Rethinking Security's Role in CS Education

ShmooCon XI - 2015

Presented by: Sarah Zatko
Date: Saturday January 17, 2015
Time: 16:00 - 16:50
Location: Bring It On

The role of security in computer science education needs to be reconsidered. There is little to no applied security content for the majority of undergraduate computer science students. Given that security is an afterthought in education, it should be no surprise that it ends up being an afterthought when those students join the working world. As a result, the same security mistakes are made over and over again.

Most security content in curriculum today is meant for future security specialists. What content there is comes as a standalone class or lecture, and not interwoven with regular curricula.

The integration of Environmental Engineering design concepts into general engineering curricula provides a model for how to fix this "afterthought" problem. Applied security content needs to be integrated throughout the undergraduate computer science curriculum. This can be achieved with minimal disruption to the existing courses, as long as the changes are subtle, but consistent.

Sarah Zatko

Sarah is a partner at L0pht Holdings LLC, the spin off from the L0pht that created the award winning password cracking tool L0phtCrack. She holds a degree in mathematics from MIT, and a Master’s in computer science from Boston University. After working with various three letter agencies she wanted to do something unequivocally "good" and has been visiting high schools and elementary schools representing "hacker" on career day. She's trying to convince her local library to let her teach a lockpicking workshop.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats