Is your cybersecurity program on track?

Cybersecurity education can vary among institutions, but new curricula guidelines can help unify the emerging field

“The field of cybersecurity is in its formative stages,” says Diana Burley, the CSEC2017 Joint Task Force co-chair and a professor at The George Washington University. “Wonderful career opportunities exist for people who are interested in working in cybersecurity. At the same time, because it is a new discipline, the term ‘cybersecurity education’ has meant different things to different people. As a result, many students graduating from cybersecurity programs often lack the requisite knowledge and skills needed to fit within an industry or government environment.”

This means higher-ed professionals need a unified framework to help develop coursework and degree programs, and by bringing together computing educators and industry professionals, that unified framework emerged, she adds.

The guidelines have two goals: offering flexibility to let curricula be tailored to the type of institution (undergraduate, graduate, community college); and offering guidelines that encompass the broad range of specializations and occupations within cybersecurity, rather than a single program type.

According to the report, each graduate of a cybersecurity education program of study should have a cybersecurity curriculum that includes:
● A computing-based foundation (e.g., computer science, information technology)
● Crosscutting concepts that are broadly applicable across the range of
cybersecurity specializations (e.g., cybersecurity’s inherent adversarial mindset)
● A body of knowledge containing essential cybersecurity knowledge and skills
● A direct relationship to the range of specializations meeting the in-demand workforce domains
● A strong emphasis on the ethical conduct and professional responsibilities
associated with the field

To help institutions produce graduates with the above skills, cybersecurity education programs should focus on 8 particular areas in their curriculum: Data security, software security, component security, connection security, system security, human security, organizational security, and societal security. The report recommends detailed skills and components within each broader area.

The key to addressing the growing need for cybersecurity professionals lies in learning from successful programs, adds Burley.

“We must leverage scalable initiatives like the CSEC2017 to accelerate cybersecurity workforce development. We have been overwhelmed by the positive response to the curricular guidelines and are eager to work with colleagues around the globe to implement the recommendations, strengthen the talent pipeline and close the growing gap between supply and demand,” she says.

Laura Ascione