Lesley Carhart 
I wrote a plea to cybersecurity curriculum developers about what I would like to see covered in OT cybersecurity coursework. https://tisiphone.net/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
The Top 10 Things I’d Like to See in University OT Cybersecurity Curriculum (2025 Edition)

Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incide…

Lesley Carhart's Cybersecurity Blog
Sep 11, 2025 at 3:05amWeb
Show threadAngus Marshall  Sep 11, 2025
@hacks4pancakes sorry, UK is constrained by NCSC accreditation requirements. (management like it)
Show threadSevenSep 11, 2025

@hacks4pancakes I really wish more people would pay attention to the fundamentals and "boring stuff".

We should get your list and have students recite it every morning like a pledge.

Show threadG1N&TSep 11, 2025
@hacks4pancakes "I can teach a young person with good foundations and critical thinking to use any tools, but I cannot teach a young person who has only learned tools years of foundations and critical thinking"
Nailed it here!
It applies to the whole cybersecurity field. In my opinion, cybersecurity specific degrees do more harm than good in that respect.
Show threadJohn TimaeusSep 12, 2025

@hacks4pancakes

Thank you for this. It vindicates a lot of what I've be preaching as we develop courses. And it helps clarify what we need to be paying attention to.

One area we are weak on is "system of system" thinking. Can you suggest some references as good starting points?

I'm currently working through the SEBoK, which has some good ideas, but is also largely self-referential.

(At least so far, maybe it'll get better after they kill off a couple of main characters.)

Show threadjjesseSep 12, 2025
@hacks4pancakes Point #1 "Don't skip the fundamentals" resonated with me. I know so may people who do "security" that don't actually understand how the device works. Especially in a culture where it's easier to buy new then fix. Thanks for sharing and writing this article.
Show threadJohnOCFIISep 12, 2025
@hacks4pancakes As someone who’s been in technology for a long time, this list is so on-point - even for areas outside of OT. Fundamentals are lacking across the board, seeing real-world environments and up-to-date exploits are super helpful, and often missing.