In a recent review conducted by a research team led by Washington State University, it was discovered that cybersecurity programs across the country exhibit significant variability. The authors of the study emphasize the importance of collaboration between program leaders and professional societies to ensure that graduates are equipped with the necessary skills to meet the evolving demands of the industry. The lack of research on evaluating instructional approaches in cybersecurity education was identified as a key gap in the existing literature. Additionally, the authors suggest that programs could benefit from incorporating a wider range of educational and instructional tools and theories to enhance the quality of their curriculum.
Cybersecurity has emerged as a critical field of study due to the direct impact that compromised data or network infrastructure can have on individuals’ privacy, livelihoods, and safety. The dynamic nature of cyber threats requires cybersecurity professionals to stay agile and respond effectively to changing tactics employed by adversaries. As part of their study, the research team evaluated programs at 100 institutions in the U.S., designated as National Security Administration’s National Centers of Academic Excellence in Cybersecurity. These programs are required to adhere to NSA standards for educational content and quality.
The researchers found that while the NSA designation outlines specific requirements for cybersecurity content in curricula, there is substantial variation among the designated institutions in terms of program offerings. Some programs focus on bachelor’s degrees, while others provide certificates, associate degrees, minors, or concentration tracks. Certificates were identified as the most common type of program, predominantly housed within engineering, computer science, or technology departments. Industry professionals have expressed differing expectations in terms of skill levels compared to what program graduates possess.
The researchers hope that their findings will serve as a benchmark for comparing cybersecurity programs nationwide and guide efforts to align educational offerings with industry needs. Despite cybersecurity programs being relatively new, with the oldest programs only dating back about 25 years, there is a growing recognition of the need to evolve beyond traditional training for IT professionals or system administrators. As the field continues to rapidly evolve, there is a push for cybersecurity education to emphasize offensive strategies in cyber operations to adapt to the ever-changing landscape of threats.
The variability observed in cybersecurity programs across the U.S. underscores the need for greater standardization and collaboration within the field. By leveraging insights from interdisciplinary fields such as educational psychology and responding to industry demands, cybersecurity programs can better prepare graduates to navigate the complex challenges of cybersecurity in today’s digital landscape. It is essential for program leaders to continuously evaluate and update their curricula to ensure that students are equipped with the skills and knowledge needed to succeed in the rapidly evolving field of cybersecurity.