Multinational perspectives on information technology from academia and industry

As the term \u27information technology\u27 has many meanings for various stakeholders and continues to evolve, this work presents a comprehensive approach for developing curriculum guidelines for rigorous, high quality, bachelor\u27s degree programs in information technology (IT) to prepare successful graduates for a future global technological society. The aim is to address three research questions in the context of IT concerning (1) the educational frameworks relevant for academics and students of IT, (2) the pathways into IT programs, and (3) graduates\u27 preparation for meeting future technologies. The analysis of current trends comes from survey data of IT faculty members and professional IT industry leaders. With these analyses, the IT Model Curricula of CC2005, IT2008, IT2017, extensive literature review, and the multinational insights of the authors into the status of IT, this paper presents a comprehensive overview and discussion of future directions of global IT education toward 2025

Exploring the Value of Non-Technical Knowledge, Skills, and Abilities (KSAs) to Cybersecurity Hiring Managers

Industry's demand for cybersecurity workers with non-technical knowledge, skills, and abilities (KSAs) that complement technical prowess is not new. The purpose of this study was to connect with cybersecurity practitioners to determine which non-technical KSAs should be emphasized by educators to help meet workforce demands. This research applies a novel application of the Ground Truth Expertise Development Model (GTEDM) for exploring suitable non-technical and particularly soft KSAs necessary for cybersecurity professional development programs. This study focused on the definition and competency determination step and provided foundational KSA prioritization for further research. The field overwhelmingly agreed that non-technical skills were essential to a cybersecurity worker's success. The qualitative process produced three themes as non-technical KSA areas of the most significant import to the cybersecurity field. These KSA themes required included critically using information, communications skills, and collaboration to pursue customer/client success. The findings produce a more comprehensive list of hard, soft, and mixed non-technical skills that will benefit the public, private, and academic sector organizations as they develop cybersecurity curricula

Toward a Student-Ready Cybersecurity Program: Findings from a Survey of STEM-Students

As the number of available cybersecurity jobs continues to grow, colleges strive to offer to their cybersecurity students an environment which will make them sufficiently prepared to enter the workforce after graduation. This paper explores the academic and professional needs of STEM-students in various higher education institutions across Virginia and how cybersecurity programs can cater to these needs. It also seeks to propose an evidence-based approach for improving the existing cybersecurity programs so that they can become more inclusive and student-ready. A survey of 251 college students in four higher-education institutions in Virginia showed that while there are common patterns observed across gender and race, there are still areas in which more should be done regarding some of these groups. In particular, some discrepancies are observed across gender when it comes to students’ preparation with business fundamentals, the overall satisfaction of the received STEM education, and across race and ethnicity, when it comes to college advising, peer-mentoring, tutoring and faculty mentoring. The results from this study inform specific recommendations that will bring higher-education institutions and their cybersecurity program to a more student-ready level. Cover Page Footnote This research is supported in part by the National Science Foundation under grant DGE1914613 and the Commonwealth Cyber Initiative

Alumni Perceptions of Cybersecurity Employment Preparation Using the NICE Framework

The cybersecurity workforce suffers from an ongoing talent shortage and a lack of information correlating cybersecurity education programs to alumni employment outcomes. This cross-sectional study evaluated the post-graduation employment outcomes of alumni who attended two-year colleges designated by the National Security Agency (NSA) as Centers of Academic Excellence in Cyber Defense (CAE-CD). Stakeholders of this project were identified as government agencies, the NSA, employers, faculty, students, and organizations that rely on cybersecurity talent to keep their systems secure from cyberattacks. This study used the explanatory sequential mixed methods approach to compare perceptions of the intended Program of Study work roles to alumni employment outcomes using the NICE Framework work roles. This multi-phased, nested sample study included CAE-CD designated Points of Contact (POCs) at two-year colleges and their alumni. The first phase included a call for participation requesting POCs to provide academic program information via online survey and to contact their cybersecurity program alumni with a link to an online survey. The second phase of the study included an online survey requesting that the alumni provide data about their work experience, academic program information, industry-recognized certification achieved, and any co/extra-curricular participation. Overall, the demographics of the alumni sample were more diverse than those of the U.S. cybersecurity workforce and the alumni noted that their two-year academic programs were important to the preparation for their current job. Of the alumni who reported they were currently employed, approximately 80% held technology-related positions. Recommendations are made for the use of the resulting knowledge by cybersecurity stakeholders to better understand the employment outcomes of two-year college alumni from CAE-CD cybersecurity programs

CYBEREDUCATION-BY-DESIGN™: DEVELOPING A FRAMEWORK FOR CYBERSECURITY EDUCATION AT SECONDARY EDUCATION INSTITUTIONS IN ARIZONA

Most survey results agree that there is a current and ongoing shortage of skilled cybersecurity workers that places our privacy, infrastructure, and nation at risk. Estimates for the global Cybersecurity Workforce Gap range from 2.72 million (ISC2, 2021) to 3.5 million (Cyber Academy, 2021) for 2021 and the United States estimates range from 465,000 (Brooks, 2021) to over 769,000 (Cyber Seek, 2022) open jobs as of November 2022. The most optimistic estimates still demonstrate a critical issue. As cybersecurity threats continue to grow in sophistication, scope, and scale, the ability to secure the United States from these threats lies in the ability to develop cybersecurity professionals with the knowledge, skills, and abilities (KSAs) to accomplish the tasks associated with their cyber roles. The ability to supply qualified cybersecurity professionals is outpaced by the growing demand as previously outlined. This study proposes that conducting a case study of existing cybersecurity programs at secondary education institutions can identify the critical elements of these programs. These elements can be codified into program profiles and further refined into a comprehensive cybersecurity education framework for secondary education institutions. This framework can be used by school districts throughout Arizona to develop cybersecurity programs and ultimately develop qualified and competent cybersecurity professionals to overcome the cybersecurity workforce gap

CEPS Task Force on Artificial Intelligence and Cybersecurity Technology, Governance and Policy Challenges Task Force Evaluation of the HLEG Trustworthy AI Assessment List (Pilot Version). CEPS Task Force Report 22 January 2020

The Centre for European Policy Studies launched a Task Force on Artificial Intelligence (AI) and Cybersecurity in September 2019. The goal of this Task Force is to bring attention to the market, technical, ethical and governance challenges posed by the intersection of AI and cybersecurity, focusing both on AI for cybersecurity but also cybersecurity for AI. The Task Force is multi-stakeholder by design and composed of academics, industry players from various sectors, policymakers and civil society. The Task Force is currently discussing issues such as the state and evolution of the application of AI in cybersecurity and cybersecurity for AI; the debate on the role that AI could play in the dynamics between cyber attackers and defenders; the increasing need for sharing information on threats and how to deal with the vulnerabilities of AI-enabled systems; options for policy experimentation; and possible EU policy measures to ease the adoption of AI in cybersecurity in Europe. As part of such activities, this report aims at assessing the High-Level Expert Group (HLEG) on AI Ethics Guidelines for Trustworthy AI, presented on April 8, 2019. In particular, this report analyses and makes suggestions on the Trustworthy AI Assessment List (Pilot version), a non-exhaustive list aimed at helping the public and the private sector in operationalising Trustworthy AI. The list is composed of 131 items that are supposed to guide AI designers and developers throughout the process of design, development, and deployment of AI, although not intended as guidance to ensure compliance with the applicable laws. The list is in its piloting phase and is currently undergoing a revision that will be finalised in early 2020. This report would like to contribute to this revision by addressing in particular the interplay between AI and cybersecurity. This evaluation has been made according to specific criteria: whether and how the items of the Assessment List refer to existing legislation (e.g. GDPR, EU Charter of Fundamental Rights); whether they refer to moral principles (but not laws); whether they consider that AI attacks are fundamentally different from traditional cyberattacks; whether they are compatible with different risk levels; whether they are flexible enough in terms of clear/easy measurement, implementation by AI developers and SMEs; and overall, whether they are likely to create obstacles for the industry. The HLEG is a diverse group, with more than 50 members representing different stakeholders, such as think tanks, academia, EU Agencies, civil society, and industry, who were given the difficult task of producing a simple checklist for a complex issue. The public engagement exercise looks successful overall in that more than 450 stakeholders have signed in and are contributing to the process. The next sections of this report present the items listed by the HLEG followed by the analysis and suggestions raised by the Task Force (see list of the members of the Task Force in Annex 1)

Faculty and Advisor Advice for Cybersecurity Students: Liberal Arts, Interdisciplinarity, Experience, Lifelong Learning, Technical Skills, and Hard Work

The value of academic advising has been increasingly emphasized in higher education. In this study, attention is given to the most significant types of advice that a sample of cybersecurity faculty and advisors from the Commonwealth of Virginia recommend giving to cybersecurity students. The results show that faculty and advisors recommended that students be aware of six different aspects of cybersecurity education including the value of experience, the need for lifelong learning, the importance of hard work, the need to develop technical skills, the interdisciplinary nature of cybersecurity, and the need to develop liberal arts or professional/soft skills. Implications of the findings include the need to embrace the advising of cybersecurity students, the importance of helping cybersecurity faculty and advisors deliver effective advising, and recognition that good advising is more than simply telling students which classes to take

Innovations from Academia around Cybersecurity Workforce and Faculty Development

Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cybersecurity related roles. Colleges and universities have created certificates, undergraduate, and graduate programs to train professionals in these job roles. The challenge to meeting the cybersecurity workforce shortage through degree programs is intensified by the reality of the limited number of cybersecurity experts and faculty at colleges and universities based on the qualifications outlined by regionally accredited and state accrediting bodies. Before 2005 doctoral degrees in cybersecurity did not exist, so many faculty that have been teaching computer science and management information systems that completed their doctoral degree before 2005 could need significant re-education on the academic level in cybersecurity. This paper explores the essential need to develop more doctorate faculty in cybersecurity and to create an 18-credit hour post-doctoral diploma bridge programs in cybersecurity. The conceptual paper uses a review of the literature and previous research to make the argument for these programs

Editorial

Since 2016, it has been the mission of the Journal of Cybersecurity Education, Research, and Practice (JCERP) to be a premier outlet for high-quality information security and cybersecurity-related articles of interest to teaching faculty and students. This is the 13th edition of the (JCERP) and, as ever, we are seeking authors who produce high-quality research and practice-oriented articles focused on the development and delivery of information security and cybersecurity curriculum, innovation in applied scholarship, and industry best practices in information security and cybersecurity in the enterprise for double-blind review and publication. The journal invites submissions on Information Security, Cybersecurity, and related topics such as those found in this edition