Data Security

The Shocking Data Security Gap in Computer Science Education

Giving students an early start on computer science education with a focus on security is crucial. And high school is already too late, argues Project Lead the Way’s Vince Bertram.

• By Vince M. Bertram, Ed.D.
• 05/12/16

There is a disturbing trend in computer science education today: Not one of the top 10 computer science programs in the U.S. requires so much as a single cybersecurity course as a prerequisite for graduation, and just three of the top 50 computer science programs, as ranked by Business Insider, require majors to complete such a course.

Worse still, out of the 121 schools examined in a recent CloudPassage study, just one — the University of Alabama — requires three or more cybersecurity classes to graduate. The IT security company surveyed cybersecurity education at undergraduate computer science programs at top colleges and universities across the U.S.

Another Alabama university, Tuskegee, tied with the Rochester Institute of Technology for the distinction of offering the most cybersecurity courses (10) — albeit as electives — closely followed by DePaul University in Chicago and the University of Maryland with nine and eight, respectively.

Our failure to engage students in modern data security challenges today will make it difficult to protect ourselves from hackers in the future.

"Cybersecurity should be a universal concentration option for computer science and information technology programs at the collegiate level," Rep. Jim Langevin (D-RI), co-chairman of the 74-member Congressional Cybersecurity Caucus, told United Press International. "It is an important specialty, and one with tremendous growth potential."

The scope of hacking and data breaches over the last few years is gravely disconcerting. A report by the Ponemon Institute in May 2014 asserted that hackers had exposed the personal information of some 110 million adult Americans and an incredible 432 million accounts in the prior 12 months alone.

If anything, the problem has only become more acute and sophisticated in the two years since. CBS' 60 Minutes April 17 reported on how it recruited German hackers working for a computer security research lab to demonstrate just how easy it is to hack into cell phones — and all the information stored in them.

As such, security is necessarily an increasingly important part of computer science education, and we need to be doing more to get American students interested in, and educated on, the subject.

"With more than 200,000 open cybersecurity jobs in 2015 in the U.S. alone and the number of threat surfaces exponentially increasing," the CloudPassage study warned, "there's a growing skills gap between the bad actors and the good guys."

Security can no longer be treated by computer science education programs as an "add-on" after new products are brought to market, like an aftermarket stereo system on an automobile. It needs to be made a graduation requirement for all computer information technology degrees.

But we shouldn't just be increasing cybersecurity offerings at the college level. We need to introduce students to these concepts even earlier in their schooling, because they typically decide early on what subjects they're interested in and think they're good at. High school is too late. We can't expect that, if given his or her first opportunity to take computer science in grades 9-12, a student would elect into the subject and decide to pursue it as a major in college. It would be worse than expecting a student to pick up a musical instrument in high school after never having taken any kind of music class.

"We need to invest in cyber-education, and there's no such thing as 'too early' when it comes to exposing our young people to [cybersecurity] and training them in this field," said Rep. Langevin, a former member of the House Homeland Security Committee.

The alternative is that we'll be faced with tens of thousands of unfilled cybersecurity jobs in the future.