In 2010, the Vermont Attorney General filed an enforcement action against Health Net for violations of the Vermont Security Breach Notification Act as well as the Vermont Consumer Fraud Act; this was the first time in Vermont’s history that an enforcement action had ever been filed under the security breach notification law. The filing was in reference to a May 2009 security breach in which Health Net discovered that an unencrypted hard drive containing the financial and medical information of 1.5 million customers, including 525 Vermont residents, had been stolen.
Health Net began mailing notification letters out to its customers six months after the identified breach, a measure the Vermont Attorney General felt was a violation of the state’s security breach notification law requirement for notification “without unreasonable delay.” The data stored on the hard drive was also unencrypted, which was a violation of Vermont’s Consumer Fraud Act requirement that “minimum standards of data security” be used in commerce, including the encryption of protected health information.
Although there was no reported misuse of the stolen data, the mistake was costly for Health Net. In settlement with the Vermont Attorney General, Health Net paid the State of Vermont $55,000. Yet, because the breach affected consumers in Connecticut and New York as well, Health Net collectively paid those two states more than $500,000 in settlement costs.
What this security incident really did, though, was highlight the fact that cybersecurity is an absolute staple in today’s digital landscape. Vermont has clearly been proactive in enforcing its data breach laws, but the real goal is prevention. For this reason, the demand for talented, master’s-prepared cybersecurity analysts is higher than ever. In fact, in 2014, the Cisco Annual Security Report revealed that while cyber attacks and security breaches increase, globally there is currently a shortage of 1 million cybersecurity professionals with the skills necessary to address modern threats. Here in the U.S., the cybersecurity workforce is expected to grow by 36.5% through 2022.
Earning a Master’s Degree or Post-Bachelor’s Certificate in Cybersecurity in Vermont
Graduate-level cybersecurity programs are designed using a comprehensive approach that focuses on helping graduates develop the knowledge and skills needed to be successful in the cybersecurity workforce. Graduates of these programs will be well-trained in key areas like information security technology, systems assurance, critical analysis, and infrastructure management.
One of the key components of these programs is the inclusion of practical applications, including threat assessment and anomaly detection. At the end of the program, graduates will be proficient in their ability to architect inherently secure systems and defend critical infrastructures, including web and mobile systems.
Online programs are ideal for working professionals who need the flexibility and convenience that traditional, on-site programs lack. Earning a master’s in cybersecurity can be accomplished in about 15 months (about 30 total credits, including 15 core credits and 15 elective credits):
The post-bachelors certificate in cybersecurity is a 15-credit program and requires only half the time of the master’s degree option.
Standard Admissions Requirements for Cybersecurity Master’s Programs
Although admission requirements vary by school, common requirements include:
- Undergraduate degree in computer science, digital forensics, or similar discipline
- Minimum GPA of 3.0 in all undergraduate coursework
- One year of calculus
- One mathematics course in addition to the calculus requirement, such as differential equations, linear algebra, or discrete mathematics
- One data structures course
- One C++ programming and/or Java course
- One computer organization course
The GRE/GMAT requirement varies by academic institution, although many schools waive the submission of GRE/GMAT scores for applicants with a GPA of 3.0 or more in undergraduate studies.
Core Courses and Electives
Core curriculum courses may include:
- Operating System Analysis
- Incident Response and Network Forensics
- Mobile Device Analysis
- Information Assurance Management and Analytics
Elective courses may include:
- Malware Analysis
- Digital Forensics and Encryption
- Critical Infrastructure Protection
- Computer Security Incident Response Team Management
- Cyber Crime
NSA and Homeland Security Designated Research and Education Institutions in Vermont
The National Security Agency (NSA) and Department of Homeland Security (DHS) recognize academic institutions that offer graduate programs and conduct research in cybersecurity that meet a particular set of guidelines. These programs fall within the following classifications:
- National Centers of Academic Excellence in Cyber Defense Education (CAE/CDE)
- National Centers of Academic Excellence in Cyber Defense Research (CAE/R)
As of 2016, the following schools have met the rigorous criteria required to earn the NSA/DHS National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) designation for their master’s and post-bachelor’s certificate programs:
- Master of Science in Digital Forensics
- Master of Science in Information Security and Assurance
The following schools hold the original NSA/DHS Center for Academic Excellence in Information Assurance Education (CEA-IAE) designation for their master’s degree and graduate certificate programs. The NSA/DHS requires all current CAE-IAE designated schools to reapply for the new CAE-CDE designation no later than January 2017.
Champlain College, Computer Networking and Cyber Security
- Master of Science in Information Security Operations
- Graduate Certificate in Digital Forensic Science
Norwich University, School of Business and Management
- Master of Science in Information Security and Assurance
Opportunities Available to Vermont’s Master’s-Prepared Cybersecurity Analysts and Specialists
“Vermont’s College Grads in Digital Defense Are in Huge Demand,” read the headline from Seven Days, a local Vermont newspaper, in May of 2013. While graduates in other professional fields may be facing a tough job market, that is certainly not the case for cybersecurity professionals. In fact, some schools are reporting as many as 90% of their graduates securing employment within 30 days of graduation.
In the U.S., cybersecurity is a $75 billion industry, and is projected to grow to $170 billion by 2020, according to a January 2016 article in Forbes magazine. With more than 209,000 unfilled cybersecurity job openings in the U.S. and job postings increasing by 74% over the last five years, master’s-prepared cybersecurity experts will find a wealth of opportunity in this burgeoning industry.
Two of the most prominent cybersecurity firms in Vermont include NuHarbor Security in Burlington and Pwnie Express in Berlin.
Shown here are some of the current job opportunities available to cybersecurity professionals in Vermont. These job descriptions are shown for illustrative purposes only and are not meant to imply a guarantee of employment:
Information Security Analyst at People’s United Bank in Burlington:
- Four-year degree in computer science or information systems at minimum; master’s preferred
- At least two years’ experience in information security analysis
- CEH, GSEC, Security+ certifications preferred
- Experience with Python, Perl, or PHP
- Continuous monitoring of cyber network and critical infrastructure for security breaches and/or malicious activity
- Monitors for unauthorized access via software systems such as Advance Threat Protection, Intrusion Prevention, and SIEM
- Stays abreast of cyber intelligence and existing cyber threats
- Manages and coordinates incident response
Surveillance Specialist at IBM in Essex Junction:
- Bachelor’s degree in related field at minimum; master’s preferred
- Current security clearance or eligibility for security clearance
- CISM, CISA, CISSP, and/or Security+ certifications highly preferred
- Perform security threat assessments and systems vulnerability assessments
- Identify network vulnerabilities and potential for malicious activity
- Participate in crisis management and employ threat reduction measures
- Develop solutions to systems and operational vulnerabilities