The Shocking Data Security Gap in Computer Science Education

Giving students and early start on computer science education with a focus on security is crucial. And high school is already too late, argues Project Lead the Way’s Vince Bertram.

The annual H-1B visa lottery for high-skilled non-immigrant foreign workers opened April 1, and within five business days, the number of applications eclipsed the 85,000 visas available for fiscal 2017.

The U.S. Citizenship and Immigration Services announced April 12 that it had received more than 236,000 applications for those temporary work visas, most of them for computer-related occupations. (Those who receive them will be determined by lottery.)

The disparity between supply and demand for the visas serves to underscore and perhaps to exacerbate the shortage of domestic specialists in the burgeoning field of data and network security.

Coincidentally, on the same day, April 7, that the number of H-1B applications reached that 85,000 figure, the IT security company CloudPassage released the findings of its study of cybersecurity education at undergraduate computer science programs at top U.S colleges and universities.

Disturbingly, not one of the top 10 computer science programs requires so much as a single cybersecurity course as a prerequisite for graduation, and just three of the top 50 U.S. computer science programs, as ranked by Business Insider, require majors to complete such a course.

Worse still, just one of the 121 schools examined in the CloudPassage study requires three or more cybersecurity classes to graduate. That would be the University of Alabama.

Another Alabama university, Tuskegee, tied with the Rochester Institute of Technology for the distinction of offering the most cybersecurity courses (10) — albeit as electives — closely followed by DePaul University in Chicago and the University of Maryland with nine and eight, respectively.

Our failure to engage students in modern data security challenges today will make it difficult to protect ourselves from hackers in the future.

“Cybersecurity should be a universal concentration option for computer science and information technology programs at the collegiate level,” Rep. Jim Langevin (D-RI), co-chairman of the 74-member Congressional Cybersecurity Caucus, told United Press International. “It is an important specialty, and one with tremendous growth potential.”

The scope of hacking and data breaches over the last few years is gravely disconcerting. A report by the Ponemon Institute in May 2014 asserted that hackers had exposed the personal information of some 110 million adult Americans and an incredible 432 million accounts in the prior 12 months alone.

If anything, the problem has only become more acute and sophisticated in the two years since. CBS’ 60 Minutes April 17 reported on how it recruited German hackers working for a computer-security research lab to demonstrate just how easy it is to hack into cell phones — and all the information stored in them.

As such, security is necessarily an increasingly important part of computer science education, and we need to be doing more to get American students interested in, and educated on, the subject.

“With more than 200,000 open cybersecurity jobs in 2015 in the U.S. alone and the number of threat surfaces exponentially increasing,” the CloudPassage study warned, “there’s a growing skills gap between the bad actors and the good guys.”

Security can no longer be treated by computer science education programs as an “add-on” after new products are brought to market, like an aftermarket stereo system on an automobile. It needs to be made a graduation requirement for all computer information technology degrees.

But we shouldn’t just be increasing data security offerings at the college level. We need to introduce students to these concepts even earlier in their schooling, because they typically decide early on what subjects they’re interested in and think they’re good at. High school is too late. We can’t expect that, if given the first opportunity to take computer science in grades 9-12, a student would elect into the subject and decide to pursue it as a major in college. It would be worse than expecting a student to pick up a musical instrument in high school after never having taken any kind of music class.

“We need to invest in cyber-education, and there’s no such thing as ‘too early’ when it comes to exposing our young people to [cybersecurity] and training them in this field,” said Rep. Langevin, a former member of the House Homeland Security Committee.

The alternative is that we’ll be faced with tens of thousands of unfilled data security jobs in the future, and we can’t afford to rely on H-1B visas — not all of which would be for data security specialists.

About the Author

Vince M. Bertram is president and CEO of Project Lead The Way and the author of the New York Times best-seller One Nation Under Taught: Solving America’s Science, Technology, Engineering and Math Crisis.