A visitor walks past the booth of Alibaba Group at a cybersecurity expo in Shanghai. GAO ERQIANG/CHINA DAILY
Efforts ramped up to bridge the gap of cybersecurity sector's needs
Chinese university courses are starting to combine practical experience of online attacks with cybersecurity theories, with help and oversight from security enterprises, in a move to effectively meet the industry's demand for talented graduates.
The Chinese cybersecurity industry's demand for new recruits between January and June rose by 45 percent year-on-year, according to a report released by online recruitment agency Zhaopin and security software provider Qihoo 360 at the end of August.
Yet more than 80 percent of college teachers have expressed concerns about current cybersecurity education standards, citing graduates' shortage of practical experience, according to the report. Around 50 percent complained it is difficult to source reference books that cover real-life online threats.
Cybersecurity graduates can find themselves unprepared for employment "because it is hard for them to offer better solutions when meeting serious online threats", said Tuan Kong, a cybersecurity engineer at Alibaba Group.
"What they learn in college can only help to solve simple attacks that are not the most important issues in the industry."
Essentially, the industry's demand for talent cannot be met if students have no experience solving real security problems at school, Tuan said.
To tackle the problem, several internet and security enterprises, including Alibaba and Qihoo 360, have taken steps to partner with education institutions.
Qihoo 360 established a cybersecurity college to offer intensive online skills training courses lectured by experienced and high-profile security experts, and is teaching students about real-life cases of online threats by increasing cooperation with universities and colleges.
In March, the company's head, Zhou Hongyi, said more security companies should set up their own online training platforms for people seeking to join the industry, "as the key to making a country's network more powerful is talent, not software or hardware".
Practice makes perfect
Tuan, from Zigong in Southwest China's Sichuan province, taught himself the nuts and bolts of cybersecurity when he was a college student. After completing a postgraduate degree in telecommunication, he found a job at a security laboratory affiliated with Alibaba in 2016.
"I feel a great sense of achievement when an enterprise thanks me after I use my technical skills to help it figure out or fix a vulnerability," the 27-year-old said. "Practice makes perfect, and cybersecurity is a very broad sector."
His team identifies and corrects vulnerabilities in Android systems and browsers, yet many of the engineers in his lab do not have a formal cybersecurity background.
"Those who can solve serious online problems are mainly cybersecurity competition winners or those who have learnt through self-study. They are experienced in dealing with real online attacks," he said. "But cybersecurity graduates can only find everyday vulnerabilities."
He said students do not know how to prevent a network from being attacked, as cyberattacks are constantly changing.
"Many of the scenarios students learn in college have been already solved, or are irrelevant today," he said.
Hang Te, who heads two security labs at Alibaba, agreed.
"It is urgent and more important that colleges teach students how to prevent a network from being attacked, instead of only teaching them the technical skills involved in launching online attacks," he said.
A Qihoo 360 employee, who goes by the name Ele7enxxh, said colleges are mainly focused on academic study. Gaining workplace competency involves learning the latest technical skills specifically required for real-life cybersecurity.