[ISN] New face of tech security

InfoSec News isn at c4i.org
Fri Jan 13 05:18:54 EST 2006


http://www.twincities.com/mld/pioneerpress/13604543.htm

BY LESLIE BROOKS SUZUKAMO
Pioneer Press
Jan. 12, 2006

When 23-year-old David Luttrell gets his master's degree in
information technology a couple years from now, he doesn't want to
work with computers - he wants to work with the people who work with
computers.

"Ideally, it'll be something where I'm managing a (computer) security
department or regular IT department," the Metropolitan State
University student from Rush City said. "I don't want to be the guy
rolling up his sleeves and up to my elbows in wires."

Luttrell is not your classic geek. He has a bachelor's degree in
business and discovered his affinity for computers after the trucking
company where he works introduced automation not long ago. He's now
interning part-time at the state Department of Revenue's
security-conscious technology unit.

If the state of Minnesota has its way, Luttrell and others like him
may become the new face of computer security.

The state has seeded a new program at the Twin Cities' Metro State to
create advanced courses and curriculum in computer security. It wants
to bridge the chasm between the basement server room where a company's
IT workers toil and the corner suites where the executives hang out.

In a world where new computer vulnerabilities are discovered weekly,
the need for more technology bodyguards is no longer questioned. By
2008, the research firm IDC believes more than 800,000 new security
professionals will join the 1.3 million already employed.

But the real problem in security isn't finding technicians who know
how to cobble together a decent firewall, according to St. Paul
computer consultant Mike O'Connor. It is finding managers who can
write sound security practices and help executives use technology to
comply with new financial reporting and privacy laws like Sarbanes-
Oxley.

"It's the business stuff they need to know. Those folks are really
scarce," O'Connor said.

So this fall, the state awarded a $4.8 million "center of excellence"  
grant to Metro State to create both undergraduate and graduate
programs in computer security.

The state's vision is to build a center that would train a cadre of
future information security managers and executives who would be
closely tied to Minnesota businesses.

Metro State officials have classes approved by the National Security
Agency for its still-developing Center for Strategic Information
Systems and Security. Classes began in September but the center
doesn't expect to hire a director until February.

Those courses will lead to four-year bachelor of applied science
degrees in computer security or computer forensics, said Steve
Creason, associate professor in the university's College of Management
and one of the architects of the program.

The two-year master's program in which Luttrell is enrolled combines
both business and technical training. A Ph.D. program could be down
the road too, Creason said.

The state hopes the center could crank out not just new workers or
research but maybe even spawn a mini-industry devoted to computer
security and the burgeoning area of Internet telephony. Other states
have the same idea, though, and this could provide some competition
for the Minnesota program.

Iowa State University in Ames has an advanced computing center to help
develop the next generation of data security. Dakota State University
in Madison, S.D., offers bachelor and master's degree programs in
"information assurance" also certified by the NSA.

All of these programs are so new that it's hard to assess them. It's
probably safe to say, however, that the most rigorous of the new
programs, announced in December, is offered by the SANS Institute in
Bethesda, Md. SANS is renowned as one of the world's largest sources
of information security training and certification and as the operator
of the Internet Storm Center, an early warning system for viruses and
worms.

The Maryland Higher Education Commission has approved separate
master's degree programs in security engineering and management at
SANS, designed for people from around the country who have been picked
to assume leadership roles by their companies, said Alan Paller, SANS
director of research.

"American corporations are being riddled by (computer) attacks - they
are being defended very badly," Paller said.

To develop its four-year program, Metro State partnered with existing
two-year programs at Inver Hills Community College in Inver Grove
Heights and Minneapolis Community and Technical College. The three
schools are cooperating to allow graduates from the more technically
oriented two-year programs at the colleges to transfer seamlessly to
Metro State and finish up in only two more years.

Focusing on a niche like computer security and Internet
telecommunications allows universities like Metro State "to get away
from being plain vanilla schools," said David Anderson, dean of the
center for professional development and work force development at
Inver Hills Community College.

The program also could raise Minnesota's profile by letting its
students test ideas in real workplaces, turning the program into a
security "proving ground," added Ken Niemi, vice chancellor for
information technology at the Minnesota State Colleges and
Universities, which oversees Metro State.

-=- 

Leslie Brooks Suzukamo covers telecommunications and technology and
can be reached at lsuzukamo at pioneerpress.com or 651-228-5475.





More information about the ISN mailing list