U.S. Universities Failing in Cybersecurity Education
Students can graduate from any one of the top 10 U.S. computer science programs without taking a single course on cybersecurity.
A new study from CloudPassage — a cloud security firm based in San Francisco — concludes that the American higher-education system is failing at preparing students for careers in cybersecurity.
CloudPassage hired a third party consultant to analyze computer science programs at 121 universities listed on three rankings which included U.S. News and World Report’s Best Global Universities for Computer Science, Business Insider’s Top 50 best computer-science and engineering schools in America, and QS World University Rankings 2015 – Computer Science & Information.
According to the findings, not one of the top 10 U.S. computer science programs (as ranked by the U.S. News & World Report in 2015) requires a single cybersecurity course for graduation. In fact, only one of the top 36 U.S. computer science programs requires a security course for graduation: the computer science program at University of Michigan.
“I wish I could say these results are shocking, but they’re not,” said Robert Thomas, CEO of CloudPassage. “With more than 200,000 open cybersecurity jobs in 2015 in the U.S. alone and the number of threat surfaces exponentially increasing, there’s a growing skills gap between the bad actors and the good guys. One way to close the gap is through automation, but we also need to train developers, at the very earliest stage of their education, to bake security into all new code. It’s not good enough to tack cybersecurity on as an afterthought anymore. This is especially true as more smart devices become Internet accessible and therefore potential avenues for threats.”
The survey found:
•None of the top 10 U.S. computer science programs require a cybersecurity course for graduation. In fact, three of the top 10 university programs don’t even offer an elective course in cybersecurity.
•University of Michigan (ranked 12th) is the only one of U.S. News & World Report’s top 36 U.S. computer science programs that requires a security course for graduation.
•Only three of Business Insiders’ top 50 U.S. computer science programs require a cybersecurity course for graduation: University of Michigan (ranked 11th), Brigham Young (ranked 48th), and Colorado State University (ranked 49th).
•Of the 121 universities studied, the following offer the highest number of elective courses on cybersecurity: ◦Rochester Institute of Technology (10 security electives)
◦Tuskegee University (10)
◦DePaul University (9)
◦University of Maryland (8)
◦University of Houston (7)
◦Pace University (6)
◦California Polytechnic State University (5)
◦Cornell University (5)
◦Harvard University (5)
◦Johns Hopkins University (5)
•Only one of the top five schools offering the most cybersecurity electives is ranked in the top 50 computer science programs in the U.S. (Business Insider): Rochester Institute of Technology.
•Despite not being ranked on the U.S. News & World Report list nor the Business Insider list, the University of Alabama is the only institution of the 121 studied to require three or more cybersecurity classes – three for an information systems degree and four for a computer science degree.
“Our research reinforces what many have been saying: there is an incredible IT security skills gap. But what we’ve revealed is that a major root cause is a lack of education and training at accredited schools,” said Thomas. “CloudPassage is prepared to donate technology to universities committed to tackling this important issue. Our hope is to forge deeper partnerships with these schools when they are ready to expand their curriculum, with the longer term goal to make security awareness and skills ubiquitous across all technology education programs.”