Bridging the Gap Between Cybersecurity Education and GRC Industry Needs

An Academic–Industry Perspective from PSUT

Cybersecurity education has made impressive progress over the past decade. Universities now offer specialized degrees, advanced labs, and strong technical foundations. Yet a persistent concern remains across consulting firms, audit practices, and security leadership teams:

"Many cybersecurity graduates are technically capable, but not fully prepared for Governance, Risk, and Compliance (GRC) roles."

This gap is not accidental. It reflects a structural disconnect between how cybersecurity is traditionally taught and how cybersecurity is actually practiced in organizations—where governance, risk management, and compliance shape almost every security decision.
From my experience teaching cybersecurity and developing academic programs at Princess Sumaya University for Technology (PSUT), this challenge is real—but it is also solvable.

What We Observed at PSUT

At PSUT, several signals highlighted this gap:

  • Employer feedback on graduate readiness
  • Student uncertainty during capstone projects and internships
  • Alumni reflections from their early professional years

Technically, students performed well. Conceptually, many struggled with:

  • Risk ownership and accountability
  • Governance structures and decision-making
  • Compliance beyond checklist thinking

This led to a key realization: “Producing strong cybersecurity graduates requires more than technical depth—it requires GRC literacy”
From my experience teaching cybersecurity and developing academic programs at Princess Sumaya University for Technology (PSUT), this challenge is real—but it is also solvable.

Moving Beyond a Single GRC Course

Rather than treating GRC as a standalone or “non-technical” topic, PSUT adopted a broader integration approach that combined curriculum design, industry partnership, and student engagement. A central pillar of this approach was partnering with ISACA, a global leader in GRC frameworks, professional certification, and standardization. This partnership helped anchor GRC education in:

  • Real-world frameworks used by industry
  • Practical governance and risk concepts
  • Professional expectations beyond academia
Establishing the ISACA Student Group at PSUT

To reinforce this integration beyond the classroom, PSUT established an ISACA Student Group, which became a powerful driver of cultural change over multiple years. Over a four-year period, the student group’s primary activities included:

  • Inviting GRC practitioners, auditors, and consultants to campus
  • Hosting talks focused on real industry roles in governance, risk, audit, and compliance
  • Exposing students to career paths they had not previously considered
  • Demonstrating how GRC operates in practice—not just in textbooks

These engagements had a clear and measurable impact. Students began to see GRC not as “non-technical overhead,” but as:

  • A legitimate cybersecurity career path
  • A bridge between technology and leadership
  • A domain where strong analytical and communication skills matter
Curriculum Impact: Student-Driven Demand

One of the most telling outcomes was what happened next. Motivated by industry exposure, many students actively chose technical electives focused on GRC-related areas, including:

  • IT Governance and Management (COBIT-based)
  • IT Risk Management
  • IT Audit
  • Cybersecurity Audit

These courses required students to analyze risk, justify controls, and communicate findings—skills directly aligned with industry needs. This demonstrated a critical insight: “When students understand why GRC matters, they actively seek it out.”

Curriculum Impact: Student-Driven Demand

Read Also

ITSCT C8_8-100
IT Security C&T Shines as Gold Sponsor atthe C8 Conference – Dead Sea, Jordan
December 22, 2025
Andersen Global Partner_1-100
IT Security C&T Participates in theAndersen Global Partner Eventin Las Vegas
December 22, 2025
CBJ Cybersecurity -100
First Cohort of 40 Participants Completes CBJ CybersecurityBootcamp 2025
December 22, 2025
PDPL Practical Workshop_2-100
PDPL Practical Workshop Concludes Successfully in Jordan
December 22, 2025
ITSCT-_10-100
NCSC and IT Security C&T Celebrate Graduationof The “Tahseen” Program
December 22, 2025
Cyber Nashama 9 1-100
Cyber Nashama 9
December 22, 2025
ITSCT-NEWS465468-100
Cybersecurity Training Program Successfully Completed
December 22, 2025
CHFI_Training_Program-100
Successful Completion of CHFI Training Program
December 22, 2025
ITSC_NEWS_N15-100
IT Security C&T Job Fair 2025
December 22, 2025
ITSC_NEWS_N03-100
Delivering Multiple Cybersecurity Training Programs Across Jordan
December 22, 2025