CloudPassage Study Finds U.S. Universities Failing in Cybersecurity Education

CloudPassage today announced the results of a recent study analyzing cybersecurity education at undergraduate computer science and engineering programs at top American universities. According to the findings, not one of the top 10 U.S. computer science programs (as ranked by the U.S. News & World Report in 2015) requires a single cybersecurity course for graduation. In fact, only one of the top 36 U.S. computer science programs requires a security course for graduation: the computer science program at University of Michigan.

ÒI wish I could say these results are shocking, but theyÕre not,Ó said Robert Thomas, CEO of CloudPassage. ÒWith more than 200,000 open cybersecurity jobs in 2015 in the U.S. alone and the number of threat surfaces exponentially increasing, thereÕs a growing skills gap between the bad actors and the good guys. One way to close the gap is through automation, but we also need to train developers, at the very earliest stage of their education, to bake security into all new code. ItÕs not good enough to tack cybersecurity on as an afterthought anymore. This is especially true as more smart devices become Internet accessible and therefore potential avenues for threats.Ó

Key Findings

• None of the top 10 U.S. computer science programs require a cybersecurity course for graduation. In fact, three of the top 10 university programs donÕt even offer an elective course in cybersecurity.
• University of Michigan (ranked 12th) is the only one of U.S. News & World ReportÕs top 36 U.S. computer science programs that requires a security course for graduation.
• Only three of Business InsidersÕ top 50 U.S. computer science programs require a cybersecurity course for graduation: University of Michigan (ranked 11th), Brigham Young (ranked 48th), and Colorado State University (ranked 49th).
• Of the 121 universities studied, the following offer the highest number of elective courses on cybersecurity:
  • Rochester Institute of Technology (10 security electives)
  • Tuskegee University (10)
  • DePaul University (9)
  • University of Maryland (8)
  • University of Houston (7)
  • Pace University (6)
  • California Polytechnic State University (5)
  • Cornell University (5)
  • Harvard University (5)
  • Johns Hopkins University (5)
• Only one of the top five schools offering the most cybersecurity electives is ranked in the top 50 computer science programs in the U.S. (Business Insider): Rochester Institute of Technology.
• Despite not being ranked on the U.S. News & World Report list nor the Business Insider list, the University of Alabama is the only institution of the 121 studied to require three or more cybersecurity classes Ð three foran information systems degree and four for a computer science degree.

Study Analysis

The American education system is failing computer science students by deprioritizing cybersecurity training. Universities are inadvertently contributing to the lack of cybersecurity readiness in the U.S. by failing to teach students how to implement security thinking and awareness into all new code design, development, and testing. Given the increasingly complex nature of todayÕs threat landscape, security can no longer be added on after new products and innovations are delivered to market. Cybersecurity training must be a graduation requirement for all computer science programs.

Cybersecurity Education – A Starting Point

“Our research reinforces what many have been saying: there is an incredible IT security skills gap. But what we’ve revealed is that a major root cause is a lack of education and training at accredited schools,Ó said Thomas. ÒCloudPassage is prepared to donate technology to universities committed to tackling this important issue. Our hope is to forge deeper partnerships with these schools when they are ready to expand their curriculum, with the longer term goal to make security awareness and skills ubiquitous across all technology education programs.”

Study Methodology

CloudPassage hired an independent consultant to analyze undergraduate computer science, computer engineering and computer information systems degree programs from top-ranked U.S. universities. The 121 university programs reviewed were pulled from three separate 2015 rankings: U.S. News and World ReportÕs Best Global Universities for Computer Science, Business InsiderÕs Top 50 best computer-science and engineering schools in America, and QS World University Rankings 2015 – Computer Science & Information.

About Fidelis Cybersecurity

Fidelis Cybersecurity combats the full spectrum of cyber-crime, data theft and espionage. A leading provider of threat detection, hunting and response solutions, Fidelis provides full visibility across hybrid environments, automates threat and data theft detection, empowers threat hunting, and optimizes incident response with context, speed and accuracy. Fidelis is trusted by Global 1000s and Governments as their last line of defense.

The Fidelis Elevate® platform captures rich metadata from across the threat landscape and combines that content to enable real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment.

For more information go to www.fidelissecurity.com. Fidelis Cybersecurity is a portfolio company of Skyview Capital.