This paper critically reviews the state of cybersecurity education in the United States, focusing on two main sources of data: Programs of Study from Centers of Academic Excellence in Cybersecurity (CAE-C) designated by the National Security Agency, and peer-reviewed research in the field over the last decade. The review identifies trends, gaps, and proposes improvements in cybersecurity education. **Key Findings:** 1. **Programs at CAE-C Institutions:** - 100 CAE-C institutions were sampled, with a wide variety of programs offered, including Bachelor's Degrees, certificates, Associate Degrees, minors, and concentrations. - The number of cybersecurity-specific courses varies significantly among institutions, reflecting the flexible requirements of the CAE-C program. - Only 8% of program descriptions reference the NICE Framework, and 20% list targeted job types, indicating a need for better alignment with industry needs. 2. **Research Literature:** - A systematic review of 50 papers from ACM and IEEE databases found a strong focus on instructional content and tools, but a lack of rigorous evaluation of instructional methods. - Only 16% of papers included empirical studies comparing different content, tools, or methods, highlighting the need for more empirical research. **Conclusions:** - The CAE-C program serves as a benchmark for cybersecurity education, but there is a need for better alignment between academic programs and industry needs. - Improving instructional design and adopting educational psychology concepts, such as cognitive load theory, could enhance the effectiveness of cybersecurity education. - Widespread adoption of tools like the NICE Framework, CSEC2017, and CC2020 could help bridge the skill gap between graduates and industry expectations. **Keywords:** - cybersecurity, education, curriculum, instructional design **CCS Concepts:** - Social and professional topics → Computing education programs; Model curricula; Employment issues; Computing organizations.This paper critically reviews the state of cybersecurity education in the United States, focusing on two main sources of data: Programs of Study from Centers of Academic Excellence in Cybersecurity (CAE-C) designated by the National Security Agency, and peer-reviewed research in the field over the last decade. The review identifies trends, gaps, and proposes improvements in cybersecurity education. **Key Findings:** 1. **Programs at CAE-C Institutions:** - 100 CAE-C institutions were sampled, with a wide variety of programs offered, including Bachelor's Degrees, certificates, Associate Degrees, minors, and concentrations. - The number of cybersecurity-specific courses varies significantly among institutions, reflecting the flexible requirements of the CAE-C program. - Only 8% of program descriptions reference the NICE Framework, and 20% list targeted job types, indicating a need for better alignment with industry needs. 2. **Research Literature:** - A systematic review of 50 papers from ACM and IEEE databases found a strong focus on instructional content and tools, but a lack of rigorous evaluation of instructional methods. - Only 16% of papers included empirical studies comparing different content, tools, or methods, highlighting the need for more empirical research. **Conclusions:** - The CAE-C program serves as a benchmark for cybersecurity education, but there is a need for better alignment between academic programs and industry needs. - Improving instructional design and adopting educational psychology concepts, such as cognitive load theory, could enhance the effectiveness of cybersecurity education. - Widespread adoption of tools like the NICE Framework, CSEC2017, and CC2020 could help bridge the skill gap between graduates and industry expectations. **Keywords:** - cybersecurity, education, curriculum, instructional design **CCS Concepts:** - Social and professional topics → Computing education programs; Model curricula; Employment issues; Computing organizations.