Hacking the Job Market

Students learning cyber security
Students at the University of Oregon’s Cybersecurity Security Operations Center get hands-on learning experiences in cybersecurity. 

February 28, 2024

Hacking the Job Market

A new cybersecurity major in the College of Arts and Sciences aims to make students career-ready right after graduation.

All our personal information is online. Photos, text messages and bank accounts are all stored in the cloud for ease on our end.

But that sensitive information can easily be stolen. In recent years, hackers have stolen vital information, such as 3.5 million individual records from the Oregon DMV in 2023, for reasons ranging from espionage to theft.

Jobs to protect users and companies from hackers are in growing demand, and a new undergraduate degree in the College of Arts and Sciences is training students to fill that role. Launched in the fall of 2023, the cybersecurity major combines rigorous courses and hands-on fieldwork with the aim of preparing students to hit the ground running in a cybersecurity career.

Preparing for future cyberattacks

It’s one thing to study attacks, but the new cybersecurity major aims to teach students holistically so they can understand the methods hackers use. Rather than simply reacting to hackers, they’ll learn to build systems that anticipate hacking.

Cyber security experts sitting at desk
The cybersecurity major is a hands-on program that prepares students to step into a job as soon as they graduate. 

“We want them to learn the principles and be able to apply those principles to new instances of attacks so they can evolve with this domain as they go forward, rather than being able to do just a few dance moves,” says Reza Rejaie, professor and head of the Department of Computer Science, as well as one of the architects of the cybersecurity major.

The major’s degree pathway offers students a balanced overview of cybersecurity, with courses on mathematics, programming and computer science, as well as computer, network and software security. The program, designed to meet guidelines and standards defined by the National Security Agency for cybersecurity education, is rigorous, Rejaie says.

Central to the program is its focus on experiential learning, he adds. Students will spend six months in the field working in cybersecurity roles, such as the UO’s Cyber Security Operations Center (CSOC).

“We think this is going to bring up so many critical elements that they only see in practice,” Rejaie says, “either the concept or the techniques that they learned, bringing it all together to see the combination of those in action.”

That practical learning experience is crucial and can set students up for success after graduation, says José Domínguez, the UO’s chief information security officer, who works with a team of student workers at the UO cybersecurity center.

“Cybersecurity is one of those majors where hands-on learning is critical for student development,” Domínguez says. “By the time they graduate, students will have had the opportunity to work at one—or multiple—cybersecurity centers or work with some companies around town.”

The cybersecurity job market

A lot can change in the technology job market while a student is in college. But one thing that seems constant is the rising demand for trained cybersecurity workers.

From 2021 to 2031, the US Bureau of Labor Statistics estimates that information security analyst jobs are projected to grow by 35%. Current median wages are about $112,000 per year. Right now, there are more than half a million vacant cybersecurity jobs around the country and 5,442 in Oregon, according to the website CyberSeek.org, which tracks cybersecurity job vacancies.

“This is a lucrative and fulfilling career,” Domínguez says. “You’re working to protect a lot of people so they can keep their livelihoods.”

Matt Sayre is the executive director of the nonprofit Collaborative Economic Development Oregon, whose mission is to help create new, high-wage jobs in Lane County. Through this nonprofit, Sayre and his team work to support business recruitment in the area, workforce development, entrepreneurial support and more.

Although the past six months have seen large tech companies announce large layoffs, the demand for cybersecurity jobs remains, Sayre says. He sees cybersecurity as a safe investment for students, especially as cybercrime continues to threaten companies and governments around the world.

“Cloud infrastructure is growing, and more devices are being added to the internet every day, increasing the potential footprint for cyberattacks and cybercrime,” Sayre says. “Remote work is here to stay. There is no better time than now to be a Duck with a cybersecurity major!”

A future for cybersecurity at the UO

Developing a cybersecurity major is just the beginning. UO cybersecurity experts are also collaborating with Oregon State University and Portland State University through the newly formed Oregon Cybersecurity Center of Excellence to improve the state’s resilience to cyberattacks. 

Students in computer lab
Students in the cybersecurity program learn how to anticipate hackers, rather than simply react to them.

In addition to adding a cybersecurity master's and certificate program, Domínguez and Rejaie believe cybersecurity at the UO has the potential to grow into something bigger.

Domínguez envisions an interdisciplinary cybersecurity program that can collaborate across campus with the School of Law, School of Journalism and Communication, and College of Education. Rejaie is looking at approaches to using artificial intelligence and machine learning tools for cybersecurity, which could become a distinguishing feature of the major. 

“How can you train an AI or machine learning model to detect cyber threat events?” he says. “These are the things we have done research on, have some core competency on, and we want to package that into the training, maybe as a single course or more.”

As the cybersecurity major continues to grow—with plans to invite high school students and teachers to campus to introduce them to the field as well as create a cybersecurity club for students—the UO is positioned to become a hub for all things cybersecurity.

 —Henry Houston, MA ’17 (international studies) is a communications coordinator for the College of Arts and Sciences

Forming a Cybersecurity Fellowship

The University of Oregon kicked 2024 off with a bang. Portland State University, Oregon State University, and the UO announced the Oregon Cybersecurity Center of Excellence, which has the goal of improving the state’s resilience to cyberattacks.

The center, which will serve as an advisory body to the governor and state Legislature, also will help coordinate cybersecurity workforce development, education, awareness and training across the state, as well as focus on the unmet needs of regional and local government agencies, special districts, school districts and libraries.

In 2023, Gov. Tina Kotek signed House Bill 2049 into law, creating the center. State Rep. Nancy Nathanson of Eugene co-sponsored the bill along with state Sen. Aaron Woods.

“Cyberattacks hit public agencies, private businesses and individuals daily,” Nathanson says. “Malicious actors are demanding ransom payments in exchange for access to stolen data. Oregon school districts, cities and businesses aren't just vulnerable, they are being attacked.”

The UO’s new cybersecurity major, Rejaie says, is a direct contribution to the new center, which aims to increase the cybersecurity workforce. But getting the state of Oregon up to speed to prevent future cyberattacks requires everyone to be on board.

“An entire ecosystem needs to be built—a full-scale effort for public, private, and nonprofit sectors,” Rejaie says. “We have to encourage the development of Oregon’s cybersecurity workforce. We need education and training in science, technology, engineering, mathematics—we need career and technical education programs.”

The Cyber Threats We Face

Even the most vigilant internet users can fall prey to internet scams. 

One of the most common tactics hackers use is phishing. A phishing attempt can be something as simple as an email, perhaps from your employer claiming you’re receiving a 16% salary increase. Or it could be a text message from a bank saying there’s something wrong with your account and you have to log in.

“You provide your credentials, and by doing that you essentially let somebody into your account,” says Reza Rejaie, professor and head of the Department of Computer Science.

Another type of cyberthreat is a Trojan horse, named for its similarity to the fictional wooden horse used to sack the ancient Greek city of Troy. A user might download suspicious software, which installs a program and opens access for someone to run other programs on the computer and steal information like passwords.

But even those who know to never open an unknown email—the tech version of never talking to a stranger—can still be affected by hackers. Rejaie points to network security issues when someone breaks into a digital conversation between someone and, say their bank, and steals information that way.

—For more information on how to thwart phishing attempts and recent examples, visit PhishTank.uoregon.edu.