The Chronicle of Higher Education
How to Revamp a Curriculum Quickly — but Not Too Quickly
May 21, 2017, 8:00 am
Trez Jones, a clinical assistant professor at Texas A&M U. at College Station who teaches cybersecurity courses, helped guide a new curriculum through the approval process.
Several years ago, Texas was feeling the pinch of a nationwide deficit. It ranked third among states in the number of unfilled cybersecurity jobs.
As a public flagship with strong military ties, Texas A&M University at College Station felt a sense of civic obligation — and saw an opportunity. To galvanize research and education in the discipline, and to provide a pipeline of graduates to industry and government jobs, the university system created the Texas A&M Cybersecurity Center in 2015. Daniel J. Ragsdale, a 30-year Army veteran, was appointed its director.
Quick change keeps programs current, but time is needed to ensure quality. The challenge: finding a way to have both.
What Industry Wants Premium
Tips to Keep a Curriculum Fresh Premium
He immediately faced tough questions: Could Texas A&M create a program that was responsive to market needs but not too reactive? What should it teach? How would its courses fit with those that had been offered at the university for decades? And could it safeguard quality without getting bogged down in academe’s sometimes ponderous processes?
Because cybersecurity is evolving so rapidly, it can be hard for universities to keep their courses and programs up-to-date. The urgency is acute for this discipline, in which 1.5 million jobs will need to be filled by 2019. But the tension isn’t unique. Many institutions and disciplines grapple with how to strike the right balance between the speed needed to be responsive and the time needed to ensure quality.
Those conditions can pose a trap for well-meaning administrators and faculty members. Work-force demand can lead some institutions to teach students the skills needed for today’s entry-level jobs. But those tools may well be obsolete five or 10 years from now. Keeping faculty members aware of the latest developments in the field can pose another challenge. And inertia and lack of resources — problems not confined to modernizing curricula — undercut such efforts, too.
Mr. Ragsdale summed up the fine line walked by programs like his: We want to be on the leading edge, he says, but not the bleeding edge.
When he arrived at the university, in 2015, Mr. Ragsdale took stock of the courses already offered that touched on cybersecurity. He was pleased to see there were many — more than 20, in fact — across various colleges, including those in liberal arts, engineering, and agriculture and life sciences.
One of those courses, "Security and Ethics in the Digital World," was taught by Robert (Trez) Jones, a clinical assistant professor of educational administration and human-resource development. He’s served on the Faculty Senate, and worked at Texas A&M for more than a decade. The two met over fish tacos at an off-campus haunt, and Mr. Jones soon offered a suggestion.
If Mr. Ragsdale wanted to act quickly, the best first step, Mr. Jones said, would be a minor. Unlike a major or master’s-degree program, which requires approval from a state body, a minor could offer a swifter path forward. Mr. Ragsdale saw the virtues of this approach: It was high-impact but a quick win. The institution wouldn’t wait to take action, but it also wouldn’t rush into a full program without consideration.
“We want to leave this minor extremely flexible. That allows us to move a little faster.”
Timing was not the only reason a minor was attractive. The structure allowed the program to leverage courses already being offered across departments. Students in the minor can select electives from among more than 20 classes, housed in six colleges across the campus. Although all students must demonstrate basic programming abilities and take a cyber-ethics course, those who are interested in government, for example, can pursue an elective like "National Security Policy." This model, Mr. Ragsdale says, gives them a holistic education and reflects the multidisciplinary nature of the field, which includes political, legal, and ethical issues.
Presenting the program as interdisciplinary also sent a symbolic message: that cybersecurity is for students from a variety of backgrounds. The center’s website notes that the minor is designed for both technically inclined students and their less-technical peers. And as the proposed minor passed through approval processes, which took about a year less than a major would have, it didn’t hurt to have stakeholders across the campus interested in its success, Mr. Jones says.
A final consideration led decision-makers to table the idea of launching a major. The interdisciplinary nature of the field and the speed at which it’s developing make it hard to set parameters on what content a bachelor’s degree should include.
A curricular expert in the discipline used a metaphor to describe the process: It is, she said, like "trying to sink a stake into quicksand."
And the ground keeps shifting. Even before the interdisciplinary minor was introduced, in the fall of 2016, Mr. Ragsdale and Mr. Jones knew that the pace of change in the field meant that they would need to build in ways to keep the program fresh.
An interdisciplinary minor was a good place to start, Mr. Ragsdale says, "but we knew when we put that in place that we would follow it up with additional refinements."
The first substantial update came within a year, in part in response to comments from industry and government. While the interdisciplinary minor gave students a breadth of information, potential employers mentioned that they were, at times, seeking graduates with in-depth technical knowledge. The program was quickly modified. Two tracks were added so that, starting this fall, students will be able to delve more deeply into engineering or technology instead of taking the more interdisciplinary approach.
Even in a rapidly changing field, there are fundamental concepts that are enduring.
Smaller-scale changes have been made to the program, too. About five courses have been created or added to the minor, and more are expected. Because Texas A&M is so large, it’s taken time simply to identify all of the existing courses that are relevant. Mr. Jones just recently learned of a biomechanical-engineering class that touches on cybersecurity topics.
"We want to leave this minor extremely flexible," says Mr. Jones, who led the program through the approval process. "That allows us to move a little faster."
Responsiveness has been built into the minor in a variety of ways. For one, special-topics courses, in which the focus can change from term to term, can be used to teach current issues without the delay that often accompanies developing an entirely new class. Co-curricular activities, like internships and clubs, expose students to the latest technologies and offer a chance to apply what they’re learning. The center is moving quickly on other fronts as well. Master’s and certificate programs are in the works.
In addition, a major source of change is the faculty members themselves. They have leeway to modify course content as long as learning objectives are met, and they’re encouraged to attend conferences and trainings to stay up-to-date on the field. Instructors include tenure-track academics and professors of practice, who have extensive experience in industry, government, or the military. (A hiring initiative at Texas A&M aims to bring in up to eight additional cybersecurity professors, some of whom will be granted tenure on arrival.)
Mr. Ragsdale says that members of the two groups complement each other and use their backgrounds to keep course content current. While academics stay connected to cutting-edge developments through their research, professors of practice use their ties to industry or the public sector to keep abreast of change.
Aakash Tyagi, for example, a professor of practice who teaches courses in the minor, leaves room in his syllabi to talk about the latest developments in cybersecurity. He reserves the last four to six lectures of his courses for current topics like cloud computing and memory management.
Blocking off these class periods in advance, he says, has provided a good balance between giving students current and foundational information. It’s important to cover new issues, he says, but instructors can’t sacrifice core content to do so. There should also be some consistency in what’s covered in courses, so that fall- or spring-semester students don’t miss out on what their peers are learning.
Even in a rapidly changing field like cybersecurity, says Mr. Tyagi, who worked at Intel for 20 years, there are fundamental concepts that are enduring.
Daniel Ragsdale, director of the Texas A&M Cybersecurity Center, is overseeing the development of a new cybersecurity curriculum. "We have to be careful," he says, "that we’re not engaged in simple training for a very specific skill that could be perishable."
Mr. Ragsdale says the center is leery of developing a curriculum that’s overly responsive to what industry wants now. In a changing field, it’s possible that what students are learning will quickly become outdated. Foundational courses, like programming, are necessary because they teach students how to learn and keep pace with the technological developments that will surely occur.
"We have to be careful that we’re not engaged in simple training for a very specific skill that could be perishable," he says. To avoid that problem, students learn both theory and practice, and don’t use what Mr. Ragsdale calls "elaborate power tools" in class. Limiting students to freely available tools, like those that analyze network traffic and identify security flaws, forces them to better understand the concepts being taught, he says. It’s like teaching students to solve complicated math problems by hand instead of having them simply plug functions into graphing calculators.
That said, proponents of the program are cognizant of the market demand for their graduates and pay close attention to what government, industry, and professional associations say they’re looking for. After employers mentioned that students generally lacked secure-coding and secure-design skills, for example, the program developed a course on the subject that will soon be offered to graduates and undergraduates.
Like many practically focused disciplines, cybersecurity can call upon existing frameworks that give guidance on what programs should be teaching. The National Security Agency and the Department of Homeland Security award designations to institutions whose offerings cover certain topics and meet a standard of rigor. (Texas A&M has these designations.)
Another resource for guidelines is disciplinary associations. Individuals from several professional societies have worked on an effort called the Cyber Education Project to develop undergraduate curriculum guidelines and make a case for accreditation.
Mr. Ragsdale is working on a similar goal with an accreditor of programs in applied science, computing, and engineering. He says he’s feeding pertinent tidbits from the process back into the program.
Even disciplines that are traditionally associated with the liberal arts can refer to similar frameworks; historians, for example, have been articulating a common set of skills and knowledge through the Tuning project.
Balancing external demands with internal standards that ensure and measure quality is a continuing challenge for Texas A&M. It’s one thing to introduce change, Mr. Ragsdale says, and another thing to demonstrate that programs are having the effects that are hoped for.
"We have to be careful; we can’t violently flip-flop around," he says. "But we can certainly continue to refine, enhance, and evolve over time."