![What role does higher education play in cyber? [CISOP] - CyberWire Daily cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2Fcbeb4202-17e0-11f1-b45b-efea9e365dff%2Fimage%2F4576c79a6260b29daaff0ea0480913c0.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1200&q=75)
CyberWire Daily: CISO Perspectives
Episode: What role does higher education play in cyber?
Date: March 10, 2026
Host: Kim Jones (N2K Networks)
Guest: Dr. Lara Ferry, Vice President of Research, Arizona State University (ASU)
Episode Overview
This episode explores the nuanced relationship between higher education and the cybersecurity industry. Host Kim Jones and guest Dr. Lara Ferry dive into the value of college degrees, the structure and challenges of academic programming, the balance between theoretical and hands-on training, and the critical collaboration needed between academia and industry for workforce development. The conversation provides an in-depth, candid look at how universities are adapting to better prepare cyber talent—and the work that still needs to be done.
Key Discussion Points & Insights
1. The College or No College Debate (03:00 – 10:35)
- Main Question Explored: Do you need a college degree for a career in cybersecurity?
- Arguments Against College:
- Real-world experience is highly valued—setting up networks, using open-source tools, etc.
- Degrees are less relevant unless moving into management.
- Avoiding student debt is a concern as degrees often provide "minimum value" (03:40).
- Arguments For College:
- College develops critical thinking through a breadth of knowledge.
- Essential for creativity and innovation in cyber roles.
- Still, degrees are a choice—context and specific goals matter.
- Notable Reality Check:
- Many hiring managers still require a degree (over 60% surveyed), often in a technical field.
“53% of respondents required at least a four year bachelor’s degree, with 50% of that number requiring that degree to be in a technical field.” — Kim Jones (08:55)
- Many hiring managers still require a degree (over 60% surveyed), often in a technical field.
- Practical Considerations:
- Community colleges aligned with NSA standards can be a cost-effective option (09:35).
- Certifications and self-publishing/networks are important if forgoing a degree.
2. Mechanics of Academic Program Development (13:22 – 17:30)
How are university cybersecurity programs structured and evolved?
- Course Design:
- Each course must "matrix in" with others—clear pre-requisites and learning objectives ensure a coherent path.
- Academic freedom exists, but courses must align to overall program goals and deliver demonstrable skills.
"The course needs to be matrixed in with other courses...so that there’s value in it." — Dr. Lara Ferry (13:44)
- Industry Input:
- Academia welcomes input but each industry partner wants students trained for their specific needs, which isn't scalable.
- Preparing students for niche company systems would make them less adaptable for other roles or future changes.
"The problem with training a student to take a very specific role at a very specific company means that we have potentially trained them in a way that they cannot get a job at any other company." — Dr. Lara Ferry (16:45)
3. Balancing Theory and Reality in Curriculum (17:30 – 21:00)
- Experiential Learning:
- Modern degrees, including at ASU, require experiential learning—internships, hands-on projects, etc.
- The balance of professors with industry experience and academics is emphasized.
- Advice: Prospective students should look for programs where such experiential learning is required.
4. Internships and University–Industry Collaboration (20:24 – 29:00)
- Academic Rigor in Internships:
- Internships carry academic credit and rigorous evaluation: contact hours, objectives, monitoring, and reflection papers.
"We’re actually awarding academic credit for this internship experience...That is our sign...that we value this as a part of your degree." — Dr. Lara Ferry (21:07)
- Internships carry academic credit and rigorous evaluation: contact hours, objectives, monitoring, and reflection papers.
- Shortage of Internships:
- Demand for real internships exceeds supply; a few companies carry most of the load.
- Many companies do not take advantage of unpaid, for-credit internship opportunities.
- University bureaucracy and unclear points-of-contact deter industry involvement.
- Finding the “Front Door”:
- At ASU, web pages for workforce development and designated contacts facilitate engagement.
- General advice: Find the cybersecurity program, identify school leadership or program directors, and directly reach out.
"Finding our front door can be a little bit challenging for folks." — Dr. Lara Ferry (26:31)
5. The Value and Evolution of University Education (29:17 – 34:34)
- Acknowledgment of Criticism:
- Universities recognize they've "earned" skepticism by being poor communicators about program value and slow to adapt.
- Initiatives at ASU: critical tracking of student progress, ensuring on-time graduation (four years), aligning program length to industry expectations, regularly reviewing curricular content.
"We do recognize that the workforce is changing...students shouldn't be asked to spend 5, 6 years at university and graduate in mountains of debt..." — Dr. Lara Ferry (29:48)
- Illustrative Example:
- Requiring more hands-on courses must be balanced with the credit hour cap for graduation, often forcing tough programmatic decisions.
- Professional skills, like communication, are crucial but sometimes undervalued by students or employers focused only on technical skills.
6. Mutual Responsibility: Industry’s Role in Cyber Talent Development (35:45 – 39:00)
- Call for Industry Ownership:
- Even when universities adapt curricula based on industry input, companies may still not offer internships or actively support students.
"When I've met with a group of 15 representatives from different industry...finally they all said, yes, you've built a degree you want. And then I can't place any in any interns at their industry." — Dr. Lara Ferry (37:15)
- Even when universities adapt curricula based on industry input, companies may still not offer internships or actively support students.
- Internship Conundrum:
- Employers seek experience from students but often aren't the ones providing opportunities to gain it.
- The practical experience gap persists, with good students still struggling for placements. Some progress is being made, but the gap remains.
7. Community College and Transfer Pathways (39:42 – 42:32)
- Effective Transfer Is Critical:
- Students should enroll in community college programs mapped to university articulation pathways, ensuring credits transfer seamlessly.
- Taking random electives can delay or prevent successful transfer.
"If you graduate with a particular degree from one of those universities, it maps into one of our programs...and you see how it articulates." — Dr. Lara Ferry (41:24)
Notable Quotes
-
On Diversity and Market Realities:
"In a career profession where people who look like us make up less than 15% of the population, you're going to give folks an excuse not to hire you when you have the means to do otherwise?" — Kim Jones (07:14)
-
On Experiential Learning:
“In all ASU degrees...the experiential learning part is a required element in the degree. And I would say that students...should look for a degree program that has that required experiential learning element.” — Dr. Lara Ferry (18:54)
-
On Academic–Industry Collaboration:
"Each company would like us to teach these students to code the way they code...so that company does not have to do any on-the-job training at all." — Dr. Lara Ferry (16:09)
“We need industry to take a chance on the students and place them in these internships so they can get the experience that the industry is looking for when they go to hire them.” — Dr. Lara Ferry (38:18) -
On Internal University Challenges:
“We call this the challenge. Finding our front door.” — Dr. Lara Ferry (26:21)
Timestamps for Key Segments
- Intro & Episode Theme: 00:11 – 03:00
- College or No College Debate: 03:00 – 10:35
- ASU & Dr. Lara Ferry Introduction: 10:36 – 13:22
- Academic Course Design Explained: 13:22 – 17:30
- Industry Input and Curriculum Balance: 15:30 – 17:30
- Practical v. Theoretical Learning: 17:30 – 21:00
- Internship Structure & Rigor: 20:24 – 22:28
- Industry Responsive to Internships?: 24:24 – 29:06
- University Communication & Program Evolution: 29:17 – 34:34
- Mutual Responsibility & Industry Ownership: 35:45 – 39:42
- Community College Pathways: 39:42 – 42:32
Summary and Takeaways
- There is no universal answer to whether a four-year degree is essential for cyber careers, but degrees (especially technical ones) still open more doors in the current job market.
- Academic institutions are increasingly responsive to industry needs, integrating experiential learning and adapting curricula—though communication about these efforts needs improvement.
- Industry partners must take more ownership by providing real internship opportunities and supporting students' transition from education to employment.
- Community college is a viable, affordable on-ramp to cyber careers—if students carefully pay attention to transfer pathways.
- The path to a cyber career is personal, requiring a balanced consideration of market realities, personal goals, and financial circumstances.
- Both academia and industry must continue to close communication and expectation gaps to prepare the next wave of cybersecurity professionals.