Despite at least two decades of high-profile security incidents and data breaches, a recently released study has found that U.S. universities are not stepping up their game when it comes to teaching cybersecurity as a discipline.
The study, conducted by security firm CloudPassage, found that none of the top 10 U.S. computer science programs (as ranked by U.S. News & World Report 2015) requires a single cybersecurity course for graduation.
Think about that for a moment. A student can graduate with a computer science degree from a top university without taking one class dedicated to cybersecurity.
Now, there’s much to be said of the view that security should be taught as part of every class and in each IT discipline. A class on programing, for instance, can include lessons on how to develop security. Same for a class on building databases, IoT devices and so on. Unfortunately, based on my conversations with recent grads, that’s not what’s going on.
The CloudPassage study found that only one of the top 36 U.S. computer science programs (University of Michigan) required a security course for graduation. Other findings included:
- Only three of Business Insiders’ top 50 U.S. computer science programs require a cybersecurity course for graduation: University of Michigan (ranked 11th), Brigham Young (48th) and Colorado State University (49th).
- Of the 121 universities studied, the following offer the highest number of elective courses on cybersecurity:
- Rochester Institute of Technology (10 security electives)
- Tuskegee University (10)
- DePaul University (9)
- University of Maryland (8)
- University of Houston (7)
- Pace University (6)
- California Polytechnic State University (5)
- Cornell University (5)
- Harvard University (5)
- Johns Hopkins University (5)
- Despite not being ranked on the U.S. News & World Report list, nor the Business Insider list, the University of Alabama is the only institution of 121 surveyed that requires three or more cybersecurity classes – three for an information systems degree and four for a computer science degree.
“Our research reinforces what many have been saying: There is an incredible IT security skills gap. But what we’ve revealed is that a major root cause is a lack of education and training at accredited schools,” said Robert Thomas, CEO of CloudPassage.
While good security is always best taught close to the subject matter, nothing beats stepping back and teaching future developers and computer scientists about security theory and application. The reason why is so obvious it’s painful to write: Our dependency on intelligent, networked devices only increases year after year, and keeping them safe is becoming a primary driver of business success.