Security Ascent

Everything used to be better! Networks were secured with packet filters, far down in the OSI reference model (on layer 3 or 4). Access rights were regulated on machine or operating system level, programming was done in assembler or C - all nice and low-level!

Ah, the good old days, when we still had a net perimeter and clear enemy images: outside was bad, inside was good - and viruses were caught via infected floppy disks!

At that time, "all areas of security" - i.e. firewall and virus protection - were covered by a single admin, who was also responsible for the administration of the (of course internal) mail server (UNIX sendmail - no Exchange!).

Emancipation and valence

But let's face it: (in)security has moved up - up in the layers of the OSI reference model. Most attacks today take place at the presentation or even application layer.

For security managers, this development means that it is no longer enough to deal with networks, firewalls and a handful of operating systems to protect corporate networks, applications and users.

They must be familiar with the peculiarities and special requirements of a wide range of applications - and often better than their users. Today's security experts no longer resemble general practitioners, but rather vascular surgeons.

They often specialize in a particular aspect of the complex security stack we find in enterprises today: OS security, firewalls ("application-aware, next generation," of course), IDS/IPS, multi-factor authentication, cryptography, database security, cloud security, and more.

Securing complex, heterogeneous enterprise IT infrastructures therefore usually requires a number of such highly specialized cyber security specialists.

However, this veritable army of IT defenders must be recruited and trained somewhere and ideally have several years of relevant experience before CISOs entrust them with securing mission-critical IT systems. Unfortunately, there are very few offerings in the academic environment that specifically address the complex of topics of IT security or even explicitly cyber security.

Teaching and research

This lack of non-commercial training opportunities creates a problem that many companies are facing today: There are simply too few cyber security experts!

ISACA (Information Systems Audit and Control Association), an association of international experts in the field of IT systems auditing, predicted back in 2016 that there would be a shortage of two million cyber security experts worldwide by 2019. Given the unexpectedly strong increase in hacking attacks, malware distribution and data theft, the actual number will be even higher.

For those interested in technology, this cyber security know-how vacuum in turn means interesting career opportunities, attractive salaries and an almost free choice of exciting places to work, because the demand for cyber security experts is already growing about three times faster than the general demand for skilled workers in the IT segment. Security has taken on a lasting significance.

These rosy prospects are, in my opinion, many times better if said future cyber security experts specialize analogous to brain-vascular surgeons: to SAP cyber security experts - security career advancement guaranteed!