There is a worldwide shortage of information security specialists. Increased professional training through academic institutions is needed to help fill this demand. In this paper we describe our extensive experience in information security/assurance education over the past twelve years highlighting some of the lessons that we have learned. We describe our current flexible information security education program and discuss future developments in this program.