Cybersecurity Training For US Undergraduates Is Dismal

Uploaded on 2016-05-04 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

A recent study reveals dismal stats about cybersecurity education for undergraduates.

Cybercriminals are only getting better at what they do, which means the skills gap is growing between the people who hack and the people who stop them. And universities aren't catching up fast enough: A recent study reveals dismal stats about cybersecurity education for undergraduates.

The report from Cloud Passage revealed that out of the top 10 computer science programs in the US, not a single program requires a cybersecurity course to graduate. And on the list of Business Insider's top 50 computer science programs, only three schools out of the 50 require a cybersecurity course for graduation. Perhaps most surprisingly, out of the 122 schools reviewed, only one, the University of Alabama, requires three or more cybersecurity courses to graduate.

Using this data, CloudPassage assigned a grade to each university, and found that out of the top 50 schools on Business Insider's list, not a single university earned an A for its cybersecurity efforts and only three earned a B, beyond that, 11 universities earned a C, 28 earned a D and eight earned an F.

"There needs to be a fundamental shift in the cybersecurity paradigm; we must get to a point where every university requires computer science majors to complete cybersecurity training as a graduation requirement, so that the programmers and developers of the next generation have security front-of-mind when delivering products to market," says Thomas.

However, these stats illustrate that cybersecurity is still not a priority for most universities, even at schools with the top-rated computer science programs in the nation. Cybersecurity is quickly becoming a priority for organizations, so if students aren't graduating with the necessary education, the skills gap will only grow wider. 

However, it's not as if cybersecurity is completely lacking in undergraduate programs, most universities offer courses in cybersecurity, even if it's only one course, but most programs don't require students to take these courses in order to graduate. Rather, cybersecurity is viewed more as an elective, suggesting they expect students to enroll in the course if they see themselves getting into security after graduation. The reality of the situation is that security affects nearly every aspect of IT and technology at a company, and it's not just something the CSO needs to be worried about.

A growing need for cybersecurity professionals

Cybersecurity is a fast-growing field, which means the number of open positions will quickly outpace the number of qualified candidates entering the workforce. Peninsula Press, a division of the Stanford University Journalism Program, analyzed a 2015 Bureau of Labor Statistics report and found that there are more than 209,000 unfilled cybersecurity jobs in the US alone. The number will only increase. The Peninsula Press also found that in the past five years, listings for cybersecurity roles have jumped 74 percent and that the demand for this role by 2018 is projected to grow 53 percent.

The problem is centered around the fact that cybercriminals are only getting better at what they do each year, meaning the gap between the good guys and the bad guys just grows wider. "Cybercrime is on the rise and the types of attacks we're seeing are becoming more aggressive, sophisticated and dangerous. We've seen this in more frequent and more critical breaches, and there is a trajectory towards attacks on both critical infrastructures and high-profile individuals," says Thomas.

In a report from Cisco on the cybersecurity talent gap, "the sophistication of the technology and tactics used by criminals has outpaced the ability of IT and security professionals to address these threats." That's a dangerous reality, where we have more cybercriminals than cybersecurity professionals, especially with the vast amount of personal data we access and share on our devices.

Most people use their smartphones and computers to access banking accounts, healthcare information, save pictures and share personal data, not to mention the vast number of everyday objects that are now Wi-Fi enabled. It's certainly made life easier, but it's also made everyone more vulnerable to identity theft, hacking and having sensitive data exploited.

Universities are slow to change

It seems like a simple solution, why don't universities simply start offering more courses in cybersecurity? Unfortunately, the answer isn't that simple. It's not easy to alter a curriculum, especially when you have students who are far along in the program, with new students coming through the door every year.

One anonymous student at a California university spoke with Thomas and told him that "at my university, they [offer] a single elective cybersecurity-related course. I am an electrical engineering major, but I resolved to take this one, single course during my academic career." But in order to take this course, this student was required to declare a computer science minor and make changes to their course limit for graduation. They were told that if they "were truly interested in cybersecurity [they] would change their major from EE to computer science, because security isn't the purview of electrical engineers."

It's a dangerous attitude, considering security touches nearly every industry, especially with the advent of the Internet of Things, which aims to connect every device we use, according to Thomas. But instead of change their major, this student says they decided to pursue a cybersecurity education outside of their university, and went as far to create a campus student organization to provide students with an alternative if they want to learn more about cybersecurity without declaring a computer science minor.

"Curricula are not updated often enough (and in technology, the world is changing very rapidly), there may be politics, staffing difficulties, lack of budget, and so on. There are many factors at play in how programs are developed, but what we must focus on is how to enable universities to set up their students with the tools they need to be successful professionally. We are hoping that exposure of the problem and increased discussion will start the wheels turning in the right direction," Thomas says.
CIO: http://bit.ly/24fza7j

« US Cyber Bombs On ISIS Change The Nature Cyber War
Global Cyber Alliance To Tackle The Biggest Risks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LRQA Nettitude

LRQA Nettitude

LRQA Nettitude is an award-winning global provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace.

Backup112

Backup112

Backup112 has been delivering professional cloud backup services since 2004.

Indusface

Indusface

Indusface offers best website security, web application firewall and SSL certificate to keep your online business much safer.

X4 Technology

X4 Technology

X4 Technology is a leader in finding the very best technology talent for some of the world’s most innovative start-ups and globally recognised brands.

Smart Contract Security Alliance

Smart Contract Security Alliance

The Smart Contract Security Alliance supports the blockchain ecosystem by building standards for smart contract security and smart contract audits.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Atlant Security

Atlant Security

Atlant Security is a cyber and IT security company offering consulting and implementation services.

Avetta

Avetta

Avetta One is the industry’s largest Supply Chain Risk Management (SCRM) platform. It enables clients to manage supply chain risks and suppliers to prove the value of their business.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

Upstack

Upstack

UPSTACK - One partner, end-to-end expertise, helping develop the solutions you need – when you need them.

Cloudflare

Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

Acumenis

Acumenis

At Acumenis, we help organisations of all sizes to manage information security effectively. Our key services are penetration testing, ISO 27001 implementations, and security

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.