Designing cybersecurity curriculum: Exploring the need for industry certifications and experiential learning

Abstract

There is a need to assess the merit and utility of existing cybersecurity curricula. This paper seeks to take a deeper dive into the question of whether a college degree is necessary in the cybersecurity field with an exploration into some examples of US-based undergraduate and graduate cybersecurity degree programs. The authors review the industry standard IT security certifications and governing bodies to compare and contrast the domains and common bodies of knowledge across the various sponsoring organizations. The authors provide their recommendations for building and enhancing undergraduate cybersecurity curricula, in particular new programs should not be siloed within the computer science and information security departments. Faculty should intentionally look to include disciplines outside of the traditional areas of study such as business, psychology, and legal and ethical studies.