cybersecurity education

U.S. Universities Get “F” For Cybersecurity Education

mitch bishop / 04.07.16

In recent remarks by Commerce Secretary Penny Pritzker at Montgomery College, she noted that there are an “estimated 210,000 open and unfilled cybersecurity jobs in the United States today.” This is a remarkable statistic, but not all that surprising since most CISOs tell us they are struggling with how to staff their organizations with qualified security folks.

As previously posted, there is indeed a skills gap that is growing larger every month between the good guys and the bad actors. Hackers and nation states are increasingly well organized, armed to the teeth and cooperating with each other. To close the gap, we must start addressing the dual critical needs of automation and training.

We were curious. How is the higher education system in the U.S. responding to the growing cybersecurity challenge? So we hired an independent consultant to canvas the top 122 computer and information science schools in the country and what they have to offer for cybersecurity education. Here’s what we found.

We analyzed undergraduate computer science, computer engineering, and computer information systems degree programs, looking for cybersecurity classes and whether these classes were required for graduation. We used three separate 2015 rankings to pull together our list: U.S. News and World Report’s Best Global Universities for Computer Science; Business Insider’s Top 50 best computer-science and engineering schools in America; and QS World University Rankings 2015 – Computer Science & Information.   

You can read about the study and our key findings in the CloudPassage news release, but the infographic below provides a quick visual overview of the results.

cybersecurity education infographic
U.S. Universities are failing to teach computer science students how to implement security thinking and  awareness into all new code design, development, and testing. Given the increasingly complex nature of today’s threat landscape, security can no longer be added on after new products and innovations are delivered to market. Cybersecurity training must be a graduation requirement for all computer and information science programs.