The Core Cyber-Defense Knowledge, Skills, and Abilities That Cybersecurity Students Should Learn in School

Abstract

Our cybersecurity workforce needs surpass our ability to meet them. These needs could be mitigated by developing relevant curricula that prioritize the knowledge, skills, and abilities (KSAs) most important to cybersecurity jobs. To identify the KSAs needed for performing cybersecurity jobs, we administered survey interviews to 44 cyber professionals at the premier hacker conferences Black Hat 2016 and DEF CON 24. Questions concerned 32 KSAs related to cyber defense. Participants rated how important each KSA was to their job and indicated where they had learned that KSA. Fifteen of these KSAs were rated as being of higher-than-neutral importance. Participants also answered open-ended questions meant to uncover additional KSAs that are important to cyber-defense work. Overall, the data suggest that KSAs related to networks, vulnerabilities, programming, and interpersonal communication should be prioritized in cybersecurity curricula.