Everyone knows there is a severe shortage of cybersecurity professionals to go around, but as more people try to learn how to become an expert, it is apparent that not all training or programs are the same – as a matter of fact, they can vary dramatically.

To that end, a Washington State University-led research team found a shortage of research in evaluating the instructional approaches used to teach cybersecurity. Researchers also contend programs could benefit from increasing their use of educational and instructional tools and theories.

In addition, program leaders should work with professional societies to make sure graduates receive the proper training to meet industry needs in a fast-changing field.

Details on the review are in a paper in the Proceedings of the Association for Computing Machinery’s Technical Symposium on Computer Science Education.

Variation From School to School
“There is a huge variation from school to school on how much cybersecurity content is required for students to take,” said co-author Assefaw Gebremedhin, associate professor in the WSU School of Electrical Engineering and Computer Science and leader of the U.S. Department of Defense-funded VICEROY Northwest Institute for Cybersecurity Education and Research (CySER). “We found that programs could benefit from using ideas from other fields, such as educational psychology, in which there would be a little more rigorous evaluation.”

Schneider Bold

Cybersecurity is an increasingly important field of study because compromised data or network infrastructure can directly impact people’s privacy, livelihoods and safety. Researchers also noted adversaries change their tactics frequently, and cybersecurity professionals must be able to respond effectively.

As part of the study, the researchers analyzed programs at 100 institutions throughout the U.S. designated as a National Security Administration’s (NSA) National Center of Academic Excellence in Cybersecurity. To have the designation, the programs must meet the NSA requirements for educational content and quality.

The researchers assessed factors such as the number and type of programs offered, the number of credits focused on cybersecurity courses, listed learning outcomes and lists of professional jobs available for graduates.

They found while the NSA designation provides requirements for the amount of cybersecurity content included in curricula, the center of excellence institutions vary widely in the types of programs they offer and how many cybersecurity-specific courses they provide. Half of the programs offered bachelor’s degrees, while other programs offered certificates, associate degrees, minors or concentration tracks.

The most common type of program offered was a certificate, and most of the programs were housed within engineering, computer science, or technology schools or departments. The researchers found industry professionals had different expectations of skill levels from what graduates of the program have.

Benchmark to Compare Programs
The researchers hope the work will serve as a benchmark to compare programs across the U.S. and as a roadmap toward better meeting industry needs.

With funding from the state of Washington, WSU began offering a cybersecurity degree last year. The oldest cybersecurity programs are only about 25 years old, but programs have traditionally been training students to become information technology professionals or system administrators, Gebremedhin said.

“In terms of maturity, in being a discipline as a separate degree program, cybersecurity is relatively new, even for computer science,” Gebremedhin said.

The field is also constantly changing.

“In cyber operations, you want to be on offense,” he said. “If you are to defend, then you need to stay ahead of your attacker, and if they keep changing, you have to be changing at a faster rate.”

Click here to view the paper.


Pin It on Pinterest

Share This