in the position they find themselves and give something back to the community.