• United States




Cyber security curriculum across all disciplines

Jun 08, 20164 mins
CareersIT JobsIT Leadership

Teaching cyber outside of computer science programs will enhance security

Credit: Thinkstock

While many universities see value in integrating cybersecurity education into computer science programs, there has been less thought about the importance of using these lessons in other curriculum such as engineering, business, or even marketing programs.

If cybersecurity is every employee’s issue — not just the IT department — how do universities prepare all students to be able to apply cybersecurity skills to their next position? Whether they are marketing associates or software engineers, what they do in the digital enterprise either directly or indirectly impacts enterprise security.

EY’s Chad Holmes, principal and cybersecurity leader, talked about the importance of developing cyber talent that can hit the ground running in all industries from transportation and manufacturing to healthcare and human resources.

There is a responsibility beyond IT for organizations to be able to respond to a data breach. And while universities are taking steps toward bringing technical security components to the classroom, cybersecurity application also needs to be taught—across all disciplines. 

“When I work with universities across the spectrum, there are innovative ways that they are looking at solving this problem,” said Holmes. While there are universities the world over developing advanced degrees in cybersecurity, fewer are as focused on cyber at the undergrad level, and even fewer schools in the K-12 sector are developing curriculum to drive awareness about the security risks of online behavior.

“Starts earlier,” said Holmes, “with six to 12 year olds. There needs to be more discussion about how to educate kids around this area.”

[ ALSO: 7 ways employers can ensure new graduates aren’t compromising their networks ]

What might be a formidable obstacle for the cybersecurity industry is re-branding itself as an industry that does more than search for malicious actors or deal with privacy concerns. “That brand issue is driving some of the young folks away from exploring this field,” said Holmes. 

Though, the brand of cybersecurity has morphed in a lot of different ways, said Holmes. “It was tracking down malicious actors and had sites that had negative malicious content, but now it is more about solving community and world problems.”

I thought about Baymax and the theme song to Big Hero 6, “We could be heroes.”

Anybody’s got the power They don’t see it cause they don’t understand Spin around and round for hours You and me, we got the world in our hands

If you haven’t seen this Disney animation film, it’s an adorable tale of Hiro, a robotics genius, who joins forces with his brother’s university cohorts to fight the bad guy. These talented students in the robotics program at San Fransokyo Institute of Technology are incredibly innovative, even working on teleportation technologies, when they are called upon to track and bring down a malicious actor.

The point is, as technology evolves, so too will the risks to the digital enterprise which means that the talent must become more broad. Holmes said, “Re-branding cybersecurity means focusing on business risk as it relates to stock holder value. How does cyber help beyond just chasing malware. The industry is moving more toward global problem resolution.”

Fundamentally if you are covering cyber across multiple domains, you are exploring how to address security issues at every level. “Universities that adopt cyber classes into their core curriculum whether it’s business or finance are preparing students with a fundamental understanding of how security impacts business risk,” Holmes said.

By way of example, Holmes talked about an area of business risk that has become more pronounced now: marketing. “Whether it’s consumer products or a new product line, marketing campaigns, or publicity around a product. When teams release campaigns associated with marketing, they need to be thinking about how it will have a negative impact across the cyber landscape,” he said.

Following the entire security life cycle from the early stages of learning will create a broader scope of folks who have a more focused understanding of the ways cyber impacts every aspect of the business.

In order to accomplish this goal, more academic institutions need to work in partnership with enterprises to understand the learning curves around security so that information about the threat landscape can be delivered in context.


Kacy Zurkus is a freelance writer for CSO and has contributed to several other publications including The Parallax, and K12 Tech Decisions. She covers a variety of security and risk topics as well as technology in education, privacy and dating. She has also self-published a memoir, Finding My Way Home: A Memoir about Life, Love, and Family under the pseudonym "C.K. O'Neil."

Zurkus has nearly 20 years experience as a high school teacher on English and holds an MFA in Creative Writing from Lesley University (2011). She earned a Master's in Education from University of Massachusetts (1999) and a BA in English from Regis College (1996). Recently, The University of Southern California invited Zurkus to give a guest lecture on social engineering.

The opinions expressed in this blog are those of Kacy Zurkus and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author