Researchers say cybersecurity education varies widely in the US

Cybersecurity programs vary widely by country, the study found. The authors argue that program leaders must collaborate with professional bodies to ensure that graduates are adequately trained to meet industry needs in rapidly changing fields.

In a review published as part of 55th ACM Computer Science Educational Technology Symposium Proceedings V.1, a Washington State University-led research team found there is a lack of research evaluating instructional approaches used to teach cybersecurity. The authors also argue that programs could benefit from increased use of pedagogical and instructional tools and theories.

“There is significant variation from school to school in how much cybersecurity content students need to take,” says co-author WSU School of Electrical Engineering and Computer Science Associate Professor and VICEROY Northwest Research. said Assefaw Gebremedhin, leader of the organization. Cybersecurity Education and Research (CySER).

“We found that the program could benefit from drawing on ideas from other fields that are evaluated a little more rigorously, such as educational psychology.”

Cybersecurity has become an increasingly important field of research, as breaches of data and network infrastructure can directly impact people's privacy, livelihoods, and safety. The researchers also noted that adversaries change tactics frequently, so cybersecurity professionals must be able to respond effectively.

As part of the study, researchers analyzed the programs of 100 institutions across the United States that are designated as National Academic Research Centers in Cybersecurity by the National Security Agency. To receive the designation, a program must meet NSA requirements for educational content and quality.

Researchers evaluated factors such as the number and type of programs offered, the number of credits focused on cybersecurity courses, the learning outcomes listed, and the list of professions available to graduates.

Although the NSA designation sets requirements regarding the amount of cybersecurity content included in the curriculum, center of excellence institutions vary widely in the types of programs they offer and the number of cybersecurity-specific courses they offer. It turns out. Half of the programs offered a bachelor's degree, and the others offered certificates, associate degrees, minor degrees, or concentrations.

The most common type of program offered was a certificate, and most programs were offered within engineering, computer science, or technology schools or departments. The researchers found that industry professionals had different expectations for skill levels than program graduates.

Researchers hope this study will serve as a benchmark for comparing programs across the country and a roadmap to better meet industry needs.

The oldest cybersecurity programs are only about 25 years old, Gebremedin said, but the programs have traditionally trained students to become information technology professionals and systems administrators.

“Cybersecurity is relatively new within computer science in terms of maturity and being a field as a standalone degree program,” Gebremedin said.

The workplace is also constantly changing.

“In cyber operations, you want to be aggressive,” he says. “If you're going to defend, you have to stay in front of your attackers, and if your attackers are going to keep changing, you've got to change faster.”