Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/7/2016
11:00 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Top US Undergraduate Computer Science Programs Skip Cybersecurity Classes

New study reveals that none of the top 10 US university computer science and engineering program degrees requires students take a cybersecurity course.

There’s the cybersecurity skills gap, but a new study shows there’s also a major cybersecurity education gap -- in the top US undergraduate computer science and engineering programs.

An analysis of the top 121 US university computer science and engineering programs found that none of the top 10 requires students take a cybersecurity class for their degree in computer science, and three of the top 10 don’t offer any cybersecurity courses at all. The higher-education gap in cybersecurity comes amid the backdrop of some 200,000 unfilled IT security jobs in the US, and an increasing sense of urgency for organizations to hire security talent as cybercrime and cyber espionage threats escalate.

Robert Thomas, CEO of CloudPassage, whose company conducted the study, says the security gap in traditional computer science programs is worrisome, albeit not too surprising. “The results were pretty profound,” Thomas says. “When we tested the top universities’ computer science degrees, it was disturbing to find that very few require any kind of cybersecurity [instruction] as part of the curriculum to graduate” with a computer science degree, he says.

With IT security departments scrambling to fill positions, Thomas says CloudPassage wanted to gauge how universities are preparing computer science graduates for the cybersecurity job market. “Universities have a responsibility to start moving ... to [address] bigger problems in security,” he says.

Graduate-level cybersecurity programs are emerging, such as those of Carnegie Mellon, the University of Maryland-Baltimore County, and the University of South Florida, but the study was focused on undergrad computer science programs and their integration with cybersecurity. The universities in the study were based on rankings from US News & World Report, Business Insider, and QS World of the top schools in the field.

The University of Michigan, which is ranked 12th among US computer science programs by US News & World Report, is the only university in the top 36 that requires computer science students take a cybersecurity course, CloudPassage’s study found. Among the top 10, there are three universities that don’t offer cybersecurity courses as electives, either.

Michigan (#11 in Business Insider’s Top 50 US computer science schools), Brigham Young (#48 in that rankings list), and Colorado State (#49), are the only top comp sci programs that require at least one cybersecurity class for a degree.

Among the universities in the study offering the most cybersecurity electives in their computer science programs are Rochester Institute of Technology (10 security elective courses) which is in the top 50 of Business Insider’s list; Tuskegee University (10); DePaul University (9); University of Maryland (8); University of Houston (7); Pace University (6); California Polytechnic State University (5); Cornell University (5); Harvard University (5); and Johns Hopkins University (5).

Meanwhile, the University of Alabama, which is not ranked in either the US News & World Report nor Business Insider as a top comp sci program, was the only university that requires three or more cybersecurity courses, the study found.

A lack of awareness about cybersecurity among college-age students is another element of the education-gap equation. A recent study by Raytheon and the National Cyber Security Alliance found that millennials worldwide just aren’t entering the cybersecurity field, mainly due to lack of awareness of just what security careers entail. Half of women ages 18- to 26 say they don’t have cybersecurity programs and activities available to them, and 40% of men in that age bracket say the same. Nearly half of millennial men aren’t aware of what cybersecurity jobs entail.

ISC2, a nonprofit that offers cybersecurity certifications, has tracked the lack of higher-education programs in cybersecurity. Over the past two years, ISC2 via its International Academic Program has offered cybersecurity classroom materials and other services for colleges to use in their curriculum, as well as for faculty training. The goal of the program is to beef up cybersecurity content in the curriculum.

“If you look across the total number of colleges, a very small percentage have a cybersecurity curriculum,” says David Shearer, CEO of ISC2. “Many have not had the money or time or skills to develop cybersecurity programs.”

Shearer says ISC2 is working to fill those gaps with its academic outreach program. “If there’s not a formal education for kids once they get to universities, we [the US] haven’t accomplished a whole lot,” he says.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

 

 

Awareness Gap

Aside from the top computer science programs not offering or requiring cybersecurity courses, many computer science graduates just aren’t aware of the opportunities in the cybersecurity field. Many are drawn to computer science because they’re interested in writing new applications to solve problems in their areas of interest. Coding is considered “cool,” security experts say, while security is seen as a hindrance to application development, for example.

ISC2’s Shearer says cybersecurity gets a bad rap sometimes in application development, and security is seen as mainly about strong passwords and patches, for instance. “They don’t see it as exciting, intriguing work, but they should,” he says. "With greater awareness and education in this area [cybersecurity], today's youth could see things like hacking as an interesting area they'd want to learn about."

CloudPassage, meanwhile, also is reaching out to universities: it announced today that it will offer free CloudPassage Halo security-as-a-service platform accounts to US computer science programs as well as instructional templates, tutorials, and support. “They can use our infrastructure and products as an illustration, to get some experience,” CloudPassage’s Thomas says.

Related Content:

 

 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...