It can also make sense to teach digital security in the context of other classes, rather than separating it out into its own category. Another CUNY journalism professor, New York Times reporter Andy Lehren, says that he mentions tools like Tor and public and private keys in his international reporting classes. Jane Kirtley, who teaches at the University of Minnesota’s School of Journalism and Mass Communication, says that she has been disappointed with her colleagues’ response to this gap in the school’s curriculum—but that at least she knows the students will hear about it from her, in the program’s required media law course. It’s not enough to teach the basic legal concepts of tort and libel, says Kirtley; she’s also got to warn her students about the threat of hackers and third-party subpoenas.

Kirtley also says that one positive outcome of the Snowden revelations of NSA surveillance has been a more widespread awareness of digital security issues in general. The NSA isn’t a threat to reporters’ everyday work, but it’s such an explosive story that it has gotten people thinking about all of the other threats out there, too. “Even the students who are the most disconnected from the news have heard about that—and it has made them think twice about the security of their communications,” she says.

The basic concepts of digital security also fit logically into classes that teach investigative reporting and computer-based research. Charles Seife, a professor of investigative journalism at the Arthur L. Carter Journalism Institute at New York University whom Santo interviewed (and who, in fact, recently came out as a former NSA employee) says now that the school’s curriculum hasn’t changed since then, nor have his views on the topic.

“I believe that by teaching students the incredible power of information—how to use even tiny information leaks to knit together a skein of knowledge about a subject—they naturally become much more aware of how valuable and fragile a resource information is…they then (often) become much more jealous of guarding their own,” Seife wrote in an email. “Infosec is, in many ways, the flip side of digital investigative reporting—any course which goes deep into the latter will typically give a lot of information about the former.”

Another important question, aside from how to teach these concepts, is who exactly needs to learn them. Should digital security training be required for all graduates? Or should it be offered as some sort of elective? Or, maybe that’s a false dichotomy; maybe there’s a better and entirely different way to think about it?

In her piece last year, Santo quoted digital security expert and ACLU technologist Christopher Soghoian—who had written an op-ed in The New York Times on the topic a few months earlier—voicing his frustration at the lack of this type of training in journalism programs:

Soghoian is irked by the fact that most journalism programs offer a plethora of courses in video, audio, and social media, while not training students in what he sees as a basic foundational knowledge of how to protect the information they’re gathering. “It’s not like journalists are so ignorant they cannot be taught about technology,” says Soghoian. “This is just another skill they have to be taught. [Journalism schools] are going to need to rethink their curriculum. They’re going to need to have a course that every student is required to take.”

At the time, some of the professors Santo interviewed pushed back on that last point, that “every student” should be “required” to take it. For instance, NYU journalism professor Adam Penenberg told Santo that the NYU program didn’t require all students to learn comsec for the same reason that they didn’t require all students to learn “how to line up ‘fixers’ in a war-ravaged nation or go undercover with a hidden camera. Only a fraction of students will ever need those skills.”

Lauren Kirchner is a freelance writer covering digital security for CJR. Find her on Twitter at @lkirchner