Building Robust Cybersecurity Training into Computer Science Curriculums
IEEE Computer Society Team
Share this on:
Given the prevalence and potency of cyberattacks, bolstering cybersecurity education isn’t just a matter of ensuring a comprehensive curriculum; it’s a matter of national security. By ensuring university students get the training they need to be cybersecurity specialists, the UK — and the rest of the world — can support the security of both private and public entities. This requires focusing on the following objectives.
Establishing Pedagogic Principles
The following pedagogic principles can help promote a comprehensive, effective curriculum:
Academic skills, including:
Psychology, which can help students identify and address social engineering attacks
Managerial skills, which help professionals support the initiatives outlined in the Cybersecurity Incident Response Plan (CIRP)
Technical skills, which are essential to detecting and mitigating attacks
Developing Effective Cybersecurity Teaching Practice
Teaching cybersecurity is unique because the stakes are far higher than in many other disciplines. Instructors can employ real-world case studies, guest lectures by industry specialists, and cybersecurity standards to ensure a tangible, useful curriculum.
By including teaching about the Payment Card Industry Data Security Standard (PCI DSS), curriculum designers can provide students with a broad foundation regarding various security issues and solutions impacting the credit and debit card industry.
In addition, instructors can teach from the perspective of attackers. This may include teaching students how to launch phishing attacks and other hacks. These skills can also equip students for careers in penetration testing.
Recruiting, Retaining, and Providing Professional Development to Faculty
A study by the Enterprise Security Group (ESG) revealed that 23% of respondents felt their organization suffered from a significant shortage of cybersecurity skills. The skills gap continues to widen, and the educational system is the perfect place to start filling in the holes. But this will require attracting and keeping the knowledgeable faculty, as well as ensuring they have the ongoing professional development they need to succeed.
Ensuring High-Quality Resources to Support Cybersecurity Education
The resources schools provide to students need to focus on providing knowledge and practice. This should involve a combination of the following:
Specific education regarding technical topics, such as cryptography
Laboratories, which require both physical- and cloud-based computing resources and knowledgeable staff
While establishing a laboratory, there may be concerns regarding how learners interact with the university’s network. For example, if you’ve established an off-premises, cloud-based lab, students learning how to think like attackers may have to send attack commands and files through the school’s network. This could violate some institutions’ cybersecurity policies, so consultation with administrators may be necessary.
Using Innovative Teaching
“Innovation,” in terms of cybersecurity teaching, needs to involve a combination of technical and soft skills — even though technical skills tend to get more attention than interpersonal abilities.
It’s also helpful to inspire potential cybersecurity students by offering cutting-edge offerings that appeal to their interests. This can be done using what is known as a “Masterclass,” which can be used to tie in cybersecurity issues with things students are already interested in or personally invested in, such as the design of computer systems and programming.
Discover How Cybersecurity Education Can Elevate University Education
Universities should require cybersecurity coursework in their computer science programs. However, curriculum designers and administrators must take a thoughtful approach to build and implementing these courses. By addressing the cybersecurity industry’s needs and students’ interests with effective instructors and resources, universities can play a pivotal role in closing the InfoSec skills gap.