Cybersecurity Training For US Undergraduates Is Dismal

A recent study reveals dismal stats about cybersecurity education for undergraduates.

Cybercriminals are only getting better at what they do, which means the skills gap is growing between the people who hack and the people who stop them. And universities aren't catching up fast enough: A recent study reveals dismal stats about cybersecurity education for undergraduates.

The report from Cloud Passage revealed that out of the top 10 computer science programs in the US, not a single program requires a cybersecurity course to graduate. And on the list of Business Insider's top 50 computer science programs, only three schools out of the 50 require a cybersecurity course for graduation. Perhaps most surprisingly, out of the 122 schools reviewed, only one, the University of Alabama, requires three or more cybersecurity courses to graduate.

Using this data, CloudPassage assigned a grade to each university, and found that out of the top 50 schools on Business Insider's list, not a single university earned an A for its cybersecurity efforts and only three earned a B, beyond that, 11 universities earned a C, 28 earned a D and eight earned an F.

"There needs to be a fundamental shift in the cybersecurity paradigm; we must get to a point where every university requires computer science majors to complete cybersecurity training as a graduation requirement, so that the programmers and developers of the next generation have security front-of-mind when delivering products to market," says Thomas.

However, these stats illustrate that cybersecurity is still not a priority for most universities, even at schools with the top-rated computer science programs in the nation. Cybersecurity is quickly becoming a priority for organizations, so if students aren't graduating with the necessary education, the skills gap will only grow wider. 

However, it's not as if cybersecurity is completely lacking in undergraduate programs, most universities offer courses in cybersecurity, even if it's only one course, but most programs don't require students to take these courses in order to graduate. Rather, cybersecurity is viewed more as an elective, suggesting they expect students to enroll in the course if they see themselves getting into security after graduation. The reality of the situation is that security affects nearly every aspect of IT and technology at a company, and it's not just something the CSO needs to be worried about.

A growing need for cybersecurity professionals

Cybersecurity is a fast-growing field, which means the number of open positions will quickly outpace the number of qualified candidates entering the workforce. Peninsula Press, a division of the Stanford University Journalism Program, analyzed a 2015 Bureau of Labor Statistics report and found that there are more than 209,000 unfilled cybersecurity jobs in the US alone. The number will only increase. The Peninsula Press also found that in the past five years, listings for cybersecurity roles have jumped 74 percent and that the demand for this role by 2018 is projected to grow 53 percent.

The problem is centered around the fact that cybercriminals are only getting better at what they do each year, meaning the gap between the good guys and the bad guys just grows wider. "Cybercrime is on the rise and the types of attacks we're seeing are becoming more aggressive, sophisticated and dangerous. We've seen this in more frequent and more critical breaches, and there is a trajectory towards attacks on both critical infrastructures and high-profile individuals," says Thomas.

In a report from Cisco on the cybersecurity talent gap, "the sophistication of the technology and tactics used by criminals has outpaced the ability of IT and security professionals to address these threats." That's a dangerous reality, where we have more cybercriminals than cybersecurity professionals, especially with the vast amount of personal data we access and share on our devices.

Most people use their smartphones and computers to access banking accounts, healthcare information, save pictures and share personal data, not to mention the vast number of everyday objects that are now Wi-Fi enabled. It's certainly made life easier, but it's also made everyone more vulnerable to identity theft, hacking and having sensitive data exploited.

Universities are slow to change

It seems like a simple solution, why don't universities simply start offering more courses in cybersecurity? Unfortunately, the answer isn't that simple. It's not easy to alter a curriculum, especially when you have students who are far along in the program, with new students coming through the door every year.

One anonymous student at a California university spoke with Thomas and told him that "at my university, they [offer] a single elective cybersecurity-related course. I am an electrical engineering major, but I resolved to take this one, single course during my academic career." But in order to take this course, this student was required to declare a computer science minor and make changes to their course limit for graduation. They were told that if they "were truly interested in cybersecurity [they] would change their major from EE to computer science, because security isn't the purview of electrical engineers."

It's a dangerous attitude, considering security touches nearly every industry, especially with the advent of the Internet of Things, which aims to connect every device we use, according to Thomas. But instead of change their major, this student says they decided to pursue a cybersecurity education outside of their university, and went as far to create a campus student organization to provide students with an alternative if they want to learn more about cybersecurity without declaring a computer science minor.

"Curricula are not updated often enough (and in technology, the world is changing very rapidly), there may be politics, staffing difficulties, lack of budget, and so on. There are many factors at play in how programs are developed, but what we must focus on is how to enable universities to set up their students with the tools they need to be successful professionally. We are hoping that exposure of the problem and increased discussion will start the wheels turning in the right direction," Thomas says.
CIO: http://bit.ly/24fza7j

« US Cyber Bombs On ISIS Change The Nature Cyber War
Global Cyber Alliance To Tackle The Biggest Risks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

CRU

CRU

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

Steganos

Steganos

Steganos offers highly secure and easy to use software tools that protect and secure on and offline data.

Trustaira

Trustaira

Trustaira provides end-to-end advisory, protection and monitoring services and solutions are focused to protect our clients’ information, IT infrastructure, networks, applications and databases.

Clym

Clym

Clym is the data privacy platform that helps organisations meet their data protection obligations. Cookies, Consent, Requests, Policies and more are all managed in a secure and adaptive application.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

Wisetek

Wisetek

Wisetek is a global provider of end-to-end IT Asset Disposition (ITAD), reuse and secure data destruction management services to the world’s leading IT Corporations, data centres and manufacturers.