Professional Documents
Culture Documents
Rep 3
Rep 3
Rep 3
I. A BSTRACT
In response to the escalating number of cyber incidents and the pressing shortage of skilled professionals
in the field, there is a compelling need to assess the disparity between the education provided in cyber
security and the actual requirements in the industry. Consequently, the primary aim of this study was to
pinpoint the knowledge gaps present in recent cyber security graduates as they enter the workforce. To
achieve this, I devised and executed an opinion survey based on the Cyber Security Knowledge Areas. Our
data was collected from practitioners employed in various cyber security organizations. To evaluate the
knowledge gap, we treated the data as nominal and applied the chi-squared test to enhance its accuracy.
The analysis revealed a noticeable knowledge gap that could be leveraged to enhance the quality of cyber
security education. The final results indicated that three specific Knowledge Areas (KAs) exhibited the most
significant knowledge gaps: Web and Mobile Security, Security Operations, and Incident Management.
Furthermore, we observed that Cyber-Physical Systems (CPS), Software Life Cycles, and Vulnerabilities
exhibited the most substantial disparities in perceived importance between less experienced and more
seasoned personnel. In response to these findings, I propose several recommendations for refining the
cyber security curriculum to bridge these knowledge gaps effectively. It is imperative that higher education
institutions provide top-notch cyber security education to elevate the qualifications of future professionals.
The competence and readiness of the national cyber security workforce hold paramount importance for
both nations and security organizations. This encompasses a diverse array of skills, encompassing technical
prowess, implementation abilities, managerial competencies, and soft skills, which must be instilled in
recent cyber security graduates. This groundbreaking study marks the inaugural exploration of this subject
matter, and it is anticipated that this research will serve as a source of inspiration for further investigations
in the field.
Index Terms
Cyber Security · Data Analysis · Education · Knowledge Gaps · Skill Gaps · Survey
II. I NTRODUCTION
Cyber security professionals play a pivotal role in ensuring the safety of institutions and nations. The
greater the experience, productivity, and education of these professionals, the more effective they become.
It is essential for academia to recognize the key disparities between what is taught at universities and the
expectations of the industry.
Highly skilled cyber security experts significantly outperform their less proficient counterparts, enabling
nations to effectively address cyber security challenges in a timely manner. Consequently, countries are
actively working to bridge the skills gap in cyber security through collaborations between industry and
government entities and educational institutions. An illustrative example is the Cyber Security Challenge
UK, a non-profit organization that has orchestrated multiple security competitions to address the shortage
of skilled cyber security professionals in the UK and enhance their capacity [1].
The Center for Strategic and International Studies (CSIS) conducted a comprehensive survey on cyber
security skills in eight countries in 2016. The findings revealed that 82 percent of employers acknowledged
a shortage of cyber security skills, with 71 percent stating that this gap had detrimental effects on
their organizations [2]. The CSIS study also highlighted that skills related to cyber security operations,
particularly intrusion detection and secure software development, were the most challenging to find [2].
While the workforce shortage applies to virtually all positions in cyber security, the demand for highly
skilled technical expertise is particularly acute [1]. Similar shortages of these skills have been reported
in the field of software engineering. To address these gaps in new hires, companies invest resources in
training [2]. Like software engineering, the cyber security field faces a parallel challenge of aligning the
knowledge imparted in universities with the actual needs of the industry.
My contributions to this study are listed as follows:
• As far as I am aware, this study is the first study in Bangladesh about the knowledge gaps and skill
gaps among cyber security professionals.
• Instead of concentrating on software engineering, I used the necessary statistical analysis techniques
and focused on cyber security.
This research can be performed in different countries with similar experiments and protocols to improve
the cyber security education.
• RQ 1: What are the most significant aspects of Cyber Security? This RQ has been divided into the
following two sub questions:
– RQ 1.1: What are the key points of Cyber Security?
– RQ 1.2: How do experienced practitioners and recent graduates understand the importance of
knowledge areas differently?
• RQ 2: What is the importance of Cyber Security perceived in the workplace compared with the
knowledge acquired at institutions?
• RQ 3: What knowledge areas of Cyber Security are mostly adopted by experts and what areas have
the largest gaps?
B. Survey design
[3] developed an online survey to get the opinions of practitioners. The questionnaire starts with several
number of demographic questions, comprising degrees, roles, and graduation year. Participants have been
asked what they obtained during their university education on the 19 knowledge areas. An overview of
the 19 knowledge areas provided in Fig. 2.
C. Data Analysis
The survey comprises sequential (i.e., ordinal) data for significance of knowledge and subjects instructed
in the university. The sequential data can be utilized as nominal data. The graduation degree acquired by
students (e.g., BSc, MSc, PhD) can be an instance of the nominal data. The no of 60 student responded
the survey given in the Table - I and also no of 60 cyber security expertise responded in this survey which
is shown in Table - II.
Fig. 2. Knowledge Areas (adopted from [3]).
TABLE I
ACADEMIC DEGREES OF RESPONDENTS (N=60) [3]
TABLE II
C YBER S ECURITY E XPERTISE RESPONDENTS (N=60) [3]
VII. R ESULT
Cyber security programs must be enhanced based on the needs in cyber security industry and this kind
of research is one of feasible approaches to determine the potential problems in the education system.
VIII. C ONCLUSION
We were able to find appropriate participants in this research, however, it would be better if we could
increase the number of participants in further research. Further there is a need for more education,
researches, training programs and responsibility when it comes to safeguarding Bangladesh’s cyber space.
The following recommendations are provided for educators:
Recommendation-1: I suggest educators to design new courses on web and mobile security, security
operations and cyber security systems.
Recommendation-2: Practical sessions led by industry experts are also suggested to train the students.
Recommendation-3: To arrange short-term and long-term internship opportunities for the students/graduates
on the topic of Cyber Security
R EFERENCES
[1] Ahmed, Irfan, and Vassil Roussev. ”Peer instruction teaching methodology for cybersecurity education.” IEEE Security & Privacy 16.4
(2018): 88-91.
[2] Rashid, Awais, et al. ”Scoping the cyber security body of knowledge.” IEEE Security & Privacy 16.3 (2018): 96-102.
[3] Catal, Cagatay, et al. ”Analysis of cyber security knowledge gaps based on cyber security body of knowledge.” Education and Information
Technologies 28.2 (2023): 1809-1831.