CloudPassage released a report today slamming the U.S. university system for failing to give cybersecurity a higher profile in its computer science and engineering programs.
CloudPassage found that not one of the top 10 computer science programs in the country, as listed by U.S. News & World Report in 2015, require a single cybersecurity course in order to graduate. Of the top 36 programs only University of Michigan, which is ranked 12th, has such a requirement.
“With more than 200,000 open cybersecurity jobs in 2015 in the U.S. alone and the number of threat surfaces exponentially increasing, there’s a growing skills gap between the bad actors and the good guys,” said Robert Thomas, CEO of CloudPassage, told SCMagazine.com in an emailed statement.
Thomas cited several reasons why cybersecurity is not getting its fair share of university and graduate students. The first issue is cybersecurity has become a specialty with students only focusing on this topic when they look to obtain a masters degree or post graduate certification, but not enough grads are doing so. The reason why might be hard for schools and the industry to overcome.
“Frankly, cybersecurity isn’t perceived the same way as building flashy apps. Demand for people with undergraduate CS or IS degrees is off the charts, so it’s easy to see why many prefer to start working, earning money and building a career that way,” he said.
The situation is so bad the report said that only one of the 121 schools the report studied, the University of Alabama, required three or more cybersecurity classes to graduate.
“Perhaps more surprising is that none of the top 10 U.S. computer science programs we looked at require a cybersecurity course for graduation,” he said.
However, David Brumley, director of the Carnegie Mellon Security and Privacy Institute, said his institution does take cybersecurity seriously and offers many courses.
“Carnegie Mellon University is proud to offer 50+ courses in cybersecurity and privacy. And that’s not counting security concepts taught in modules in courses such as computer systems, networking, compilers, imperative programming, and others. CMU believes security is fundamental, and has created an entire University-level institute called CyLab to bring together end-to-end expertise to help solve todays security and privacy challenges,” Brumley said in an email to SCMagzine.com.
Updated to include a comment from David Brumley.