Over a span of 20 years, Lata Bavisi has had a very interesting career with several industries across the globe. She has been on the board of directors of EC-Council, one of the world’s largest information security certification body, for the last 15 years. However, her love for academia drove her toward cybersecurity education, and she played a pivotal role in establishing EC-Council University as one of the most prominent online cybersecurity education institutes across the globe.
As the President of the University, she has been instrumental in implementing cyber security knowledge into academe, with an aim to achieve practical results in the “real world”. In a conversation with CISO MAG, Lata discusses importance of cybersecurity education, gender diversity in the domain, and much more.
Considering the growing importance of a cyber secure world, what according to you should educational institutions do to motivate more people to take up cybersecurity programs and courses?
Increasing awareness is where I would start from. Today, a cybersecurity profession is still something students think twice about simply because of the lack of cybersecurity education right from inception. Academic curriculum at schools today do not exhibit the need to be cyber safe with the same amount of conviction they have whilst teaching math and science despite the computer being the platform being used to teach those subjects.
We cannot run away from the fact that today technology and the human race are so intertwined that it is incumbent for the young and old to be cyber safe at all times. This then leads to the next question – if technology is part of our daily being then why is cybersecurity education not something that is as appealing as many of the generic professions which have always been around? What about the fact that today there is a serious supply concern for cybersecurity professionals? According to a Capgemini report that came out a couple of months ago, cybersecurity skills hold the highest digital skills gap of 25%.
Hence, awareness at the national, corporate and individual level is pertinent. Cybersecurity needs to be taught at the foundational levels in schools. Once this is in place we will see self-motivated individuals showing a keen interest in cybersecurity programs.
What makes EC Council University unique?
EC Council University is an accredited institution having received its accreditation from the Distance Education Accrediting Commission (DEAC). DEAC is listed by the U.S. Department of Education as a nationally recognized accrediting agency and a member of the Council For Higher Education Accreditations (CHEA).
There are several things unique about ECCU, the first being we are online. Opting an online platform was so that we could reach out to individuals all over the world and allow them the luxury of attaining a degree from one of the pioneers of cybersecurity education without the need to displace themselves and thereby saving both money and time as they could work and study at the same time. Hence, we go to the students rather than the other way around!
The other unique feature of ECCU is its study model. We understand the need for individuals to have a strong foothold on the knowledge component of the subject matter at hand and, simultaneously, the need to have the practical skills aspect being taken care off during the course of delivery of the program. Hence our programs have these seamlessly fused together allowing students to benefit holistically and be industry ready. The practical aspects are taught through our state of the art virtual labs platform known as ilabs. Ilabs allows students to hone their skills by being presented with real life situations in a restricted zone, example where they would go in and attack or defend themselves as part of their assignments.
Was the decision of going completely online a difficult one? There are not many online universities around, especially in the field of information security.
Yes, it was a difficult decision. This many a times works for and against us as there is always a degree of suspicion on the authenticity of online institutions. This sadly is true when there is a lack of research as to the credentials of such institutions. But, we made convenience of our students and quality of education our top most priority.
Going online was not a decision that was taken overnight. We had thoroughly researched the advantages and disadvantages of a completely online university. We, however, were completely motivated from the multiple advantages of online versus on ground especially in a day and age where technology plays a fundamental part in delivering education. The possibilities of creating an environment and experience as close as possible to a traditional institution is a very costly one but promising one too.
ECCU intends to be foreword thinking and the statics show that online education is growing at a rapid pace year after year. The demand for fast and instant is what an online platform does best. In addition to that, being the academic arm of EC-Council, a trusted name in the cybersecurity education space, gave us confidence to choose this route.
What was the motivation behind your decision to join EC Council University’s Board of Directors and assume a Vice President role and how has the journey been so far?
Graduating as a lawyer and a post graduate Bar degree from the Middle Temple in the UK, was no reason not to venture into business. Despite the very lucrative career I was in, I had always wanted to start a school that could impact the lives of many children to welcome a future that would nurture them into proud individuals and citizens of their family, work place and country. The university received its accreditation after 8 long years in 2015 and it was then that I decided to live my dream of creating an educational institution that would be niche in its offerings, unique with its delivery and student focused ensuring that at all times we only deliver quality education that students will benefit from and an institution they can feel proud to belong too.
The journey has been a very interesting one with every challenge being an opportunity and every milestone we achieve being a victory. We have over the last 2 and half years enjoyed a double digit growth year after year. We shall be unleashing many new concentration offerings in our master’s degree in July 2018 which should allow our students to enjoy a more pointed career path that could be suited for them. We have also increased the student benefits from Term 3 onwards where all degree programs would have the EC Council certifications embedded within the program with students not only graduating with their respective degrees but also a string of EC Council industry certifications!
All in all I must admit, the journey has been a very exciting one and the excitement carries on!
ECCU also provides financial assistance to its students. Tell us about that.
We at ECCU recognize the need for financial assistance for students for various reasons and we are always committed to assisting such students. There are several ways in which we assist students financially. First, is by allowing students to pay on a monthly basis through our monthly payment plan. We also offer a few scholarships like the Dean’s scholarship, New Mexico Cybersecurity Scholarship, Women’s scholarship and a Veterans scholarship.
Women’s scholarship is an interesting idea, especially at a time when there is a lack of their representation in information security.
According to a study, women only make up to 11 percent of the global cybersecurity workforce. And even here, the 11 percent has been a stagnant figure since 2013. One of the reasons cited by the study was the lack of enough knowledge about the domain. Most young women did not know what the employers are looking for, and if they had the right attributes. Every domain should have gender diversity, as it is very crucial for it to thrive and cybersecurity is no different. We hope women’s scholarships offered by ECCU inspire women to join the cybersecurity field.
What changes have you seen over the last few years in the curiosity of people toward becoming cybersecurity professionals? Has there been a rise or a downfall?
The recent rise in company (both public and private) hacks and compromises of data, ransomware and the whole lot of techniques used by the criminals to compromise the security of companies and individuals has to a certain extent itself created an atmosphere of awareness that there is a not only a need for cybersecurity professionals but also a glut. Such headline news in all and any media coverage will surely create curiosity amongst viewers on how the country needs to deal with such cybersecurity situations.
The increased enrollments at our university and larger proportion of individuals looking at upskilling themselves through the certification route is proof that there has been a significant increase amongst individuals to either opt out of their current careers and join the cybersecurity community or a strong inclination of younger individuals to select from the start a career in cybersecurity.
A number of students often begin their careers by going for certificates instead of a proper degree. Do you think it is the right approach?
Many individuals often become confused or select the wrong path when getting into a cybersecurity career. Often they believe that certifications alone suffice to getting them onto the track of a full blown cybersecurity career. However, statistics point to the fact that at least 84% of companies require their cybersecurity workforce to have a degree. Certifications should be used as a means to upskill oneself. The reason for the same is quite obvious when looking at the vast number of complaints received from organizations that the cybersecurity professionals do not have the requisite talent required to defend their systems. The degree has both the knowledge and practical component required to ensure the individual is industry ready. This further ensures the individuals have a secure understanding of the foundations of the subject matter of their study and walk out with the breadth and depth of knowledge that would be required to qualify as a cybersecurity professional.
There are many C-level executives rising to the level of CISOs. How much is cybersecurity certification important to them apart from a career boosting factor?
As I had stated above, certifications should form the basis of upskilling one’s self. Cybersecurity is a fast moving and evolving domain of study and it is pertinent for individuals to remain abreast with the latest techniques deployed when protecting an organization. These are the major advantages of certifications that cannot be ignored. At EC Council University, we offer transfer credits for certifications that were awarded within the 3 year timeframe if not the student needs to ensure that he/she has renewed the certification concerned by sitting for a more current exam.
In order for CISOs to continue to be respected, lead with the requisite knowledge and be armed with the most current information in cybersecurity, there is no doubt that certifications will be the road to take. But again, a CISO must be armed with a cybersecurity degree first. This is where EC Council University is a clear winner as it has bundled within its Masters’ degree offerings, cybersecurity certifications that are part of the course allowing the individual to graduate as a CISO with a string of certifications.
According to you, what are the three main factors that one should look into before selecting the right cybersecurity course and institution for themselves?
With various institutions, colleges and universities offering cybersecurity degrees, it has become a difficult task for individuals to zero in on the right one. Hence in my opinion the first thing one needs to look into is the reputation of the provider in the field of study. Is that where the expertise of the provider lies? Is it an accredited institution? These are important points to tick on your check box as there are so many grey market providers today that collude the mindsets of individuals that are less informed into believing they are receiving premier education and most of the time at prices that could be tempting.
Second would be to consider the value of the education provided. Example, many institutions claim to provide practical knowledge through lab components. However, it is important to ensure that you have adequate knowledge on what those lab components are. In the case of ECCU, we have made huge investments in providing a cyber range of high quality and is cutting edge that gives students a real life case to solve in guided and closed door environments.
Third is the quality of the faculty that delivers the education. This is a key component in education of any sort. We always need good mentors that we can fall back upon when in doubt and someone who can mold us and bring out the best in us. Many online universities today depend heavily on technology and ignore the human factor. At ECCU however, our faculty are full time practitioners who are well informed on the subject matter concerned and practicing it on a daily basis. There can be no better fit to creating the right talent pool when this is the formula.
What would be your advice to a budding information security professional?
Today many individuals consider the job prospects before looking at anything else. However, in my opinion, an individual will be hired and retained by the best if he/she takes the first step in ensuring that they are true to what they learn. Commitment, perseverance and hard work always pay off if the 3 points above were paid attention too. An education is there to form you and your thoughts but what you make out of it is entirely on your shoulders. Good luck to all aspiring cybersecurity professionals in this journey.