Although many Computer Science (CS) programs offer cybersecurity courses, they are typically optional and placed at the periphery of the program. We advocate to integrate cybersecurity as a crosscutting concept in CS curricula, which is also consistent with latest cybersecurity curricular guidelines, e.g., CSEC2017. We describe our experience of implementing this crosscutting intervention across three undergraduate core CS courses at a leading technical university in Europe between 2018 and 2023, collectively educating over 2200 students. The security education was incorporated within CS courses using a partnership between the responsible course instructor and a security expert, i.e., the security expert (after consultation with course instructors) developed and taught lectures covering multiple CSEC2017 knowledge areas. This created a complex dynamic between three stakeholders: the course instructor, the security expert, and the students. We reflect on our intervention from the perspective of the three stakeholders -- we conducted a post-course survey to collect student perceptions, and semi-supervised interviews with responsible course instructors and the security expert to gauge their experience. We found that while the students were extremely enthusiastic about the security content and retained its impact several years later, the misaligned incentives for the instructors and the security expert made it difficult to sustain this intervention without organizational support. By identifying limitations in our intervention, we suggest ideas for sustaining it.

翻译：尽管许多计算机科学项目提供网络安全课程，但这类课程通常是选修课且被置于项目边缘。我们主张将网络安全作为计算机科学课程中的交叉概念融入教学，这与最新网络安全课程指南（如CSEC2017）保持一致。本文描述了2018年至2023年间，我们在欧洲一所顶尖技术大学的三个本科核心计算机科学课程中实施这一交叉干预的经验，累计教育超过2200名学生。通过课程主讲教师与安全专家的合作，在计算机科学课程中融入了安全教育——即安全专家（与课程讲师协商后）开发并讲授涵盖多个CSEC2017知识领域的讲座。这形成了课程讲师、安全专家和学生三方利益相关者之间的复杂动态关系。我们从三个利益相关者的视角反思了本次干预：通过课程后问卷调查收集学生反馈，并对课程讲师和安全专家进行半结构化访谈以评估其体验。研究发现，尽管学生对安全内容极为热情且多年后仍能记住其影响，但讲师与安全专家之间激励机制的错位使得该干预难以在没有组织支持的情况下持续。通过识别干预中的局限性，我们提出了维持该干预可持续性的建议。