Although many Computer Science (CS) programs offer cybersecurity courses, they are typically optional and placed at the periphery of the program. We advocate to integrate cybersecurity as a crosscutting concept in CS curricula, which is also consistent with latest cybersecurity curricular guidelines, e.g., CSEC2017. We describe our experience of implementing this crosscutting intervention across three undergraduate core CS courses at a leading technical university in Europe between 2018 and 2023, collectively educating over 2200 students. The security education was incorporated within CS courses using a partnership between the responsible course instructor and a security expert, i.e., the security expert (after consultation with course instructors) developed and taught lectures covering multiple CSEC2017 knowledge areas. This created a complex dynamic between three stakeholders: the course instructor, the security expert, and the students. We reflect on our intervention from the perspective of the three stakeholders -- we conducted a post-course survey to collect student perceptions, and semi-supervised interviews with responsible course instructors and the security expert to gauge their experience. We found that while the students were extremely enthusiastic about the security content and retained its impact several years later, the misaligned incentives for the instructors and the security expert made it difficult to sustain this intervention without organizational support. By identifying limitations in our intervention, we suggest ideas for sustaining it.

翻译：尽管许多计算机科学（CS）项目提供网络安全课程，但这些课程通常是选修课且处于项目边缘。我们主张将网络安全作为CS课程中的一个贯穿概念进行整合，这也与最新的网络安全课程指南（如CSEC2017）一致。我们描述了在2018年至2023年间，在欧洲一所顶尖科技大学的三门本科核心CS课程中实施这一贯穿式干预措施的经验，总共培养了超过2200名学生。安全教育通过负责任课教师与安全专家的合作被纳入CS课程，即安全专家（在与课程教师协商后）开发并讲授涵盖多个CSEC2017知识领域的课程。这创造了三个利益相关者——课程教师、安全专家和学生——之间的复杂动态。我们从三个利益相关者的角度反思了我们的干预措施——我们进行了课后调查以收集学生的感知，并对负责任课教师和安全专家进行了半结构化访谈以评估他们的体验。我们发现，尽管学生对安全内容极为热情，并在数年后仍能感受到其影响，但教师和安全专家之间的激励不匹配使得这种干预措施在缺乏组织支持的情况下难以持续。通过识别我们干预措施的局限性，我们提出了维持该措施的想法。