Security is hard, but security education may be harder. Few academic institutions have the skills or resources to dedicate solely to security education. Rather, most security programs in higher education have grown out of or have been welded on to other technology programs. The resulting fractured educational ecosystem has created a disparity in the skill sets of graduating students and has made it challenging to develop standards to ensure consistency across educational programs. This talk will take a look at how security curricula have traditionally been developed and continued to be shaped by a variety of forces. We will examine some of the proposed solutions for accrediting programs and analyze their strengths and weaknesses. Subsequently, we will try to determine which type of student each model is designed to produce and provide our own recommendations about how to standardize security education.
Chaim Sanders is a professional security researcher, lecturer, and tall person. When he is not busy being overly cynical about the state of computing security, he teaches for the computing security department at the Rochester Institute of Technology. His areas of interest include eating food bathed in butter and web security. Lately, his research has been focused around defensive web technologies. Chaim's sarcasm driven approach to security provides a unique vantage point that helps him to contribute to several Open Source projects including ModSecurity and OWASP Core Rule Set where he serves as the project leader.
âRobert Olson is currently a lecturer at the Rochester Institute of Technology, where he teaches courses in programming, mobile security, and web application security. In a prior life, he developed courses in the fundamentals of information security, penetration testing, and exploit development as a lecturer at the State University of New York at Fredonia. He holds a Masters of Science in Interdisciplinary Studies (Cognitive Science), a Masters of Science in Management Information Systems, along with some industry certifications (CEH, CISSP, OSCP). When not doing cybery things, he enjoys studying machine learning, catching Pokemon, and bumming around Twitter (@nerdprof).