In December 2015, Iowa Governor Terry Branstad ordered state officials to begin developing a strategy that would better prepare the state in the event of a cyberattack. Brandstad’s executive order included plans for developing and delivering a public report that addresses:
- Areas of Iowa’s infrastructure deemed “high-risk cybersecurity areas”
- Plans to better identify, protect, detect, respond, and recover from cybersecurity incidents
- A process designed to regularly assess Iowa’s cybersecurity infrastructure and activities
- Recommendations for securing networks, systems, and data
- Recommendations for developing best practices to prevent unauthorized access, theft, and destruction of state data
- The implementation of cybersecurity awareness training for state government
The report also detailed the need for Iowa Homeland Security to have an emergency response plan in place to deal with the physical consequences of a cyberattack.
This statewide effort, led by Iowa’s chief security information officer, is designed to combat cybercrime and protect everything from the state’s electrical and natural gas systems to its financial institutions and government agencies.
And the threat is real. For example, in 2010, hackers accessed the computer system of the Iowa Racing and Game Commission, compromising the confidential information of more than 80,000 Iowans. And in 2014, hackers compromised the servers of Iowa State University in an attempt to generate the computing power necessary to mine bitcoins.
These major cybercrimes reveal that the state’s efforts to bolster its cybersecurity capabilities and defenses couldn’t be more necessary. The proactive measures in Iowa highlight the state’s commitment to protecting its citizens and infrastructure. They also mean plenty of opportunities for the engineers, analysts, technicians, and architects within the cybersecurity profession.
Career opportunities for cybersecurity professionals in Iowa range from state government agencies like the Iowa Information Security Office and the Iowa Department of Homeland Security, to private cybersecurity businesses like Armolon Corporation, to large Iowa corporations like A.Y. McDonald Manufacturing Company in Dubuque and McLeodUSA in Cedar Rapids.
Earning a Master’s Degree in Cybersecurity in Iowa
The National Centers of Academic Excellence (CAE) program, a joint effort between the Department of Homeland Security (DHS) and the National Security Agency (NSA), designates colleges and universities that (1) offer degrees in cybersecurity and (2) meet specific cybersecurity-related curriculum standards (called knowledge units). As of June 2016, there is just one CAE program in Iowa. However, the CEA program also includes online degree programs, which opens up a considerable number of opportunities for infosec graduate students in Iowa.
Online master’s degree programs offer a flexible, distance-based curriculum highlighted by interactive, online courses and other resources that provide a comprehensive, well-designed education in cybersecurity.
Whether campus-based or online, master’s degrees in cybersecurity consist of about 30 credits and take between 15 and 18 months to complete.
Bachelor’s-prepared students may also complete a bachelor’s certificate program in cybersecurity, which includes about 15 credits of coursework.
The NSA and DHS have designated just one university in Iowa as a Center for Academic Excellence:
Iowa State University
- Master of Engineering in Information Assurance
- Master of Science in Information Assurance
- Certificate in Information Assurance
Standard Admission Requirements for Cybersecurity Master’s Programs
Admission into a cybersecurity master’s degree program is competitive, requiring candidates to possess a bachelor’s degree from an accredited college or university in a related field (such as computer science or computer engineering) and with a strong GPA (usually 3.0 or higher).
Candidates are expected to have knowledge in areas like discrete mathematics, high-level programming, and data structures through undergraduate coursework in Java or C++ programming, calculus, and computer organization, among others.
Candidates must also provide the college or university with a number of items for admission consideration, such as:
- Competitive GRE scores
- Analytical score of 650 or higher
- Quantitative score of 155 or higher
- Verbal score of 150 or higher
- Resume, detailing relevant professional experience
- Letters of recommendation
Core Courses, Electives, and Program Objectives
Core coursework generally focuses on topics such as:
- Secure systems engineering
- Computer and network forensics
- Information security
- Systems design and development
- Computer security
- Algorithm design and development
Program electives allow students to focus their program on a specific area of cybersecurity, such as:
- Network security information
- Cyber investigations
- Digital forensics
- Global information technology
NSA and DHS Designated Research and Education Institutions in Iowa
The National Security Agency and Department of Homeland Security offer designations specific to two classifications of schools that offer graduate programs in information security:
- CAE-CDE – National Centers of Academic Excellence in Cyber Defense Education (qualifying colleges and universities offering bachelor’s, master’s, and graduate certificates)
- CAE-R – National Centers of Academic Excellence in Cyber Defense Research (schools that participate in research initiatives and that integrate a strong research component into the curriculum of bachelor’s and graduate programs)
As of 2016, there is just one university in Iowa that meets the rigorous criteria for NSA/DHS Center for Academic Excellence designation:
Iowa State University, Information Assurance Center
- Master of Science in Information Assurance
- Graduate Certificate in Information Assurance
Iowa State University holds both the Center of Academic Excellence in Cyber Defense Education (CAE-CDE) and Research (CEA-R) designations for its master’s degree and graduate certificate programs, which involve a significant research component.
Opportunities Available to Master’s-Prepare Cybersecurity Analysts and Specialists
Iowa is experiencing an explosion of cybersecurity-related careers. According to Burning Glass Technologies, a job market analytics corporation, total job postings in Iowa were 1,951 in 2014—that’s a growth of 158 percent since 2010.
With recent state efforts to develop and implement a multi-level, multi-agency cybersecurity plan, careers in cybersecurity in Iowa will remain strong. Master’s prepared cybersecurity professionals in Iowa can expect to fill senior-level manager/administrator positions in all industries and sectors.
The following job listings, sources in June 2016, highlight the type of job opportunities master’s-prepared cybersecurity professionals in Iowa enjoy. They are shown for illustrative purposes only and do not provide any assurance of employment.
Information Systems Auditor: NCMIC Group, Clive
- Evaluates and verifies procedures and internal controls for the IT department
- Analyzes and documents information systems and related controls
- Assists in the development of an appropriate audit department
- Monitors and participates in the project systems development, disaster recovery testing, and continuity plan
- Bachelor’s degree in accounting, finance, IT, IS, or a related field required; master’s degree a plus
- At least 4-6 years of information systems audit/security audit experience required
- Knowledge of auditing of: COBIT Control framework, risk identification, mitigation and reporting, and NIST Information security standards
Info Security Engineer 4: Wells Fargo, Des Moines
- Uses static analysis tools to quickly analyze application source code for a number of security issues
- Executes builds with static analysis tools on various applications
- 3+ years of ANT or Maven experience
- 3+ years of SAST experience
- 3+ years of Tomcat development or implementation experience
- 5+ years of information security applications and systems experience
- 5+ years of web applications experience
- C++ experience
Intermediate Security Analyst: Transamerica, Cedar Rapids
- Completes analysis and leads the implementation and management of administrative, technical, and physical safeguards to ensure privacy and protection of company information
- Assists with defined tasks in support of information security program
- Completes research, development, and implementation of straightforward information security initiatives
- Bachelor’s degree with emphasis in MIS, finance, computer science, auditing, or business, or equivalent education and experience required
- 3-5 years of relevant work experience, including experience with information security operations and information technology operations, business continuity, and disaster recovery
- Knowledge/experience with data privacy laws, data protection, regulations, and industry requirements
- Certifications: CISA, CISM, CISSP, CRISC, or ABCP
Levi, Ray & Shoup Inc.: Cedar Rapids
- Completes analysis and lead the implementation and management of administrative, technical, and physical safeguards to ensure the privacy and protection of company information and supporting technology and services
- Assists with tasks in support of the information security program
- 2+ years of experience in an information security administration position
- 2+ years of experience working with project teams providing information security expertise
- Certification: ABCP, CISM, CRISC, CISSP, CISA, or other BCP/DR equivalent