Universities are expanding cybersecurity education to meet broad demand

Programs like San Diego State University's degree in cybersecurity management highlight a growing demand for interdisciplinary cybersecurity skills.

The cybersecurity needs of organizations are becoming more interdisciplinary and, according to experts, so are the educational programs that prepare students for careers in the emerging field.

“Cybersecurity is no longer just an IT issue,” said Scott Shackelford, director of Indiana University’s new cybersecurity clinic. “It’s just something that, frankly, everybody should know the basics about.”

By 2022, the global cybersecurity workforce shortage is projected to reach upwards of 1.8 million unfilled positions, according to a 2017 workforce report from the Center for Cyber Safety and Education. Although more traditional cybersecurity jobs, like security and threat management, make up a large chunk of the open jobs, there is also a talent shortage in various sub-disciplines within cybersecurity, Shackelford said, and educational programs are responding to this need, emphasizing a foundational knowledge of cybersecurity across curriculums.

The earliest opportunities to study cybersecurity, roughly a decade ago, were much more limited than they are now, said Rodney Petersen, director of the National Initiative for Cybersecurity Education. Concentrations and minors, primarily available to computer science and engineering majors, were how many institutions first approached cybersecurity education, “but that has certainly shifted now,” he said.


Today, programs such as San Diego State University’s new cybersecurity management master’s program, which focuses on producing security professionals with business training, are aimed at reaching a broader swath of students from various disciplines. “The workforce will benefit by preparing security professionals for a broader, more varied, and potentially more rewarding career path,” said Murray Jennex, the program’s faculty advisor.

“[SDSU’s] goal is to create professionals who can blend security and the business and thus make security an integral part of the business’s functions and processes,” he said.

In the past, security and business have been at odds with each other. “Security professionals want the organization to change to do better security and don’t understand the need to make money and the business doesn’t understand why the security professionals want them to do the security practices they are being asked to do,” Jennex said. “Simply stated, security works best when it is an integral part of the business process rather than something bolted on.”

Also aimed at creating a more interdisciplinary cybersecurity workforce, Indiana University’s new cybersecurity clinic encourages students from different disciplines, including business and law, to build a foundation of cybersecurity skills through hands-on experiences and collaboration. “There is a growing appetite for people that have a foundational [cybersecurity] skill set,” Shackelford said.

In that same vein, law schools, recognizing that many lawyers will begin practicing cyber law, are starting to offer degree concentrations in IT or cybersecurity, Petersen said. For those interested in cybersecurity advising or litigation, the American Bar Association recommends students take basic networking or cybersecurity courses or to obtain a certification, such as those offered by CompTIA, to demonstrate basic cybersecurity knowledge.


“Doctors and technicians and people building and developing medical devices need a grounding in cybersecurity as well,” Petersen said. A 2017 survey of U.S. physicians from the American Medical Association found that 83 percent of doctors have experienced some form of cyberattack, and more than half are “extremely” worried about future attacks.

“I think what we’re starting to see, whether it’s business, criminal justice, science, computer science or engineering, is the broad nature of cybersecurity and the need for a comprehensive set of skills across an organization,” he said. People in the policy world can round out their educations with an emphasis in cybersecurity just as somebody in law enforcement who might become a cybercrime investigator would benefit from having a foundational understanding of IT and security.

According to Shackelford, as more organizations recognize their need for cybersecurity and new jobs are created in the field, it is important for all cybersecurity programs to be as responsive to the need of industry as they can.

“My hope is that more and more folks are going to have that core foundational knowledge that is going to be useful across a whole range of disciplines whether they wind up being an insurance adjuster, a doctor — you name it.”

Betsy Foresman

Written by Betsy Foresman

Betsy Foresman was an education reporter for EdScoop from 2018 through early 2021, where she wrote about the virtues and challenges of innovative technology solutions used in higher education and K-12 spaces. Foresman also covered local government IT for StateScoop, on occasion. Foresman graduated from Texas Christian University in 2018 — go Frogs! — with a BA in journalism and psychology. During her senior year, she worked as an intern at the Center for Strategic and International Studies in Washington, D.C., and moved back to the capital after completing her degree because, like Shrek, she feels most at home in the swamp. Foresman previously worked at Scoop News Group as an editorial fellow.

Latest Podcasts