The number of jobs in the ICS Security category is growing quickly. Asset owners, ICS and ICS security vendors, integrators, consulting firms, and governments are all trying to hire ICS security talent from a limited talent pool.
The most common solution to grow ICS security talent is to poach from fields that have some of the required background, such as IT security or engineering, and train them up on the missing knowledge and skills. This has proven to be incredibly effective if the person wants to be in ICS security, don’t try to make a reluctant engineer do ICS security, and the person is willing to approach the areas they lack knowledge in with a beginner’s mind.
However, with the forecasted need for ICS security talent looking to be growing for the foreseeable future, isn’t it time for our educational institutions to begin to provide graduates with the necessary knowledge and skills to obtain an entry level ICS security job?
The good news is colleges are starting to do just that. I was thrilled to include in my Friday News & Notes that Joel Langill’s new ICS security course is being offered to students at Texas A&M.
Art Conklin at University of Houston has taught in the past CIS 6357 Control System Security. With the energy industry nearby, it’s unsurprising that some of the Texas institutions are offering ICS security courses.
There are likely many other courses and series of courses, like Wilmington University’s four course series, on ICS cyber security. These courses are a step in the right direction. Perhaps the biggest benefit is the student will have a better idea if they want to enter to the field after taking the course.
What is really exciting is something like the two-year program Sean McBride and the team at Idaho State University have put together for an AAS in Industrial Cybersecurity Engineering Technology. Take a look at the curriculum and you will see a set of basic industrial cybersecurity courses and then electives such as Electrical Systems and Motor Control Theory, Process Control Theory, Digital Control Theory, and Electrical Automation Theory. Graduates will be baby unicorns (IT security, engineering, and automation skills) that could grow into the dream profiles of many asset owners. More likely is they will concentrate on one of the skills and have an appreciation and understanding of the others.
I interviewed Sean McBride for the Unsolicited Response show back in 2019 when the first students were going through the program. Like much in the world, the pandemic affected the ability to deliver this program, and more importantly the community’s ability to focus on this innovative effort. Now with students back in classrooms I hope that it gets more attention and is replicated in many universities across the country and world.
Large employers looking for ICS security talent can help by reaching out to their local Universities and letting them know they need graduates with ICS security skills, as well as being available to help with the teaching and curriculum. Idaho State University benefited by having Sean McBride, formerly with INL, Critical Intelligence and FireEye, head up the effort and having INL nearby. Having seen a number of academic “research” submissions for S4 be little more than showing Modbus TCP lacks security, it is very helpful to have real world assistance in the creation and execution of the program.
If you know of other colleges and universities offering ICS security courses and degrees please respond in the comments. Highlighting these will help both the employers and those looking to learn skills for this great job field.