Rethinking the Role of Security in Education

Abstract

The majority of current undergraduate computer science students receive little to no applied security education in the course of their core studies. Given that security is an afterthought in education, it should be no surprise that it ends up being an afterthought when those students join the working world. As a result, the same security mistakes are made over and over again. This has to change.

Drawing on parallels from the integration of Environmental Engineering concepts into general engineering curricula, we provide a model for how to fix computer-science education. Just as Environmental Engineering concepts are integrated into all engineering programs, applied security content should be integrated throughout the computer science curriculum. A separate security course or track is valuable, but serves a different purpose. This integration can be achieved with minimal disruption to the existing courses through subtle but consistent changes.

Bio: Sarah Zatko is the Chief Scientist at CITL, a partner at L0pht Holdings, LLC, and a member of the US Army's Order of Thor. She has presented her research on the integration of security into CS curriculum at Shmoocon and Hope. That work is also published in IEEE Security & Privacy. She holds a degree in mathematics from MIT and a Master's in computer science from Boston University.