Ģ��ֱ��

Finding Software vulnerabilities, data breaches and spying are growing as bigger threats towards society. In his dissertation, Karo Saharinen researched cybersecurity education in higher education within Finland and internationally. Based on his research, education should focus on secure development, maintenance of IT-environments and to the governance of cybersecurity. According to Saharinen, the amount of degree programme students should be higher in Finland.

In his dissertation, Karo Saharinen researched cybersecurity education in higher education within Finland and internationally. The articles of the dissertation researched the contents of cybersecurity curricula, workforce competence needs from recruiters of the industry and what kind of job responsibilities did graduates receive when they got employed.

– When I began work on the dissertation, cybersecurity curricula did not really have curriculum frameworks guiding what contents should the students be teached. Now that cybersecurity has been brought onto the surface of society, more of these frameworks have been published e.g. in EU., Saharinen states.

When designing curriculum contents it is important to take into account the needs of the industry and society, Saharinen says.

– The goal is that the graduates would have the competence necessary for work and in a larger scope that the whole cyber domain would be kept more secure by them. Cybersecurity education for the field of IT would be beneficial so that like Vastaamo would not happen. There are still IT degree programmes which do not have cybersecurity as a mandatory subject, Saharinen mentions.

Currently there are degree programmes completely concentrating on cybersecurity. Saharinen still mentions that their annual student seats are too low when compared to the amount of applicants.

– The surge of applicants can also be seen as evidence on the need for cybersecurity educated people in the industry, Saharinen says.

The situation is getting better with the . Some of the goals are to develop and increase the amount of open university courses and also industry field specific cybersecurity courses.

Cybersecurity should be integrated into the product development process from the early stage

As a conclusion of the dissertation, cybersecurity education should focus on secure software and system development, maintenance of IT-evironments and the governance of cybersecurity. These fields have clear need of cybersecurity professionals based on industry needs.

Secure software and system development means the process where a software or a service can be developed securely right from the start.

- Phone applications and other easy methods of doing electric transactions are offered to the customers. It would be ideal if cybersecurity could be brought in as early of their software and system development as possible. This is why these should be educated more in the curriculum, Saharinen says.

Saharinen mentions that as a result of the forementioned, the maintenance, usage, and protection of the software is easier. Systems and dependencies are more efficiently kept updated and secure.

– When the graduates were researched, it was pleasant to see them employed in keeping the cyber domain defended and protected. These skills could be practiced in e.g., courses related to cyber exercises, Saharinen says.

In addition to secure development and IT-system maintenance, it would be good to have education on the governance of cybersecurity so that companies would have enough competence to evaluate technical threats and possible threat actors facing the company.

– When the risks can be evaluated correctly, then the limited resources of cybersecurity can be used efficiently. Do we either educate our personnel, add more technical protection methods or do we invest in the maintenance and monitoring of the current technical environment, Saharinen says.

Based on Saharinen, the governance of cybersecurity is more required from the master’s degrees of cybersecurity.

Cybersecurity incidents have become common day in society and finnish people have witnessed cyber-attacks in e.g., healthcare, banking, higher education and in municipalities. To have digital services online, the demand for cybersecurity educated professionals has risen in the industry.

– With the results of this dissertation, the organizations providing cybersecurity education can re-evaluate their course offering based on researched information. This in turn provides in graduates that are more needed by society, Saharinen says.

M.Eng. Karo Saharinen defends his doctoral dissertation in Software and Communications Engineering “Research into the Aspects of Cybersecurity Education in Higher Education” on 18th of April at 12’oclock. Audience can follow the dissertation in the lecture hall Agora Auditorium 2, or online. Link to the online event:

Opponent Associate Professor Mikko-Jussi Laakso (University of Turku) and Custos Professor Timo Hämäläinen (Ģ��ֱ��). The doctoral dissertation is held in Finnish.

Karo Saharinen has graduated as a Bachelor of Science in 2008 and Master of Engineering in 2013 from the Jamk University of Applied Sciences. In his career, he has worked as a telecommunications technician in a local phone company, as an engineer of confidential level data networks in the air forces, and as a senior lecturer in Jamk University of Applied Sciences. In Jamk, he has been the degree programme coordinator of bachelor’s degree in cybersecurity between 2015 to 2017 and the degree programme coordinator on the master’s degree in cybersecurity from 2018 onwards.

The dissertation has been published in an online publication series and is available in the JYX publication archive: .