Although many Computer Science (CS) programs offer cybersecurity courses, they are typically optional and placed at the periphery of the program. We propose to integrate cybersecurity as a crosscutting concept in CS curricula, which is also consistent with latest cybersecurity curricular guidelines. We describe our experience of implementing this crosscutting intervention across three undergraduate CS courses at a leading technical university in Europe between 2018 and 2023, collectively educating over 2200 students. The security education was incorporated within existing CS courses using a partnership between the responsible course instructor and a security expert. This created a complex dynamic between three stakeholders: the course instructor, the security expert, and the students. We reflect on this crosscutting intervention from the perspective of the three stakeholders — we conducted a post-course survey to collect student perceptions, and semi-supervised interviews with responsible course instructors and the security expert to gauge their experience. We found that while the students were extremely enthusiastic about the security content and retained its impact several years later, the misaligned incentives for the instructors and the security expert made it difficult to sustain this intervention without organizational support. By identifying limitations in our intervention, we provide recommendations for sustaining it.

I am an assistant professor at the University of Twente where I develop cybersecurity technologies that leverage the power of machine learning for improving security coverage while reducing analyst workload.

Prior to joining UT, I was a PhD student and lecturer at TU Delft. During this time, I dedicated 40% of my time developing and teaching cyber security lectures to BSc (Computer Science and Engineering) students at TU Delft.