Assessing the Maturity of Cybersecurity Education in Virginia and the Impact of State Level Investment

With a global shortage of cybersecurity students with the education and experience necessary to fill more than 3 million jobs, cybersecurity education is an international problem. Significant research within this field has explored this problem in depth, identifying a variety of shortcomings in the cybersecurity educational pipeline including lack of certifications, security clearances, and appropriate educational opportunities within institutions of higher education. Additional research has built on this, exploring specific gaps within what cybersecurity opportunities are provided within institutions of higher education. We build an ordinal scale for assessing this, the cybersecurity education maturity model scale (CEMMs), and provide evidence of reliability and validity. We then calculate the CEMMs score for all public four-year universities in the state of Virginia between 2017 and 2025, with 2017 marking a year in which the state started the Commonwealth Cyber Initiative (CCI). We find that the scale proposed provides a consistent and reliable way to compare the cybersecurity offerings available between universities. When comparing year to year average CEMMs score, we find that public four year universities in Virginia are increasing their program offerings in the area of cybersecurity, with potential to make an impact on the cybersecurity jobs gap.