Cybersecurity FAQ (Q & A)

Cybersecurity FAQ/Cybersecurity Industry Questions

What is cybersecurity?

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) defines it as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.”

First, cybersecurity is an art form. Cyber threats and defenses are rapidly evolving. Best practices and technologies, tactics, and policies can be utilized, but the field is not yet an established science. It is part art, and part science; therefore, much creativity and innovation needed to make the world safer.

Second, cybersecurity involves protecting society’s networks, devices and data, so it requires an interest in technology or protecting society’s technology. Think about how dependent you are on your technology. What if you couldn’t trust or depend on your technology to be there when you need it or to do what you needed it to do? Cybersecurity is about protecting the technology you depend on every day (e.g., smartphones, video games, social media accounts, medical devices and records, online shopping sites/accounts). Consider apply your talents to this critical and exciting field.

What does someone in cybersecurity do?

There are many potential paths someone can pursue in the field of cybersecurity. The NICE Framework has defined seven high level categorizes of work functions that people can perform in cybersecurity.

Analyze – Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence. This function includes areas like exploitation analysis and threat analysis.
Collect and Operate – Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence. This function includes areas like cyber operations planning and cyber event data detection and collection.
Investigate – Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence. This function includes areas like digital forensics and cyber investigations.
Operate and Maintain – Provides support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security. This function includes areas like systems administration, systems analysis, and network administration.
Oversee and Govern – Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work. This function includes areas like cybersecurity management, executive cyber leadership, legal advice and advocacy, strategic planning and policy, training and education.
Protect and Defend – Identifies, analyzes, and mitigates threats to internal IT systems and/or networks. This function includes areas like cyber defense analysis, incident response, vulnerability assessment and management.
Securely Provision – Conceptualizes, designs, procures, and/or builds secure IT systems, with responsibility for aspects of system and/or network development. This function includes areas like: risk management, software/systems development, systems architecture, technology R&D, test and evaluation.

These functions require a diverse set of skills: deeply technical skills you can develop in deeply technical computer science programs; business/organizational skills you can pursue in business programs, or policy-oriented skills you can obtain in political science or ethics/philosophy departments.

Are there many jobs in cybersecurity? How well does the industry pay?

When considering a field to pursue, there are a few important factors you should evaluate: the number job openings, projected growth of the field, quality of life. Let’s examine each.

First, there is a huge shortage of qualified individuals for cybersecurity jobs. Cybersecurity Ventures estimates that in 2021, there were 3.5 million unfilled cybersecurity jobs worldwide. As of June 2021, Cyberseek indicated there were over 42,000 cybersecurity job openings in Texas alone. The top five states for cybersecurity jobs are: Virginia, Texas, Colorado, New York, and North Carolina. According to Business Facilities’ 15^th Annual Rankings Report, Texas has the most cybersecurity growth potential in the U.S.

Second, the future outlook for the cybersecurity industry is very bright for job seekers. According to the U.S. Bureau of Labor Statistics, Information Security Analyst jobs have a 31% growth rate projected for 2019-2029, which places it in the top ten fastest-growing occupations.

How much does an Information Security Analyst make? According to the U.S. Bureau of Labor Statistics, median pay was $103,590 in 2020.

Is a job in cybersecurity satisfying?

Yes! At Baylor, part of our mission is to prepare you for a life of service. As our world becomes increasingly interconnected our lives are dependent upon our technology. Not only are we dependent upon this technology, but threats are constantly evolving and increasing. Consequently, society need ethical, educated, and skilled people to protect us from harm. The job of a cybersecurity professional is to contribute to protecting nations, organizations, and individuals. Each day can bring new threats and challenges to overcome. This career field regularly will provide you with new opportunities to collaborate and innovate with bright people who are working together to save society from cyber harm. Become a hero and become a cyber defender!

Cybersecurity at Baylor

Why should I study cybersecurity?

Cybersecurity is an exciting, impactful, and challenging field. No one wants to be stuck in a static job for the rest of their careers. Think about how long a typical career is for someone and how many hours a day they spend at their jobs. A career typically lasts more than 40 years. That’s a long time to be stuck in a boring field. Cybersecurity regularly provides you with new and difficult problems, challenging you to develop answers critical to the health and safety of society.

Why study cybersecurity at Baylor?

Four things distinguish Baylor cybersecurity from other universities: Family, Mission, Opportunity, and Success.

Family: When selecting a university, an important element is whether you feel cared for. Attending college can be challenging and it is important to find a place where you will be challenged and supported. What you will find about Baylor is that it is not just a university, but a family. No family is perfect, and no university is perfect, but at Baylor, we strive to support and challenge our community. Don’t just take our word for it: take the time to talk to the students, the faculty, and the administration. Ask them what they love about Baylor. Many will tell you it is the family atmosphere. Seek out the truth for yourself, but you will likely experience Baylor’s family environment.

Mission: As a preeminent Christian university, Baylor is dedicated not just to your intellectual growth, but your holistic wellbeing. We will foster your growth emotionally, intellectually, and spiritually. We need ethical leaders in the cybersecurity field, and Baylor will aid in your growth.

Opportunity: Many possible job functions in the cybersecurity field exist because there is a diverse set of problems to be solved. Some problems require deep technological solutions, others require business knowledge, and others require political and legal solutions. College is a time to explore, and so it is important to select a university where you can not only explore the many aspects of cybersecurity. At Baylor you can explore cybersecurity in areas ranging from computer science, business, ethics, and political science. You will have the opportunity to not only learn in the classroom, but also to participate on cyber competition teams.

Success: The cybersecurity program in the Department of Computer Science may be a recently established program, but our students and graduates are already having great success in the field. In 2018 (before the program was even established), Baylor placed 4th nationally in the Collegiate Cyber Defense Competition, and in 2021 placed third in the Southwest region (ahead of programs like SMU, Texas A&M, and UTSA). A member of Baylor’s 2018 CCDC team became a Chief Information Security Officer within a few short years of graduation. Cybersecurity lacks enough qualified people, so you can quickly ascend if you have the skills our graduates are demonstrating.

What are my cybersecurity options at Baylor?

At Baylor you can pursue the following degrees:

In addition to specific degree concentrations, there is the Baylor Collegiate Cyber Defense Competition (CCDC) team, Baylor Cyber Day, the National Cyber League (NCL) competition, and much more. Come join the fun!

What is CCDC?

The Collegiate Cyber Defense Competition (CCDC) provides a realistic experience for college students in cyber defense (Baylor participates in the Southwest Region). The competition consists of teams of eight students (called the Blue Team) taking over a network of computers already running some Internet services for a fictitious company. The team takeover was necessitated by poor management and security practices of previous owners. Sound like any news you've read recently? The team receives points for keeping this system operational, protecting company information, and handling a steady stream of requests (called "injects") from management for new services and security-related company policies.

Making matters (much) worse, the start of the contest also unleashes the Red Team, a group of actual hacking professionals bent on taking down team systems, stealing company secrets, installing backdoors, and other sorts of mischief meant to undermine the company. The team loses points if the Red Team interrupts critical services and/or steals company data and secrets.

What is NCL?

The National Cyber League (NCL) is a cybersecurity competition open to U.S. high school and college students that provides students with the opportunity to test their cybersecurity skills against realistic challenges. These challenges cover areas like password cracking, identifying hackers in cyber forensics data, gathering open source intelligence data that could be used for attacks, scanning targets, etc. Nine challenge areas are Open Source Intelligence, Cryptography, Password Cracking, Log Analysis, Network Traffic Analysis, Forensics, Web Application Exploitation, Scanning, Enumeration & Exploitation. The NCL provides a gymnasium where students can practice their skills in each area in order to prepare for formal competition. NCL has fall and spring seasons.

NCL provides three competition phases: Pre-Season, Individual, and Teams. The pre-season is used to place students in the appropriate competition brackets (gold, silver, bronze). Individual games involve competing with all NCL players from across the country. The result is a power ranking so that you can see how you rank compared to the rest of the competitors. You will receive a Scouting Report that will give a breakdown of your skill level for each challenge area. Finally, there is a team competition where you will join other students at Baylor and compete against other schools in the nine challenge areas.

Why should I participate in Baylor’s CCDC or NCL teams?

Skills are often honed best in the context of competition. You can believe you are good at cybersecurity, but with competition, you (and others) will know how good you are. Cybersecurity companies really pay attention to competitions because it 1) gives them a good idea of your skillset and 2) many cybersecurity jobs are about continuous competition against the "bad guys." Past Baylor competition teams have had companies offer to hire an entire team based on how they performed in competition, so it is a great way to get potential job offers! At Baylor, we focus on CCDC, NCL, and some CTF competitions.

Who do I contact for more information?

Prof. Shaun Hutton (shaun_hutton@baylor.edu) or Dr. Jeff Donahoo (jeff_donahoo@baylor.edu). If you are already a Baylor student, one of the professors will add you to the cybersecurity Slack channel.