Frequently Asked Questions
Cybersecurity statistics indicate that 90% of U.S companies experience serious cyberattacks annually. Companies take in excess of 195 days on average to discover a data breach, and each breach costs an average of $3.86 million to abate. Across U.S. industry, ransom attacks alone average 5000 a day. Worldwide, the annual total economic cost of cyberattacks exceeds $100 billion. Cybersecurity is an enormous problem for the business sector. It affects their customers, their employees, their stockholders and their viability. With dramatic increases in cyber threats and an estimated 3.5 million unfilled cybersecurity jobs, the need for more students educated in cybersecurity is undeniable, a matter of national security (see NICE framework), and a Commonwealth priority (CCI, 2018). The need for cybersecurity professionals in the National Capital Region (NCR) is especially intense with more than double the cybersecurity needs of the New York metropolitan area, more than 5 times Boston area needs and almost 7 times the needs of Silicon Valley (Cyberseek, 2017). This enormous need and the impact of cybersecurity on the very survival of business entities and industries has prompted the Pamplin College of Business, and in particular, the Business Information Technology Department (BIT) to offer a new option in Cybersecurity Management and Analytics, which we call CMA.
With an understanding of the technical part of cybersecurity, expertise in cyber analytics and metrics, and knowledge of people and processes, the CMA option fills an important gap in cybersecurity education and operation.
In the development of this program, we were guided by an advisory group from industry, government and academia. The majority of programs in cybersecurity are technically focused, originating in engineering or computer science, but we found that businesses need more. Our industry partners tell us there is a great need for problem-solvers in this domain – problem-solvers who understand business processes and the impact of compromised assets, and who can communicate and implement a risk-based approach to security. Employers are seeking well-rounded individuals who can apply security expertise across a wide variety of business functions, partners and levels of management, and who can operate under pressure with a strong ethical backbone.
The CMA curriculum consists of Business core courses across the range of business functions, BIT core courses in advanced analytics and information technology, BIT electives and a five-course BIT Option in Cybersecurity Management and Analytics (detailed below).
Required Option III courses:
- BIT 4554: Networks and Telecommunications in Business
- BIT 4614: Information Security
- BIT 4624: Cybersecurity Analytics in Business (NEW)
- FIN 4014: Cyber Law (NEW)
- BIT 4964: Fieldwork (NEW)
Option III electives:
- BIT 4424 Business Information Visualization and Analytics
- BIT 4514 Database Technology for Business
- BIT 4524 Systems Development
- BIT 4604 Data Governance, Privacy and Ethics (NEW)
- BIT 5114 Crime and Conflict in Cyberspace (NEW, requires permission)
- BIT 5134 Cybersecurity Program Design & Operation (NEW, requires permission)
Three new courses are required for Option III, including 6-credit-hours of fieldwork (similar to an internship). The fieldwork requirement will focus on companies, organizations and government entities in the National Capital Region. Students can expect to spend spring semester of their senior year at Virginia Tech’s Innovation Campus taking courses and learning firsthand what working in the cybersecurity sector entails. The fieldwork experience provides companies with work-ready graduates from the CMAprogram.
For electives, a new Data Governance course is added, and two graduate level MIT courses for students who wish to get a head start on their Master’s of Information Technology degree.
The College of Engineering has several programs related to cybersecurity. The CMA option is completely different from the COE programs, and the required courses do not overlap. The difference can be described generally as the COE curriculum prepares students to design and create physical networks and software that is secure, and to monitor and assess them for attacks. CMA students gain proficiency in the business management of cybersecurity within an organization, including setting policies, risk management, incident business response, using data to understand attacks on business assets, and overall management of the cybersecurity function within a business. In sum, the CMA option emphasizes business processes and data analytics as applied to cybersecurity management.
Graduates from the CMA option will become future cybersecurity administrators, with initial positions in areas such as risk planning and assessment, IT security assessments, IT security auditing, and information security analytics. Jobs are plentiful and several different career paths are described by NICE (National Initiative for Cybersecurity Education) on their CyberSeek website.
The industry certifications CMA students would pursue are CompTIA Security+ for baseline skills, and after five years of experience, the Certified Information Security Manager (CISM) or the Certified Information Systems Auditor (CISA). With experience, some students, but not all, would become Certified Information Systems Security Professionals (CISSP).
The Departments of Accounting, Finance, Computer Science, Political Science, Electrical & Computer Engineering, Mathematics (CMDA) and Public Policy (SPIA) provide additional security courses available to CMA students as electives. Students can also be approved to take graduate-level cyber courses as part of a 4-1 program to jump start their Master’s of Information Technology degree.
CMA is included in many of the opportunities provided by the Hume Center for National Security at Virginia Tech, particularly the National Security Educational Program and other internships. Veterans, the Corps of Cadets, ROTC and National Guard personnel can receive funding for the program as BIT is a STEM major. Scholarships include the DoD Cyber Scholarship Program and Senior Military College Scholarship Opportunities.
BIT participates in Virginia‘s Cyber Range program where curricula and access is shared across universities and the Commonwealth Cyber Initiative (CCI) that supports research, innovation and workforce development across the commonwealth. We are also heavily involved in the Data & Decisions and Integrated Security Pathways Minors at Virginia Tech that provide students and faculty access to experiential coursework and collaborative research opportunities.
CMA has been approved by university governance for launch in Fall of 2019. It will be possible for students already enrolled in Pamplin to choose the CMA option as juniors in Fall 2019 and graduate in Spring 2021. Students may choose any of the three BIT options from the time they become a BIT major. Thereafter, they may change their option until graduation in accordance with the Pamplin College of Business policy for change of majors/options.
We are working with high schools, community colleges and veterans’ groups to recruit a pipeline of students for CMA We expect some to enter the program after an Associate’s degree or other college coursework. Community college students with an AS in Business Administration or Information Technology are especially encouraged to transfer into the program. Those working in the IT, security or cyber fields who have not yet completed their bachelor’s degree are also encouraged to apply. Courses in the option will be available in the Virginia Tech facilities in Northern Virginia or online, as well as in Blacksburg, so it will be possible to complete the junior and senior year at either locale.