A newly-released set of cybersecurity curriculum recommendations aims to improve postsecondary cybersecurity education and produce graduates ready to fill alarming workforce gaps.
The new set of guidelines, Cybersecurity Education Curriculum (CSEC2017), is necessary to keep pace with the world’s growing dependence on cyber infrastructure, which spans everything from financial services and utilities to government systems and citizens’ personal information.
The recommendations are the product of a two-year joint task force led by the Association for Computing Machinery (ACM) and the IEEE Computer Society (IEEE-CS). The ACM identifies five primary computing disciplines as part of cybersecurity: computer engineering, computer science, information systems, information technology, and software engineering.
Government and non-government sources estimate that 1.8 million cybersecurity-related positions worldwide will go unfilled by the year 2022, prompting academic departments to launch initiatives that establish new cybersecurity degree programs or add cybersecurity education onto existing degree programs.
But part of the problem, academic experts say, is the field’s fledgling nature. Because it is a new and growing discipline, it offers great potential for those interested in holding cybersecurity jobs–but institutions’ approaches to cybersecurity education, and their very definition of the field, can vary widely.
(Next page: 8 cybersecurity education recommendations)
“The field of cybersecurity is in its formative stages,” says Diana Burley, the CSEC2017 Joint Task Force co-chair and a professor at The George Washington University. “Wonderful career opportunities exist for people who are interested in working in cybersecurity. At the same time, because it is a new discipline, the term ‘cybersecurity education’ has meant different things to different people. As a result, many students graduating from cybersecurity programs often lack the requisite knowledge and skills needed to fit within an industry or government environment.”
This means higher-ed professionals need a unified framework to help develop coursework and degree programs, and by bringing together computing educators and industry professionals, that unified framework emerged, she adds.
The guidelines have two goals: offering flexibility to let curricula be tailored to the type of institution (undergraduate, graduate, community college); and offering guidelines that encompass the broad range of specializations and occupations within cybersecurity, rather than a single program type.
These 8 guidelines can help ensure your institution's #cybersecurity program is on track
According to the report, each graduate of a cybersecurity education program of study should have a cybersecurity curriculum that includes:
● A computing-based foundation (e.g., computer science, information technology)
● Crosscutting concepts that are broadly applicable across the range of
cybersecurity specializations (e.g., cybersecurity’s inherent adversarial mindset)
● A body of knowledge containing essential cybersecurity knowledge and skills
● A direct relationship to the range of specializations meeting the in-demand workforce domains
● A strong emphasis on the ethical conduct and professional responsibilities
associated with the field
To help institutions produce graduates with the above skills, cybersecurity education programs should focus on 8 particular areas in their curriculum: Data security, software security, component security, connection security, system security, human security, organizational security, and societal security. The report recommends detailed skills and components within each broader area.
The key to addressing the growing need for cybersecurity professionals lies in learning from successful programs, adds Burley.
“We must leverage scalable initiatives like the CSEC2017 to accelerate cybersecurity workforce development. We have been overwhelmed by the positive response to the curricular guidelines and are eager to work with colleagues around the globe to implement the recommendations, strengthen the talent pipeline and close the growing gap between supply and demand,” she says.