BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Top U.S. Computer Science Undergrad Programs Flunk Cybersecurity

This article is more than 7 years old.

Students can graduate from any one of the top 10 U.S. computer science programs without taking a single course on cybersecurity.

A new study out from CloudPassage -- a cloud security firm based in San Francisco -- concludes that the American higher-education system is failing at preparing students for careers in cybersecurity.

CloudPassage hired a third party consultant to analyze computer science programs at 121 universities listed on three rankings which included U.S. News and World Report’s Best Global Universities for Computer Science, Business Insider’s Top 50 best computer-science and engineering schools in America, and QS World University Rankings 2015 – Computer Science & Information.

The University of Michigan (ranked #12 on the U.S. News & World Report’s list) is the only program in the top 36 which requires a cybersecurity course for graduation.

“Our research reinforces what many have been saying: there is an incredible IT security skills gap" said Robert Thomas, CEO at CloudPassage. "But what we’ve revealed is that a major root cause is a lack of education and training at accredited schools” added Thomas.

The historic failure at training computer science grads on cybersecurity may be related to vulnerabilities in today's software code at U.S. corporations and government agencies. The U.S. Department of Homeland Security (DHS) states that 90% of security incidents result from exploits against defects in software. That means programmers have not baked security into the applications they've written. The SANS Institute 2015 State of Application Security Report reinforces this point and states that most software developers don’t understand security."

Frank Zinghini, founder and CEO at Applied Visions, Inc. (AVI) -- a 40-person secure software development firm headquartered on Long Island, N.Y. -- has been recruiting young programmers fresh out of college for more than two decades. He says developers need to think like (cyber) attackers and focus attention on securing the code they are writing -- because security is just as critical to building software as safety is to building airplanes.

The CloudPassage study rightly asserts "Cybersecurity training must be a graduation requirement for all computer science programs."

Visit SteveOnCyber.com to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF or connect with me on LinkedIn. Send story tips, feedback, and suggestions to me here.