Kirtley also says that one positive outcome of the Snowden revelations of NSA surveillance has been a more widespread awareness of digital security issues in general. The NSA isn’t a threat to reporters’ everyday work, but it’s such an explosive story that it has gotten people thinking about all of the other threats out there, too. “Even the students who are the most disconnected from the news have heard about that—and it has made them think twice about the security of their communications,” she says.

The basic concepts of digital security also fit logically into classes that teach investigative reporting and computer-based research. Charles Seife, a professor of investigative journalism at the Arthur L. Carter Journalism Institute at New York University whom Santo interviewed (and who, in fact, recently came out as a former NSA employee) says now that the school’s curriculum hasn’t changed since then, nor have his views on the topic.

“I believe that by teaching students the incredible power of information—how to use even tiny information leaks to knit together a skein of knowledge about a subject—they naturally become much more aware of how valuable and fragile a resource information is…they then (often) become much more jealous of guarding their own,” Seife wrote in an email. “Infosec is, in many ways, the flip side of digital investigative reporting—any course which goes deep into the latter will typically give a lot of information about the former.”

Another important question, aside from how to teach these concepts, is who exactly needs to learn them. Should digital security training be required for all graduates? Or should it be offered as some sort of elective? Or, maybe that’s a false dichotomy; maybe there’s a better and entirely different way to think about it?

In her piece last year, Santo quoted digital security expert and ACLU technologist Christopher Soghoian—who had written an op-ed in The New York Times on the topic a few months earlier—voicing his frustration at the lack of this type of training in journalism programs:

Soghoian is irked by the fact that most journalism programs offer a plethora of courses in video, audio, and social media, while not training students in what he sees as a basic foundational knowledge of how to protect the information they’re gathering. “It’s not like journalists are so ignorant they cannot be taught about technology,” says Soghoian. “This is just another skill they have to be taught. [Journalism schools] are going to need to rethink their curriculum. They’re going to need to have a course that every student is required to take.”

At the time, some of the professors Santo interviewed pushed back on that last point, that “every student” should be “required” to take it. For instance, NYU journalism professor Adam Penenberg told Santo that the NYU program didn’t require all students to learn comsec for the same reason that they didn’t require all students to learn “how to line up ‘fixers’ in a war-ravaged nation or go undercover with a hidden camera. Only a fraction of students will ever need those skills.”

So, has that changed? Contacted again this week, Penenberg said that “in response to all the NSA hullaballoo” he has incorporated encryption into his syllabus and invited guest speakers like’s Bryan Nunez to discuss digital security especially when reporting abroad. But, his overall opinion remains unchanged: “The truth is that very few reporters will ever need to encrypt communications and communicate with top secret sources,” Penenberg wrote in an email.

Steve Doig, who, when not delivering standing-room-only “Spycraft” lectures, teaches at Arizona State University’s Walter Cronkite School of Journalism, echoed Penenberg’s point. While some students may go on to do highly sensitive national security reporting, others may cover Hollywood or the like, Doig says—but all students should at least be aware of the issues at stake, whether or not they end up needing to act on them. An occasion where a source’s life is at stake is relatively rare, but if that occasion arises, it’s vital that everyone involved knows how to handle it.

Doig says he’s certainly no techie, but he tells his students about the basics, like buying burner phones, using cash, and doing anonymous searching, and then he recommends tools and resources where they can learn more if they need to. “Who knows what people will wind up doing?” says Doig. “But if I’ve at least implanted a tiny touch of paranoia in them, then I will have met my goal.”

Lauren Kirchner is a freelance writer covering digital security for CJR. Find her on Twitter at @lkirchner