Many factors are to be weighed when choosing an educational path or degree program. There are financial and location considerations. There are future employment prospects for the selected career path and the reputation of the educational institution to consider, as well.
The purpose of this guide is to help students and those entertaining the possibility of embarking on an educational pathway that includes cybersecurity to gain an understanding of what Centers of Academic Excellence in Cybersecurity (CAE-C) are and why that knowledge could be essential to their future career.
What’s in this guide
National Center for Academic Excellence in Cyber Defense (CAE-CD)
National Center for Academic Excellence in Cyber Operations (CAE-CO)
National Center for Academic Excellence in Research
Why are CAEs important to students
What is a Center of Academic Excellence (CAE) in Cybersecurity?
Institutions that receive a Center of Academic Excellence (CAE) in Cybersecurity designation have met the rigorous requirements set forth by the joint sponsors of the program. These sponsors are the National Security Agency (NSA) and the Department of Homeland Security (DHS). The NSA and DHS award the CAE-C designation to schools that commit to promoting the program’s goal, which is to reduce vulnerability in our national information infrastructure by improving higher education and research in cyber defense and producing professionals with cyber defense expertise.
The increasing prevalence of cybersecurity attacks on both individuals and businesses emphasizes the need for cybersecurity professionals to protect and defend our Nation’s critical infrastructure and systems. The CAE-C program was established to meet this growing need for knowledgeable and skilled cybersecurity professionals within the federal government – and ultimately, within state and local governments and industry.
With the CAE-C designation, colleges and universities are formally recognized by the Government for their robust cybersecurity-related programs. These institutions have undergone an in-depth evaluation and have met rigorous requirements to be designated. They are well postured to equip students with expertise and skills to protect and defend against the modern cyber threat landscape.
Whether their career goals include working at the federal level or private industry, students seeking a cybersecurity career should give serious consideration to attending a CAE-C designated institution. This choice should weigh heavily in the final analysis.
CAE program structure
The NSA launched what was then called the Centers of Academic Excellence in Information Assurance Education program in 1999. The program has undergone several modifications in structure and names over the years. In an attempt to simplify this guide, we have used the latest in program names and descriptions. Previous program names and descriptions may still be in use within the various CAE institutions and may differ from those used here.
There are three types of designations schools can pursue. These are Centers of Academic Excellence in Cyber Defense (CAE-CD), Centers of Academic Excellence in Cyber Operations (CAE-CO), and Center of Academic Excellence in Research (CAE-R).
The National Centers of Academic Excellence in Cybersecurity (CAE-C) program has over 300 institutions all over the Nation with designations in Cyber Defense, Cyber Operations, and Research.
National Centers for Academic Excellence in Cyber Defense (CAE-CD)
The CAE-CD program focuses on providing a cybersecurity workforce to meet the needs of the nation, government, industry, and academia. Complementary in nature, the CAE-CO program focuses on technologies and techniques related to specialized cyber operations (e.g., collection, exploitation, and response) to enhance the national security posture of the Nation.
The stated goals of the CAE-CD program are to:
- Reduce vulnerability in our national information infrastructure by promoting higher education and research in cyber defense
- Produce a growing number of professionals with expertise in cyber defense disciplines
- Proactively increase understanding of robust CD technology, policy, and practices that will enable our Nation to prevent and respond to a catastrophic cyber event effectively
- Contribute significantly to the advancement of state-of-the-art cyber defense knowledge and practice
The CAE-CD program is focused on several initiatives critical to the success of cyber workforce development. On the forefront, though, is addressing the need for qualified, skilled educators, who are the keys that unlock the door to a skilled cyber workforce. There is a recognized shortage of qualified educators, as the population of students continuing in cybersecurity to the doctoral or post-doctoral levels is shrinking, thereby limiting the number of those who can and will serve in the academic environment to teach. Schools consistently have multiple cybersecurity faculty positions open for long periods, and that is a critical limiting factor.
The CAE-CD program has three designations: Four-Year Baccalaureate/Graduate Education, Two-Year Education, and Research.
All regionally accredited two-year, four-year, and graduate-level institutions in the United States can apply for designation as an NSA/DHS CAE-CD, so be sure to check the status of your preferred institution.
Institutions designated as CAEs in Cyber Defense:
- Are recognized by the federal government for their cyber defense programs and curricula
- Have curricula mapped to specified Knowledge Units, which align with the NICE Cybersecurity Workforce Framework, a cybersecurity language that educators, industry workers, and government organizations employ nationwide
- Have degree programs that are a top choice for students who want to learn the necessary knowledge and skills to succeed in the cybersecurity workforce
- Assist federal agencies by providing academic insight into cyber-related programs at DHS, NSA, and other federal agencies.
- Serve as a potential source and facilitator for government-academic researcher exchanges
- Facilitate the development of faculty and research leaders
- Participate in an extensive network of cybersecurity professionals, educators, researchers, and advocates to grow the cyber field
- Are privy to opportunities for student scholarships and grants through the Department of Defense Cyber Scholarship Program and the Federal CyberCorps Scholarship for Service Program
As of August 2019, there are 274 CAE-CD Institutions In 48 states, The District of Columbia, and The Commonwealth of Puerto Rico.
National Centers of Academic Excellence in Cyber Operations (CAE-CO)
The CAE-CD and CAE-CO programs have shared origins and collaborate closely, but have different objectives and requirements. The common thread is that both have specific, well-defined academic and programmatic requirements, and designate schools for five years.
The CAE-CO program has two designations — fundamental and advanced. These are open to four-year colleges and graduate-level universities with programs based in computer science, electrical engineering, or computer engineering. They could also have a degree program of equivalent technical depth, or a collaboration between two or more of these departments.
The CAE-CO Program supports the National Initiative for Cybersecurity Education (NICE): Building a Digital Nation. It furthers the goal to broaden the pool of skilled workers capable of supporting a cyber-secure nation. The CAE-Cyber Operations program is a deeply technical, inter-disciplinary, higher education program firmly grounded in computer science, computer engineering, or electrical engineering disciplines, with extensive opportunities for hands-on applications via labs and exercises.
The CAE-CO program focuses on workforce development for the Department of Defense, the Intelligence Community, and law enforcement communities, based on unique mission and authorities associated with that mission. The CAE-Cyber Operations program complements the existing Centers of Academic Excellence in Cyber Defense programs. It provides a particular emphasis on technologies and techniques related to specialized cyber operations (e.g., collection, exploitation, and response), to enhance the national security posture of our Nation.
The CAE-CO program is open to four-year colleges and graduate-level universities. CAE-Cyber Operations programs must be based within a computer science, electrical engineering, or computer engineering department, a degree program of equivalent technical depth, or a collaboration between two or more of these departments.
Institutions designated as CAEs in Cyber Operations:
- Receive federal recognition for the institution’s cyber operations programs and curricula
- Ensure student confidence in the degree programs as a top choice to learn the necessary knowledge and skills to succeed in the cybersecurity workforce
- Provide students with a unique experience during a 12-week summer internship, working on real-world, mission-relevant problems alongside NSA employees and technical directors
- Serve as a potential source and facilitator for government-academic researcher exchanges
- Join the CAE Community of cybersecurity professionals, educators, researchers, and advocates to grow the cyber field.
- Provide opportunities for student scholarships and grants through the Federal Cyber Service Scholarship for Service Program.
The CAE-CO program began in 2012 and now has 21 designated schools.
National Centers for Academic Excellence in Research (CAE-R)
The goal of a CAE-R institution is to proactively increase the understanding of robust cyber defense technology, policy, and practices. Building a workforce with these skills will enable our nation to prevent and respond to a catastrophic cyber event effectively.
The vision of the CAE-R Program is to:
- Recognize schools with programs that integrate CD research activities into the curriculum and the classroom setting
- Provide NSA, DHS, and other federal agencies with insight into academic CD programs (with their reach into the industry) that can support advanced educational, research, and development capabilities
- Serve as a potential source and facilitator for government-academia researcher exchanges
- Present opportunities for CD research centers to drill deeper into much-needed solutions for securing critical information systems and networks
All CAE-R institutions must be either a Department of Defense school, a Ph.D.-producing military academy, or a regionally accredited, degree-granting four-year institution. They must be rated as either a Doctoral University – Highest Research Activity, Higher Research Activity, or Moderate Research Activity, as determined by the Carnegie Foundation Basic Classification system. Alternatively, they can provide a written justification outlining their significant CD research. The CAE-R criteria include the demonstration of CD Research initiatives (faculty and student), publications, graduate-level production, and research funding.
Why CAEs are important to students
Choosing a college is about more than just having the student’s name on a diploma. Where a student goes to school impacts numerous aspects of their life, from academic studies to social activities and beyond. Considering the importance of this decision, prospective students should carefully consider where they decide to enroll.
Choosing a CAE-C designated school will assure the student that they will be taught the most current curriculum meeting the most critical standards. The curriculum is vetted by the NSA/DHS cosponsors of the program and is consistent across all schools with a CAE-C designation.
The support a student receives from their teachers, peers, and the institution can significantly influence the quality of their educational experience as well as the outcome in regards to job placement. Centers of Academic Excellence in Cybersecurity are designed to provide an unparalleled level of support for each student.
Alumni of CAE institutions often testify of the program’s support, both in terms of superior technical education and social support enhancing the educational experience.
Danielle Santos, a graduate of California State University San Bernardino, a CAE-CD school, discussed her educational experience in a recent edition of the Community Quarterly, NSA/DHS Centers of Academic Excellence in Cybersecurity’s quarterly newsletter. She said, “The program provided me with countless opportunities to develop my technical and interpersonal skills outside of the classroom. The InfoSec club presented technical projects to work on, such as figuring out how an Xbox 360 can be used for purposes other than video games, and Saturday classes to explore Defense in Depth techniques. The CAE office also coordinated events and activities for students to practice their elevator speech by participating in career fairs and networking opportunities with local professionals.”
When asked what advice she would give to current or prospective CAE students, Santos explained, “don’t sleep on these opportunities! There are so many resources available to students, especially those in pursuit of a cybersecurity degree. Scholarships for tuition, scholarships to attend conferences, opportunities to present projects and papers, free virtual career fairs, special hiring and training programs for recent graduates, and the list goes on. Take advantage of these while you can and network, network, network!”
Employers are often looking for more than just the student’s name on a degree. They want assurances that the educational program completed by the student will prepare them for the rigors of the workplace. A degree from a CAE-C school offers prospective employers that assurance. They can rest assured that the student has been immersed in all aspects of cybersecurity and are a member of the cybersecurity community.
Steven Hernandez, another graduate of a CAE institution, Idaho State University, was asked what impact the program had on his career. He responded in the Community Quarterly, “It’s directly related to my success and my ability to provide value to my employer and the Nation. One of the most important aspects of the program is the community I’m a part of. Folks in this community keep in touch; they call each other when times are good and when times are challenging. The program fostered this cohort mentality by challenging us with work that could only be solved through team building.”
Why CAE designation is important to schools
Many universities and colleges are marketing themselves to prospective students by promoting perks and conveniences, ranging from laptops and tablets to gourmet dining plans and over-the-top housing and recreational opportunities. These are responses to consumer demand. And the reality is that students are increasingly demanding these kinds of services and opportunities. Rightly so, school officials maintain they are first and foremost promoting their academic profile to attract students.
Becoming a CAE designated school will be an effective way to attract students with aptitude and interest in cybersecurity-related fields. Federal agencies and contractors directing students to educational resources to meet their requirements will invariably point them to CAE-C designated schools.
While the NSA and DHS do not provide funding to CAE designated institutions, once a school obtains one of these designations, it can compete for grants like the Department of Defense Cybersecurity Scholarship Program (DoD CySP). They can also apply for the National Science Foundation’s (NSF) Scholarship for Service program. Schools are not limited to a single designation and are encouraged to pursue more than one.
CAE schools have access to grants provided by the Cybersecurity National Action Plan. One of the purposes of this plan is to strengthen the National Centers for Academic Excellence in Cybersecurity Program and to increase the number of participating academic institutions and students. They work to support those institutions currently participating, increase the number of students studying cybersecurity at those institutions, and enhance student knowledge through program and curriculum evolution.
Support from the CAE community
Catalyzing Computing and Cybersecurity in Community Colleges (C5) is a project funded by the National Science Foundation. C5 supports the creation of a nationwide network of community colleges that have met national standards in cybersecurity education, producing more and better-prepared graduates for the workforce, and ultimately leading to a more secure nation.
C5 has strengthened and expanded the number of community colleges across the nation that have earned the NSA/DHS National Center of Academic Excellence (CAE) designation for cybersecurity education. The project supports the CAE Application Assistance Program by matching approved schools with qualified mentors who assist them with the application process.
The designated CAE-Cyber Defense (CAE-CD) Resource Centers were announced in 2017. These Centers are a network of participating CAE-CD institutions that will provide resources and guidance to applicant institutions. Three categories of resource centers are positioned to assist at a regional and national level – Hub, Consultation, and National.
The Hub CAE Regional Resource Centers (CRRCs) will act as a hub for institutions within the CAE-CD Candidates Program in a particular geographic region. They will host various program and faculty professional development workshops, seminars, and courses for designated and candidate institutions.
Additional resources for schools
ATE Center Resource – https://atecentral.net/
The National Science Foundation’s Advanced Technological Education (ATE) program has been funding innovation at two-year colleges for over 25 years.
With a focus on the education of technicians for the high-technology fields that drive our Nation’s economy and strong partnerships between academic institutions and industry, ATE promotes the education of science and engineering technicians at the undergraduate and secondary school levels.
The ATE program supports curriculum development, professional development of college faculty and secondary school teachers, career pathways to two-year colleges from secondary schools and from two-year colleges to four-year institutions, and other activities. Fields of technology supported by the ATE program include, but are not limited to, advanced manufacturing technologies, agricultural and bio-technologies, energy and environmental technologies, engineering technologies, information technologies, micro and nano-technologies, security technologies, and learning, evaluation, and research.
NCYTE Center Website – https://ncyte.net/
CyberWatch Website – http://www.nationalcyberwatch.org
CSSIA website – https://www.cssia.org/
GenCyber – https://www.gen-cyber.com/
The Gen Cyber program works to increase interest in cybersecurity careers and diversity in the cybersecurity workforce, help all students understand correct and safe online behavior, and improve teaching methods for delivery of cybersecurity content to K-12 students. This program provides cybersecurity summer camp experiences for students and teachers at no charge. The National Security Agency and the National Science Foundation provides funding for this program.
NICCS – https://niccs.us-cert.gov/
The National Initiative for Cybersecurity Careers and Studies (NICCS) is the premier online resource for cybersecurity training. NICCS connects Government employees, students, educators, and industry with cybersecurity training providers throughout the Nation.
As technology advances, the United States must develop a workforce of capable cybersecurity professionals. The substantial investment made by the U.S. in programs like NICCS helps citizens find the education and training they need to advance their careers and close the skill gaps in the cybersecurity workforce.
NICCS provides the Nation with the tools necessary to ensure citizens and the workforce have more effective cybersecurity skills. The courses in the training catalog are cybersecurity-focused and delivered by accredited universities, National Centers of Academic Excellence, federal agencies, and other training providers. Each course maps to the National Cybersecurity Workforce Framework, the foundation of the National Initiative for Cybersecurity Education (NICE) effort to standardize the cybersecurity field.
NICCS is managed by the Cybersecurity Education and Awareness Branch (CE&A) within the Department of Homeland Security’s (DHS) Office of Cybersecurity and Communications (CS&C). CE&A promotes cybersecurity awareness, training, and education and career structure, with the added goal of broadening the Nation’s volume of cybersecurity workforce professionals.