Competency degrees and the role of higher education

Several years ago, Purdue University introduced a “competency degree program”. I called it “test out of your degree”. Although the University’s website is short on detail, I gather the general idea is a focus on doing instead of study. Which sounds pretty good on its face, but actually isn’t.

“We’ve hired Purdue grads before,” said Dave Bozell, owner of CG Visions, told the Lafayette Journal & Courier, “and they have the theory, but we still have to spend time teaching them how to apply it to what they’re working on.”

Yes, Dave. That’s the point. Universities do not exist to provide vocational training for your employees. That’s your responsibility. That’s why science majors have to take some (but not enough) humanities courses. Higher education is for broad learning. Or at least it used to be.

I wonder sometimes if the Morrill Act — which lead to the creation of Purdue University and many other institutions — is what caused the shift from education to training. Uncharitably, it said “this fancy book learnin’ is fine and all, but we need people to have useful skills.” “Useful”, of course, has a pretty strict definition.

Purdue’s College of Technology Dean Gary Bertoline said “there are plenty of high-skill, high-wage technology jobs available, but students just don’t have the skills necessary to fill them.” You know what skills are most lacking in tech these days? It’s not coding. It’s not database optimization. It’s ethics. I doubt that’s in the competency-based degree.

I’d like to see employers doing more to train their employees in the skills needed to perform the day-to-day work. Theory is important, and that’s a good fit for the university model. If you want a more streamlined approach, embrace vocational schools. Much of the work done these days that requires a college degree doesn’t need to. In fact, it might benefit from a more focused vocational approach that leaves graduates in less debt.

But universities should be catering to the needs of the student and the society, not the employer.

Everyone needs to know how to program, or not

A common refrain I’ve heard over the years is “everyone needs to know how to program”. Computers are pervasive in both work and leisure. Knowing how to make them do what the humans want is valuable both from a practical standpoint and from a financial standpoint. But does everyone really need to know how to program?

This topic has been on my list for a long time, but I got a convenient nudge on Twitter earlier this week. My friend, speaking about science communication, exactly captured my feelings:

The spectrum of computer skills is very broad. At the high end is computer science (which doesn’t necessarily translate to practical computer usage skills). As my friend Dave describes it, CS “is a branch of mathematics built around complexity.” This is clearly beyond the level that everyone needs. At the low end is basic computer literacy like using standard desktop software. That seems to be a safe bar for “everyone”.

So we know the high end is too high. The low end is a bare minimum. Where’s right spot in the space between those two extremes? I’m inclined to lean toward the low end. Programming, and thus automation, has applications in almost every profession. But that doesn’t mean it’s a key skill for every profession. In my current job, I have almost no need for programming skills. Basic use and troubleshooting of the applications I use is all I need. I wouldn’t tell someone looking to get into product marketing to not learn programming, but I wouldn’t say they have to in order to be successful in the role.

I’m generally skeptical of using the education system as vocational training. Especially in fast-moving fields like technology, curricula can’t keep up with the changes in the field. How much of what you teach a 7th grader about programming in a particular language will be relevant by the time they enter the work force? At best, you can teach broad concepts.

If you asked me what’s driving this push for coding in the classroom, I’d say it’s two things. First, policymakers who don’t understand technology themselves see this as a way to drive economic growth and help the fortunes of their constituents. Second, technology companies are seeing a shortage of workers with the skills they want and so are looking to get the public to fund their job training programs. I don’t see similar efforts to teach electrical or plumbing work to everyone, even though they’re both well-paid and also highly practical to those outside the profession.

So let’s put more computer literacy into the curriculum. But let’s not assume that means programming. If anything involving computers and education needs to change, it’s that computer science and programming curricula need to include ethics courses.

Sidebar: one area where programming in education may help

The main area I see a true benefit for adding programming into primary and secondary education is helping under-indexed minorities get involved. Tech has more than just a “pipeline problem”, to be sure. But while the cultural problems are worked on, it can only help to get more under-indexed minorities interested. If nothing else, it will help dilute the bros.

Recent posts

In lieu of original content, here are a few articles I’ve recently written for

Online learning: Codecademy

Last week, faced with a bit of a lull at work and a coming need to do some Python development, I decided to work through the Python lessons on Codecademy. Codecademy is a website that provides free instruction on a variety of programming languages by means of small interactive example exercises.

I had been intending to learn Python for several years. In the past few weeks, I’ve picked up bits and pieces by reading and bugfixing a project at work, but it was hardly enough to claim knowledge of the language.

Much like the “… for Dummies” books, the lessons were humorously written, simple, and practical. Unlike a book, the interactive nature provides immediate feedback and a platform for experimentation. The built-in Q&A forum allows learners to help each other. This was particularly helpful on a few of the exercises where the system itself was buggy.

The content suffered from the issue that plagues any introductory instruction: finding the right balance between too easy and too hard. Many of the exercises were obvious from previous experience. By and large, the content was well-paced and at a reasonable level. The big disappointment for me was the absence of explanation and best practices. I often found myself wondering if the way I solved the problem was the right way.

Still, I was able to apply my newly acquired knowledge right away. I now know enough to be able to understand discussion of best practices and I’ll be able to hone my skills through practices. That makes it worth the time I invested in it. Later on, I’ll work my way through the Ruby (to better work with our Chef cookbooks) and PHP (to do more with dynamic content on this site) modules.

CERIAS Recap: Panel #3

Once again, I’ve attended the CERIAS Security Symposium held on the campus of Purdue University. This is one of several posts summarizing the talks I attended.

The “E” in CERIAS stands for “Education”, so it comes as no surprise that the Symposium would have at least one event on the topic. On Thursday afternoon, a panel addressed issues in security education and training. I found this session particularly interesting because it paralleled many discussions I have had about education and training for system administrators.

Interestingly, the panel consisted entirely of academics. That’s not particularly a surprise, but it does bias the discussion toward higher education issues and not vocational-type training. This is often a contentious issue in operations education discussions. I’m not sure if such a divide exists in the infosec world. Three Purdue professors sat on the panel: Allen Gray, Professor of Agriculture; Melissa Dark, Professor of Computer & Information Technology and Associate Directory of Educational Programs at CERIAS; and Marcus Rogers, Professor of Computer & Information Technology. They were joined by Ray Davidson, Dean of Academic Affairs at the SANS Technology Institute; and Diana Burley, Associate Professor of Human and Organizational Learning at The George Washington University.

Professor Gray began the opening remarks by telling the audience he had no cyber security experience. His expertise is in distance learning, as he is the Director of a MS/MBA distance program in food and agribusiness management. The rise of MOOCs has made information more available than ever before, but Gray notes that merely providing the information is not education. The MS/MBA program offers a curriculum, not just a collection of courses, and requires interaction between students and instructors.

Dean Davidson is in charge of the master’s degree programs offered by the SANS Technology Institute. This is a new offering and they are still working on accreditation. Although it incorporates many of the SANS training courses, it goes beyond those. “The old days of protocol vulnerabilities are starting to go away, but people still need to know the basics,” he said. “Vulnerabilities are going up the stack. We’re at layers 9 and 10 now.” Students need training in legal issues and organizational dynamics in order to become truly effective practitioners.

Professor Dark joined CERIAS without any experience in providing cybersecurity education. In her opening remarks, she talked about the appropriate use of language: “We always talk about the war on defending ourselves, the war on blah. We’re not using the language right. We should reserve ‘professionalization’ for people who deal with a lot of uncertainty and a lot of complexity.” Professor Burley also discussed vocabulary. We need to consider who is the cybersecurity workforce. Most cybersecurity professionals are in hybrid roles, so it’s not appropriate to focus on the small number who have roles entirely focused on cybersecurity.

Professor Rogers drew parallels to other professions. Historically, professionals of any type have been developed through training, certification, education, apprenticeship or some combination of those. In cybersecurity, all of these methods are used. Educators need to consider what a professional in the field should know, and there’s currently no clear-cut answer. How should education respond? “Better than we currently are.” Rogers advocates abandoning the stove pipe approach. Despite talk of being multidisciplinary, programs are often still very traditional.”We need to bring back apprenticeship and mentoring.”

The opening question addressed differences between education and training. Gray reiterated that disseminating information is not necessarily education; education is about changing behavior. Universities tend to focus on theory, but professionalization is about applying that theory. As the talk drifted toward certifications, which are often the result of training, Rogers said “we’re facing the watering-down of certifications. If everybody has a certification, how valuable is it?” Dark launched a tangent when she observed that cybersecurity is in the same space as medicine: there’s so much that practitioners can’t know. This lead to a distinction being made (by Spafford, if I recall correctly) between EMTs and brain surgeons as an analogy for various cybersecurity roles. Rogers said we need both.They are different professions, Burley noted, but they both consider themselves professionals.

One member of the audience said we have a great talent pool entering the work force, but they’re all working on same problems. How many professionals do we need? Davidson said “we need to change the whole ecosystem.” When the barn is on fire, everyone’s a part of the bucket brigade; nobody has time to design a better barn or better fire fighting equipment. Burley pointed out that the NSF’s funding of scholarships in cybersecurity is shifting toward broader areas, not just computer science. This point was reinforced by Spafford’s observation that none of the panelists have their terminal degree in computer science. “If we focus on the job openings that we have right now,” Rogers said, “we’re never going to catch up with the gaps in education.” One of the panelists, in regard to NSF and other efforts, said “you can’t rely on the government to be visionary. You might be able to get the government to fund vision,” but not set it.

The final question was “how do you ensure that ethical hackers do not become unethical hackers?” Rogers said “in education, we don’t just give you knowledge, we give you context to that knowledge.” Burley drew a parallel to the Hippocratic Oath and stressed the importance of socialization and culturalization processes. Davidson said the jobs have to be there as well. “If people get hungry, things change.”

Other posts from this event:

The secret to a successful school

Disclaimer: In the year or more since this blog started, I’ve made a concerted effort to avoid political discussion.  I have political opinions, some of them rather strong, but there are plenty of other places on the Internet where one can find barely-knowledgeable idiots ranting on about politics.  I’ve got other things that I’d rather talk about with my ones of readers.  With that in mind, today’s post isn’t intended to be a discussion of the political aspects of school policy, but just a look at what I consider to be interesting numbers.  You can draw whatever conclusions you like from it.

I am a member of the local newspaper’s community advisory board.  Once a month, the self-selected group sits down with the Executive Editor and the Managing Editor and we discuss various topics that help keep the newsroom connected with the community.  A few months ago, as the state legislature was negotiating the budget this year, the topic turned to education.  I knew that anything “for the childrens!” was likely to involve emotion and drama from all sides of the argument.  Arming myself with factual information would not only help me discuss the matter logically, but would give me enough to decide what my opinion even was.

What I did was not a rigorous analysis, it only took me an hour and involved only a few bits of data.  Using the state’s website, I found various statistics on public school districts in Lafayette and the surrounding areas.  The first step is defining what success is.  Success needs to be quantifiable to be useful, but for some reason, the state does not have a metric labeled “success.”  As proxies for the elusive “success” number, I used graduation rate, the percentage of graduates who go to college, and the pass rate for the ISTEP+ exam.

For the contributors to success, I tried to anticipate what would be commonly argued.  Since cutting school funding is a political sin, I looked at the dollars spent per student.  The teacher-to-student ratio is often used to indicate the quality of a particular school, so that data was added in.  Conservatives may argue that the school systems are over-burdened with administrators so I looked at the administrator-to-student ratio.  Liberals might suggest that poor and minority students are set up to fail, so I took a look at the percentage of minority enrollment, and use the percentage of students receiving free or reduced lunches as a proxy for income.  Having forgotten most of what I learned in my “Elementary Statistical Methods” class, I couldn’t do any impressive analysis.  What I did instead was to plot each factor against each measure of success.

Dollars per student

For the school districts I examined, the range of total spending per student ranged from $8,100 to $12,500.  It is interesting to note that there was statistically no effect of spending on the graduation rate or the ISTEP+ pass rate.  Spending and college enrollment rate were weakly related, but the relationship was negative.  That is to say that the more money spent per student, the smaller the percentage who went on to college.  It is important to note, of course, that correlation does not imply causation.  From the data, we cannot tell if spending more per student is likely to decrease those going to college, or if fewer students going to college means a district gets more funding to try to improve that metric.  Either way, you can’t tell how successful a school is by how much money it spends per student.

Teachers per student

The argument often put forth is that small class sizes lead to more individual attention, which allows each child to learn better.  That makes sense.  From my friends and relatives in education, I can say with confidence that larger class sizes hasten teacher frustration.  However, the data suggests that the educational success of a school district is improved by having fewer teachers per student.  Once again, two of the three pairs were meaningless — ISTEP+ and graduation were not statistically linked to the number of teachers.  The collegre rate did show a very weak relationship, but as the number of teachers increased, the percentage of students going to college dropped.  This makes sense in light of the spending, since having more teachers results in a higher cost.

Administrators per student

An increased number of administrators also brings a higher cost, but with arguably less benefit.  The numbers show that there is no benefit, at least as far as our “success” metrics are concerned, to having more administrators per student.  No doubt there are arguments both for and against having a higher number of administrators per student, and either can lead to different successful outcomes, none of which are what we’ve looked at.

Minority enrollment

It was not clear how the Indiana Department of Education defines “minority.”  As a result, it makes coming to conclusions based on the data a bit more difficult.  Fortunately, for ISTEP+ and college attendance, there’s no statistically significant relationship, so there’s no conclusions to make.  There is a weak relationship suggesting that as minority enrollment increases, the percentage of students graduating high school decreases.

Family income

I saved family income for last, because it alone had truly meaningful results.  As I said earlier, income data for each school district was not readily available.  Instead, I had to use the percentage of students on free or reduced-price lunch assistance as a proxy.  The higher the percentage, the poorer the district.  The range for this metric is from 14% (West Lafayette) to 66% (Lafayette and Frankfort).  It is interesting to note that Lafayette and Frankfort schools also have the highest percentage of minorities.  There’s only a weak relationship indicating poorer students are less likely to go to college, perhaps in part because of Indiana’s 21st Century Scholars program.  However, there’s a moderately strong relationship to suggest that wealthier students are more likely to pass ISTEP+ and to graduate high school.

So what is the secret to a successful school?  Don’t have poor students.  As I said above, this is not a rigorous analysis, but it is notable that our income proxy is the only factor that affected the success metrics picked.  I won’t speculate on an explanation.  Here’s some R-squared values for those who are stat geeks:

$/student teachers/student admin/student minority income
grad rate 0.00029 0.01131 0.01415 0.39579 0.68394
ISTEP+ pass rate 0.00705 0.06211 0.02814 0.06409 0.79488
college 0.34121 0.18075 0.07707 0.01112 0.3498