Rethinking Security's Role in Computer Science Education

Presented at ShmooCon XI (2015), Unknown date/time (Unknown duration)

The role of security in computer science education needs to be reconsidered. There is little to no applied security content for the majority of undergraduate computer science students. Given that security is an afterthought in education, it should be no surprise that it ends up being an afterthought when those students join the working world. As a result, the same security mistakes are made over and over again.

Most security content in curriculum today is meant for future security specialists. What content there is comes as a standalone class or lecture, and not interwoven with regular curricula.

The integration of Environmental Engineering design concepts into general engineering curricula provides a model for how to fix this "afterthought" problem. Applied security content needs to be integrated throughout the undergraduate computer science curriculum. This can be achieved with minimal disruption to the existing courses, as long as the changes are subtle, but consistent.

Presenters:

• Sarah Zatko
  Sarah is a partner at L0pht Holdings LLC, the spin off from the L0pht that created the award winning password cracking tool L0phtCrack. She holds a degree in mathematics from MIT, and a Master's in computer science from Boston University. After working with various three letter agencies she wanted to do something unequivocally "good" and has been visiting high schools and elementary schools representing "hacker" on career day. She's trying to convince her local library to let her teach a lockpicking workshop.

Similar Presentations:

• The Eleventh HOPE (2016) / Computer Science Curricula's Failure - What Can We Do Now?
• ToorCon San Diego 14 (2012) / Building the Next Generation of Computer Security Professionals
• HOPE X (2014) / How to Prevent Security Afterthought Syndrome