Cybersecurity Education: An Interview with Cal Poly’s CIO Bill Britton

Welcome to CloudTweaks, where today we’re diving into the evolving world of cybersecurity education with William J. “Bill” Britton. Bill serves as the Vice President of Information Technology and Chief Information Officer at Cal Poly, as well as the Director of the California Cybersecurity Institute. With a career that spans over two decades in various high-stakes tech roles, including significant time as an Intelligence Officer and Electronic Warfare Officer in the U.S. Air Force, Bill has been at the forefront of cybersecurity from its early stages. Today, he’s here to share his insights on how educational institutions can arm the next generation with the tools to tackle emerging cyber threats.

Cybersecurity Education Trends: What are the current trends in cybersecurity education, and how are universities adapting to meet these challenges?

We all know the classical approach to Cybersecurity education, which is through an academic or certification process. There’s a heavy reliance on computer-based training and it provides different levels of understanding to be tested classically.

The trend that we are currently pushing is a non-traditional approach, which is the use of gamification for the same training experience. Essentially, it’s a combination of a classical and a non-classical approach to evaluate different skill sets.

Strategic Goals for Cybersecurity Programs: What goals should educational institutions prioritize to effectively prepare students for careers in cybersecurity?

I like to look to the progressive cyber-educated states when setting goals for educational institutions. They have in their SOLs cyber-skillset development. They’re not just teaching personal skills like how to protect yourself, but they offer opportunities for growth and learning for employment in the future. I’d want educational institutions to included cybersecurity early on – all the way down to the elementary level. A lot of what we see in cyber-education is talking to the students about the relevance of cybersecurity, and that’s not really addressing the problem. We need to build external components to aid the teachers in the real education of cybersecurity. With the right tools, the teachers don’t need to be scholarly in this field, they just need the ability to support the students in learning.

Key Skills in Cybersecurity Education: What core skills and knowledge are essential for students pursuing a career in cybersecurity today?

This is all too often asked as a general how-to. My concern is that there are many different types of jobs in cybersecurity. If we are looking for basic, general skillsets, I’d start with being inquisitive. Number two would be reverse engineering/taking things apart and putting them back together, as well as the ability to understand systems of engineering. This is more of a hard skill to be taught. And then lastly, the desire to know and dig and learn until you find the answer.

Importance of Security Clearance Knowledge: Why is knowledge about the security clearance process important for students interested in certain cybersecurity roles?

A security clearance is a commitment in one’s life and to walk into it blindly is really a crazy way to do things. You should be fully knowledgeable about the security clearance process, and clearly understand what is being asked, why, and what it means for your lifestyle. Ask yourself “what does it mean for my job choices?” For example, people go into the military to serve, but they also should think of what that means for them from a security perspective.

Role of Industry Partnerships: How do partnerships with the private sector influence the curriculum and opportunities available to students in cybersecurity programs?

The private sector community is establishing more progressive roles in cybersecurity. The government has very standardized roles and is well-tuned. On the flip side, private communities expand into non-standard areas. Giving students access to the private sector community’s non-standard areas allows them to experience a whole different range of education in operations and more.

Addressing the Workforce Gap: What strategies can be most effective in addressing the workforce shortages in the cybersecurity field?

A lot more clarity is needed in what the skillset are for the cybersecurity field. I have interviewed a lot of employers and what they’re looking for is 8-10 years of experience who can do a big range of skills that may or may not be needed for the job. I encourage those employers to ask – do we really need all those years? Do we really need those specific skills? Does the employer even know what they need? I encourage employers to ask for advice from people in cybersecurity on what they need and be prepared to pay for the right person. 

Curriculum Updates for Emerging Threats: As new threats like generative AI emerge, how should cybersecurity curriculums be updated to keep pace with industry changes?

The answer is as technology changes, it has to be brought into the classroom. I wouldn’t say how, but I know for sure that it has to be there. Experiential opportunities have to be part of the curriculum. 

Expansion into Other Disciplines: Looking ahead, how might cybersecurity education intersect with other fields like engineering or public health?

There are as many rules in public health as there are in other industries. Understanding privacy, security, and avoiding data spills is on the shoulders of that cybersecurity specialist. Building the right people is critical to ensure the privacy of that information, and it has to be part of the conversation and design from the beginning. I know a lot of medical places with security people on-call, and I’d argue that’s not the best approach. 

Funding Impact on Cybersecurity Education: How does funding impact the development and expansion of cybersecurity programs in higher education?

On the academic side, the hardest part is the pay for the right professionals to teach the classes. Most cybersecurity professionals are out making major money in cyber field, as opposed to teaching the next generation. The big bucks are in the cybersecurity industry and government. Finding someone who has a passion to teach, and is willing to take a pay cut to do so is the biggest challenge. It takes a ton of dedication to find and sustain the right talent.  

Traits of Future Cybersecurity Leaders: What traits and experiences are crucial for cultivating future leaders in the cybersecurity sector?

I would go back to the need to be inquisitive. It’s also important to work as a team, find and acknowledge your limits. The biggest challenge of all is never saying “I don’t understand.” You need to have the desire to dig deeper and go further into the problem set. You aren’t going to always get it, but you must always be looking…

By Randy Ferguson