Cybersecurity Training For US Undergraduates Is Dismal

A recent study reveals dismal stats about cybersecurity education for undergraduates.

Cybercriminals are only getting better at what they do, which means the skills gap is growing between the people who hack and the people who stop them. And universities aren't catching up fast enough: A recent study reveals dismal stats about cybersecurity education for undergraduates.

The report from Cloud Passage revealed that out of the top 10 computer science programs in the US, not a single program requires a cybersecurity course to graduate. And on the list of Business Insider's top 50 computer science programs, only three schools out of the 50 require a cybersecurity course for graduation. Perhaps most surprisingly, out of the 122 schools reviewed, only one, the University of Alabama, requires three or more cybersecurity courses to graduate.

Using this data, CloudPassage assigned a grade to each university, and found that out of the top 50 schools on Business Insider's list, not a single university earned an A for its cybersecurity efforts and only three earned a B, beyond that, 11 universities earned a C, 28 earned a D and eight earned an F.

"There needs to be a fundamental shift in the cybersecurity paradigm; we must get to a point where every university requires computer science majors to complete cybersecurity training as a graduation requirement, so that the programmers and developers of the next generation have security front-of-mind when delivering products to market," says Thomas.

However, these stats illustrate that cybersecurity is still not a priority for most universities, even at schools with the top-rated computer science programs in the nation. Cybersecurity is quickly becoming a priority for organizations, so if students aren't graduating with the necessary education, the skills gap will only grow wider. 

However, it's not as if cybersecurity is completely lacking in undergraduate programs, most universities offer courses in cybersecurity, even if it's only one course, but most programs don't require students to take these courses in order to graduate. Rather, cybersecurity is viewed more as an elective, suggesting they expect students to enroll in the course if they see themselves getting into security after graduation. The reality of the situation is that security affects nearly every aspect of IT and technology at a company, and it's not just something the CSO needs to be worried about.

A growing need for cybersecurity professionals

Cybersecurity is a fast-growing field, which means the number of open positions will quickly outpace the number of qualified candidates entering the workforce. Peninsula Press, a division of the Stanford University Journalism Program, analyzed a 2015 Bureau of Labor Statistics report and found that there are more than 209,000 unfilled cybersecurity jobs in the US alone. The number will only increase. The Peninsula Press also found that in the past five years, listings for cybersecurity roles have jumped 74 percent and that the demand for this role by 2018 is projected to grow 53 percent.

The problem is centered around the fact that cybercriminals are only getting better at what they do each year, meaning the gap between the good guys and the bad guys just grows wider. "Cybercrime is on the rise and the types of attacks we're seeing are becoming more aggressive, sophisticated and dangerous. We've seen this in more frequent and more critical breaches, and there is a trajectory towards attacks on both critical infrastructures and high-profile individuals," says Thomas.

In a report from Cisco on the cybersecurity talent gap, "the sophistication of the technology and tactics used by criminals has outpaced the ability of IT and security professionals to address these threats." That's a dangerous reality, where we have more cybercriminals than cybersecurity professionals, especially with the vast amount of personal data we access and share on our devices.

Most people use their smartphones and computers to access banking accounts, healthcare information, save pictures and share personal data, not to mention the vast number of everyday objects that are now Wi-Fi enabled. It's certainly made life easier, but it's also made everyone more vulnerable to identity theft, hacking and having sensitive data exploited.

Universities are slow to change

It seems like a simple solution, why don't universities simply start offering more courses in cybersecurity? Unfortunately, the answer isn't that simple. It's not easy to alter a curriculum, especially when you have students who are far along in the program, with new students coming through the door every year.

One anonymous student at a California university spoke with Thomas and told him that "at my university, they [offer] a single elective cybersecurity-related course. I am an electrical engineering major, but I resolved to take this one, single course during my academic career." But in order to take this course, this student was required to declare a computer science minor and make changes to their course limit for graduation. They were told that if they "were truly interested in cybersecurity [they] would change their major from EE to computer science, because security isn't the purview of electrical engineers."

It's a dangerous attitude, considering security touches nearly every industry, especially with the advent of the Internet of Things, which aims to connect every device we use, according to Thomas. But instead of change their major, this student says they decided to pursue a cybersecurity education outside of their university, and went as far to create a campus student organization to provide students with an alternative if they want to learn more about cybersecurity without declaring a computer science minor.

"Curricula are not updated often enough (and in technology, the world is changing very rapidly), there may be politics, staffing difficulties, lack of budget, and so on. There are many factors at play in how programs are developed, but what we must focus on is how to enable universities to set up their students with the tools they need to be successful professionally. We are hoping that exposure of the problem and increased discussion will start the wheels turning in the right direction," Thomas says.
CIO: http://bit.ly/24fza7j

« US Cyber Bombs On ISIS Change The Nature Cyber War
Global Cyber Alliance To Tackle The Biggest Risks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

Digital DNA

Digital DNA

Digital DNA provides Law-Enforcement-Grade Computer Forensics, Cyber Security and E-Discovery Investigations.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

Certego

Certego

Certego is a company of the VEM Sistemi Group specialised in providing managed computer security services and to combat Cyber Crime.

Sumo Logic

Sumo Logic

Sumo Logic simplifies how you collect and analyze machine data so that you can gain deep visibility across your full application and infrastructure stack.

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

Surfshark

Surfshark

Surfshark is a cybersecurity company focused on developing humanized privacy & security protection solutions to secure people's digital lives.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

Technology Innovation Institute (TII)

Technology Innovation Institute (TII)

TII is a UAE-based research center that aims to lead global advances in AI, robotics, quantum computing, cryptography and secure communications and more.

Fortreum

Fortreum

Fortreum aim to simplify cybersecurity in the marketplace to accelerate your business outcomes.

nodeQ

nodeQ

At nodeQ, we are pioneering the future of computer networks, leveraging our deep expertise in quantum communication, artificial intelligence, and software-defined networking.

Cloudbrink

Cloudbrink

Cloudbrink is purpose-built to deliver the industry’s highest performance connectivity to remote and hybrid workers, anywhere in the world.

Bedrock Security

Bedrock Security

Bedrock Security is at the forefront of revolutionizing data security in the cloud and GenAI era.