Ryan Sporrer is an instructor at Western Iowa Tech. He teaches Cyber Security & Digital Crime at the Sioux City Campus. Program profile
Here are the key points
- Teaching focus: At the community college level, Sporrer emphasizes the basics of cybersecurity due to limited time with students. He is working on making the Associate of Applied Science degree available online and creating a simulated small business lab for practical learning.
- Common misconceptions among students: New students often have misconceptions about cybersecurity, influenced by Hollywood, expecting it to be like CSI or a video game. Sporrer works to correct these views, emphasizing the reality of the field.
- Career preparation: The program prepares students for various roles, from being the sole cybersecurity expert in a small business to joining large enterprise security teams. The focus is on teaching fundamentals, as large firms often train graduates in specific processes and procedures.
- Cybersecurity skills gap: Sporrer acknowledges a significant need for qualified cybersecurity workers, with guidance counselors encouraging students to consider this field due to high demand.
- Recommended reading for students: He suggests books for new students to gain a historical view of the field, like Kevin Mitnick’s “Ghost in the Wires” and “The Art of Intrusion,” as well as more technical references like “The Web Application Hacker’s Handbook.”
- Future of cybersecurity: Sporrer predicts continued growth in IoT, more devices, users, and threats. He anticipates ongoing challenges from nation-states, deep fakes, election interference, and social media bots, emphasizing the need for continual learning in this ever-changing field.
How did you first become interested in cybersecurity?
My interest in cybersecurity was a process of evolution. I was interested in computers from a very young age. The more I learned about computers and networks, the more I realized how important security is.
My initial interest was in computer forensics. However, after earning a degree in computer networking and administration, my interest expanded to include the entire cybersecurity field.
What led you to move from practicing cybersecurity to teach it?
I was consulting as a network engineer and identified some holes in my training that I wanted to fill. I enrolled at WIT to take some courses. After some time, my instructor decided to make a career move, and he suggested that I interview to fill his role.
I was offered the position I have now. You could say it was a happy accident.
What are the areas of your research, focus, or interest?
At a community college, we only have one or two years with a student, so while we don’t often have latitude and time for independent research, I am always focused on bringing my students a strong understanding of the basics.
As an example, we have a one-year diploma that is currently available entirely online. We are working hard to bring the whole Associate of Applied Science degree (AAS) online as well.
We recognize that now, more than ever, it is essential to offer a quality education outside of the traditional classroom setting.
Another focus of mine is creating a simulated small business lab that will provide our students with a realistic sandbox for learning. In such a virtual sandbox, students will learn how to harden servers and systems based on various operating systems and even how to protect data in the cloud.
What is the most common misconception that new students bring with them to cybersecurity education?
Sometimes students begin their academic career with influence from Hollywood. They envision working in cybersecurity as something akin to television’s CSI.
We help them understand that not only are they not likely to be breaking down any doors in their cybersecurity career, but work like penetration testing is not the visual equivalent to a video game. A command-line interface is nothing like those 3D models they have seen on TV.
Does completing a program like yours prepare students to be a jack-of-all-trades cybersecurity expert at a small to medium business (SMB) or an integral part of a massive security team within a large enterprise both?
Definitely both. We try to prepare our students for either scenario. We have students that have gone on to be the only cybersecurity person at a small business, and others are recruited for entry-level positions with very large firms.
Often large firms are looking for graduates that have a sound understanding of the fundamentals. They will teach that person the processes and procedures that are specific to their security organization.
Our students enter the job market fully qualified to work in network administration, cybersecurity generalists, or SOC analysts.
There is a lot of talk in the security industry about a skills gap or a shortage of qualified cybersecurity workers. Do you agree that this gap exists? And do you see students entering your program with an understanding that there is a skills gap?
There is undoubtedly a need for more qualified workers in cybersecurity. Guidance counselors are generally aware of this need too. We see many students encouraged to consider cybersecurity as a profession because there is a high demand in the field.
In today’s world, nearly every business, regardless of size, needs help with cybersecurity. If you expand that view across the nation and the world, it is staggering the number of security professionals required to fill the need.
If you were to build a cybersecurity reading list, what would be your top picks?
For new students that are just learning about the field, I recommend books like Kevin Mitnick’s Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker or The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. These books give students a historical view of the field.
Others in this genre include The Cuckoo’s Egg by Clifford Stoll and Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World by Joseph Menn.
For more technical references, I like The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws by Dafydd Stuttard or just about anything in the Hacking Exposed series of books.
Finally, look into your crystal ball and tell us how you see the future of cybersecurity.
I can tell you that the internet of things (IoT) is not going away and will continue to grow. In fact, growth will happen in all areas. There will be more devices, more users, and more threats.
Nation-states will continue to create havoc as will deep fakes, election interference, and social media bots. These are all, in some fashion, cybersecurity issues for which we need to be prepared.
I always tell my students that cybersecurity is an ever-changing field. They need to be aware of that and never stop learning. They must continually apply self-improvement principles.