There is an old maxim in the real estate profession that is used when evaluating the value of a home. Realtors often speak of “location, location, location”, as if the customer involved in the transaction is so unaware of that factor that it requires the incessant repetition. In cybersecurity, however, one area that is in dire need of a recurrent reminder is the area of education, both of cybersecurity professionals, as well as targeting that specialized knowledge towards the education sector.

Resilience, and Investing in People

This year’s RSA conference was started with an inspirational keynote message from CEO Charles (Chuck) Robbins. The theme of this year’s RSA conference was resilience, which is also the key to effective cybersecurity. The vision for a post-pandemic world is one where Cisco will invest more to make the world a safer place, while carrying out that vision in less time than ever.

Part of Cisco’s investment in the future is not only about technology, it is about people. There are around 2.8 million cyber professionals globally, but there are currently more than 4 million unfilled cybersecurity jobs. There is no other industry where the open positions exceed the number of available positions at such a grand scale. This is the equivalent of the entire population of many small countries. Cisco is seeking not only to enable the workforce by looking at the existing talent pool, but by also tapping into unconventional places to find new talent. Unlikely security professionals exist in places like the local coffee shop, the mechanic’s garage, and even the prisons.

This extreme reach for diversity is rooted firmly in history. When the world needed to solve the encryption puzzle used by the enemies in World War Two, they sought people from all walks of life to decipher what seemed like an unbreakable code. They were not all mathematicians. They included librarians, psychologists, and even hobbyists who collected porcelain figurines.

Diversity is a force multiplier towards solving outwardly unsolvable problems.

An Unnoticed Target

Education towards creating a stronger workforce is useless if not applied to business sectors that need it the most. One sector where there is a need for cybersecurity professionals is the area of education. In the 2018 “End-of-Year Data Breach Report” issued by the Identity Theft Research Center (ITRC), there were over 1.4 Million records breached at educational institutions. These numbers closely matched the breach numbers of 2017 for the education sector. However, over the course of 2019, the breached records increased to over 2.4 Million.

While the education sector falls last among the five industries monitored in the ITRC reports, there appears to be a pattern emerging.

Wendy’s Keen Insights

Cisco’s Head of Advisory CISOs, Wendy Nather, and Dr. Wade Baker, of the Cyentia Institute opened the final day of the 2021 RSA conference with by asking the question “What (Actually, Measurably) Makes a Security Program More Successful?”

Wendy stated that she dislikes benchmarks, mostly because some people are not good at it, offering more opinion that measurable results. In order to measure success, we must be more interested in what works. Wendy and Wade drew upon the findings of the Cisco 2020 Security Outcomes Study  to discuss a methodology that is measurable, and actionable.

Follow the Patterns

The Security Outcomes Study findings are based on patterns, rather than raw numbers, and this is important when considering the rise in educational breaches. Valuable insights are derived by finding patterns in the data that show clear correlations between security practices, and the outcomes. As a cybersecurity professional, the idea of finding patterns that show clear correlations should resonate deeply, as this is a foundational tenet of your entire discipline of threat intelligence.

Ignoring a pattern just because it is deceptively insignificant at the time can lead to an instance of not seeing the shape of things to come. Are we on the precipice of witnessing a new target? The people at Cisco do not agree with the logic of ignoring it, hoping it will go away.

Why a School is a Good Target

It may seem like a school, or university is not a very lucrative target for a cyberattack, but when one stops to think about it, an educational institution contains a rich variety of valuable information, more than just the books in the student libraries and the fraternity and sorority houses.

Schools are fertile grounds for ideas, and inspirational knowledge. These are the roots of intellectual property.  In fact, some schools are branded as research universities. This means that the information about the students who are working on research, as well as the research itself, are viable targets for a cybercriminal.

How Cisco is Positioned to Protect These Valuable Assets

Cisco is uniquely qualified to protect all learning institutions by offering a wide range of security solutions and products to safeguard all educational institutions, from the earliest grades, all the way up to institutions of higher learning.

Whether it is managing the in-person and remote students and their mobile devices, to fostering a productive learning environment, to protecting sensitive student and research data, Cisco offers a wide range of solutions to meet your goals, and ensure an effective approach to your security vision.

There is more to a security solution than the platform. The depth of information, and flexibility and pragmatism is key towards a full security approach. As described by the CISO of Brunel University, “Cisco backs its products with engineers who are at the top of their game”.

To create a safe and secure learning environment by blocking cyberthreats—on campus or off learn more of how cisco can help here.


Peter Romness

Cybersecurity Principal, US Public Sector CTO Office