Improving cybersecurity education is a priority for many countries and organizations worldwide. Computing societies and professional associations have recognized cybersecurity as a distinctive computing discipline and created specialized cybersecurity curricular frameworks. Higher education institutions are introducing new cybersecurity programs, drawing students to this growing field. In this position paper, we examined 101 study programs in 24 countries. Based on their analysis, we argue that top-ranked universities have not yet fully reflected the guidelines and offer programs that have “cyber” in their name but lack some of the necessary essences of a cybersecurity program. In particular, most programs do not sufficiently cover non-technical aspects, such as law, policies, or risk management. Also, most programs teach knowledge and skills but do not expose students to experiential learning outside the traditional classroom environment (such as internships) to develop their competencies. As a result, graduates of these programs may fail to meet the expectations of their future employers and may require additional training. To inspire program directors and educators when improving their programs and courses, this paper offers examples of good practice from selected cybersecurity programs around the world and our own teaching practice.