Colleges vie to entice students with NSA cyber program

Fourteen colleges are now designated National Centers of Academic Excellence in Cyber Operations by the National Security Agency, up from four when the program started in 2012.

High school students participate in an NSA GenCyber Camp in Hawaii. The agency has done more to get K-12 and college students involved in cybersecurity. (Courtesy NSA)

When Ryan Hermann was in middle school in his native Elgin, Illinois, he installed a game borrowed from the local library that ruined his desktop computer at home.

“The virus actually destroyed the computer, so that was a good introduction into the security field,” said Hermann, now 21.

The senior at Dakota State University, who is studying reverse engineering, is one of a few hundred students at a select group of colleges that has a special designation from the National Security Agency to fill the huge and growing gap in the cybersecurity field with qualified workers.


Called the National Centers of Academic Excellence in Cyber Operations, the program is an outgrowth of President Barack Obama’s National Initiative for Cybersecurity Education. The schools selected have increased to 14 from four when the program launched in 2012. The University of Texas at Dallas was the most recent school bestowed with the honor after going through a rigorous application process.

The program has been so successful that the NSA has expanded its education efforts to K-12 with special summer camps for budding cyber-warriors called GenCyber, which raises awareness about online safety and a different kind of career they may not have thought of before.

“The output of universities is not even keeping up with the growth of demand, never mind satisfying the existing gap,” said Steve LaFountain, dean of the College of Cyber at NSA. “We believe that when we started this program, this is really the only way we can try to encourage universities to teach what’s necessary and students to study what’s necessary.”

Schools that apply – about 50 each year – have to show a highly developed, technical curriculum that teaches students about networks, operating systems, software development and analysis, reverse engineering, security principles, and cyber ethics and law. The schools also must have two faculty members running the program, and a minimum number of professors with specific qualifications.

There is also an outreach component – students have to work in their communities, whether state or local governments or K-12 schools, to help shore up the entities’ security practices.


The selected schools are: Air Force Institute of Technology, Auburn University, Carnegie Mellon University, Dakota State University, Mississippi State University, Naval Postgraduate School, Northeastern University, Polytechnic School of Engineering, Towson University, United States Military Academy at West Point, University of Cincinnati, University of New Orleans and the University of Tulsa.

The University of Texas at Dallas, which debuted a graduate program this semester, made the cut after getting rejected a few years ago.

“We had some minor issues with the requirements we couldn’t meet the first time,” Kamil Sarac, associate professor of computer science and director of cybersecurity education programs at the school, said in an interview. He said the university did not have a cellular networks course at the time, but has since added one.

The program has piqued the interest of some of the 1,000 students enrolled in the computer science program, he said.

“This is a benchmark for us, proving that we are up to par and can really contribute to the needs of the Department of Defense agencies in terms of preparing students for this field,” said Sarac.


One of the benefits of the program, professors say, is the significant boost it gives to enrollment numbers.

Josh Pauli, professor of cybersecurity at Dakota State University, said enrollment is up “about 300 percent” and “the quality of student has increased greatly.”

Which is good news, because he said the school has invested roughly $30,000 to $50,000 a year on professional development to keep faculty up to date on cutting edge technologies and send them to trainings.

“If you want to maintain your Center of Academic Excellence designation, you have to be dedicated to this,” he said in an interview.

When students graduate from the program, they are able to reverse engineer software, analyze malware and exploit software, Pauli said. There are about 300 students in the program at any given time, including 100 incoming freshmen this year.


Hermann, who received a full-tuition cybersecurity scholarship to Dakota State University, said his specialty is reverse engineering — essentially disassembling code and computer programs to figure out how they are constructed.

“There are a lot of bad guys out there writing tricky programs to [harm] your computer, so they try to hide their tracks,” he said. “And reverse engineering helps you figure out exactly what they’re doing on your computer and build better defenses.”

As a stipulation of his scholarship, Hermann will take a job at a federal, state or local government agency when he graduates and earns a master’s degree.

The government is betting on people like Hermann to thwart cyber attacks like the recent embarrassing breach at the Office of Personnel Management, which compromised the personal information of more than 22 million current and former federal employees and those close to them.

“It’s a no-brainer,” LaFountain said. “Why wouldn’t you go into this field?”


Reach the reporter at or follow her on Twitter @clestch.

Latest Podcasts