Cybersecurity Training For US Undergraduates Is Dismal

A recent study reveals dismal stats about cybersecurity education for undergraduates.

Cybercriminals are only getting better at what they do, which means the skills gap is growing between the people who hack and the people who stop them. And universities aren't catching up fast enough: A recent study reveals dismal stats about cybersecurity education for undergraduates.

The report from Cloud Passage revealed that out of the top 10 computer science programs in the US, not a single program requires a cybersecurity course to graduate. And on the list of Business Insider's top 50 computer science programs, only three schools out of the 50 require a cybersecurity course for graduation. Perhaps most surprisingly, out of the 122 schools reviewed, only one, the University of Alabama, requires three or more cybersecurity courses to graduate.

Using this data, CloudPassage assigned a grade to each university, and found that out of the top 50 schools on Business Insider's list, not a single university earned an A for its cybersecurity efforts and only three earned a B, beyond that, 11 universities earned a C, 28 earned a D and eight earned an F.

"There needs to be a fundamental shift in the cybersecurity paradigm; we must get to a point where every university requires computer science majors to complete cybersecurity training as a graduation requirement, so that the programmers and developers of the next generation have security front-of-mind when delivering products to market," says Thomas.

However, these stats illustrate that cybersecurity is still not a priority for most universities, even at schools with the top-rated computer science programs in the nation. Cybersecurity is quickly becoming a priority for organizations, so if students aren't graduating with the necessary education, the skills gap will only grow wider. 

However, it's not as if cybersecurity is completely lacking in undergraduate programs, most universities offer courses in cybersecurity, even if it's only one course, but most programs don't require students to take these courses in order to graduate. Rather, cybersecurity is viewed more as an elective, suggesting they expect students to enroll in the course if they see themselves getting into security after graduation. The reality of the situation is that security affects nearly every aspect of IT and technology at a company, and it's not just something the CSO needs to be worried about.

A growing need for cybersecurity professionals

Cybersecurity is a fast-growing field, which means the number of open positions will quickly outpace the number of qualified candidates entering the workforce. Peninsula Press, a division of the Stanford University Journalism Program, analyzed a 2015 Bureau of Labor Statistics report and found that there are more than 209,000 unfilled cybersecurity jobs in the US alone. The number will only increase. The Peninsula Press also found that in the past five years, listings for cybersecurity roles have jumped 74 percent and that the demand for this role by 2018 is projected to grow 53 percent.

The problem is centered around the fact that cybercriminals are only getting better at what they do each year, meaning the gap between the good guys and the bad guys just grows wider. "Cybercrime is on the rise and the types of attacks we're seeing are becoming more aggressive, sophisticated and dangerous. We've seen this in more frequent and more critical breaches, and there is a trajectory towards attacks on both critical infrastructures and high-profile individuals," says Thomas.

In a report from Cisco on the cybersecurity talent gap, "the sophistication of the technology and tactics used by criminals has outpaced the ability of IT and security professionals to address these threats." That's a dangerous reality, where we have more cybercriminals than cybersecurity professionals, especially with the vast amount of personal data we access and share on our devices.

Most people use their smartphones and computers to access banking accounts, healthcare information, save pictures and share personal data, not to mention the vast number of everyday objects that are now Wi-Fi enabled. It's certainly made life easier, but it's also made everyone more vulnerable to identity theft, hacking and having sensitive data exploited.

Universities are slow to change

It seems like a simple solution, why don't universities simply start offering more courses in cybersecurity? Unfortunately, the answer isn't that simple. It's not easy to alter a curriculum, especially when you have students who are far along in the program, with new students coming through the door every year.

One anonymous student at a California university spoke with Thomas and told him that "at my university, they [offer] a single elective cybersecurity-related course. I am an electrical engineering major, but I resolved to take this one, single course during my academic career." But in order to take this course, this student was required to declare a computer science minor and make changes to their course limit for graduation. They were told that if they "were truly interested in cybersecurity [they] would change their major from EE to computer science, because security isn't the purview of electrical engineers."

It's a dangerous attitude, considering security touches nearly every industry, especially with the advent of the Internet of Things, which aims to connect every device we use, according to Thomas. But instead of change their major, this student says they decided to pursue a cybersecurity education outside of their university, and went as far to create a campus student organization to provide students with an alternative if they want to learn more about cybersecurity without declaring a computer science minor.

"Curricula are not updated often enough (and in technology, the world is changing very rapidly), there may be politics, staffing difficulties, lack of budget, and so on. There are many factors at play in how programs are developed, but what we must focus on is how to enable universities to set up their students with the tools they need to be successful professionally. We are hoping that exposure of the problem and increased discussion will start the wheels turning in the right direction," Thomas says.
CIO: http://bit.ly/24fza7j

« US Cyber Bombs On ISIS Change The Nature Cyber War
Global Cyber Alliance To Tackle The Biggest Risks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Security Weekly

Security Weekly

Security Weekly provides free content within the subject areas of IT security news, vulnerabilities, hacking, and research.

Duo Security

Duo Security

Duo combines security expertise with a user-centered philosophy to provide two-factor authentication, endpoint remediation and secure single sign-on tools.

Relution

Relution

Relution is the Unified Endpoint Management platform for innovative companies and educational institutions. It enables you to manage your mobile apps and devices easily and securely.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

Dell Technologies Capital

Dell Technologies Capital

At Dell Technologies Capital we lead investment in disruptive, early-stage startups in enterprise and cloud infrastructure.

Cyber Polygon

Cyber Polygon

Cyber Polygon is an annual online exercise which connects various global organisations to train their competencies and exchange best practices.

Rhino Security Labs

Rhino Security Labs

Rhino Security Labs is a top penetration testing and security assessment firm, with a focus on cloud pentesting, network pentesting, web application pentesting, and phishing.

SLVA Cybersecurity

SLVA Cybersecurity

SLVA Cybersecurity excel at delivering security-as-a-service, fit-for-purpose, within the constraints of realistic budgets and business expectations.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

Smile Identity

Smile Identity

Smile Identity helps businesses confirm the true identity of their users in real-time using any smartphone or computer.

Sirti

Sirti

Sirti is Italy's leading technology company in the design and production of network infrastructures and telecoms system integration.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.

Smarsh

Smarsh

Smarsh products are designed for user-friendly, efficient compliance. From archiving, supervision, and discovery to cybersecurity – Smarsh has you covered.

MergeBase

MergeBase

Reduce software supply chain risk with MergeBase proven Software Composition Analysis (SCA).

Couno

Couno

Couno is a trusted provider of IT support services throughout the UK and Europe.