“Primer to Cybersecurity” is a new addition to the M.S. in Accounting curriculum this year. To understand how professionals in the accounting industry design cybersecurity software and infrastructure, we both enrolled in the course this semester. Limited to 20 students, this course provides an individualized classroom experience with a lot of one-on-one time with faculty. We recently interviewed the McIntire professors who co-teach the course, IT Professor Ryan Wright and Assistant Dean for Technology & Operations Bryan Lewis, to gain insight into the field of cybersecurity and its relationship to the accounting profession.
Why did McIntire decide to offer a cybersecurity class this year?
Lewis: Cybersecurity is an issue within every industry that uses technology in any capacity. Damage from cybersecurity crime is expected to hit $6 trillion dollars annually by 2021. Specifically for accountants, cybersecurity is another source of risk that must be quantified, audited, and controlled. Underscoring the importance, there is talk about the addition of cybersecurity questions to the CPA exam.
Wright: Cybersecurity is a business problem that needs the attention and understanding of business managers and executives. By offering a non-technical cybersecurity class, we wanted to give our students tangible skills to use when they are the decision makers in their firms.
What are the biggest takeaways from this class?
Lewis: Cybersecurity is not an IT problem. It is everyone’s problem, and people are always the weakest link in any security environment.
Wright: Cybersecurity has many different components. Just like organizations need to manage marketing, finance, operations, and IT, they also need to manage cybersecurity using people, process, and technology.
Can you give examples of guest speakers and how they were selected?
Lewis: Department of Homeland Security, UVA Chief Information Security Officer (CISO), UVA Facilities Management CIO, Deloitte, PwC, Fannie Mae CISO, and the United States Secret Service. These speakers were selected specifically to show experts in various areas of cybersecurity as well as potential career paths in both private and public sectors.
Why is it important to keep students updated on current cybersecurity issues?
Lewis: By using education to instill a discerning mindset, students are better served and protected in their academic careers, personal lives, and eventually their professional careers.
How do you incorporate real-world examples into the class?
Lewis: Each week, students present on “This Week in Security Threats,” using current news to summarize the latest cyber issues and how they affect consumers, and important information C-level executives can use. We always dedicate class time to discuss trending cybersecurity breaches. This semester, there were blockbuster stories on Equifax, Deloitte, and Uber.
Wright: Everything is hands-on and applicable, from the guest speakers to the activities to the labs.
What do you like most about teaching this class?
Lewis: I personally enjoy breaking the notion that cybersecurity is a technical field occupied only by computer scientists and IT personnel. The demand for consultants, accountants, and professionals with a cyber background is tremendous.
Wright: I like the socio-technical problem solving that is needed to be successful in cybersecurity. You won’t be successful if you apply only technology or processes. You need a marriage of people, process, and technology to truly mitigate the contemporary cyberattacks.