BUILDING THE NEXT GENERATION OF CYBER SECURITY PROFESSIONALS

Cyber security is an area of strategic and policy interest to governments and enterprises globally, which results in an increase in the demand for cyber security professionals. However, there is a lack of education based on sound theories, standards and practices. In this paper, we adapted the Situational Crime Prevention Theory and the NICE National Cybersecurity Workforce Framework in the design and delivery of our courses, particularly in the Cyber Security Exercise (CSE) which forms an integral part of the courses. The CSE is an attack/defence environment where students are grouped and given a virtual machine with which to host a number of services (e.g. HTTP(S), FTP and SSH) for access by other groups. The CSE is designed to mirror real-world environments where the students´ skills will be applied. An overview of the CSE architecture was also provided for readers interested in replicating the exercise in their institutions. Based on student assessment and feedback, we found that our approach was useful in transferring theoretical knowledge to practical skills suitable for the cyber security workforce

Overcoming the Challenges of Teaching Cybersecurity in UK Computer Science Degree Programmes

This Innovative Practice Full Paper explores the diversity of challenges relating to the teaching of cybersecurity in UK higher education degree programmes, through the lens of national policy, to the impact on pedagogy and practice.There is a serious demand for cybersecurity specialists, both in the UK and globally; there is thus significant and growing higher education provision related to specialist undergraduate and postgraduate courses focusing on varying aspects of cybersecurity. To make our digital systems and products more secure, all in IT need to know some cybersecurity — thus, there is a case for depth as well as breadth; this is not a new concern, but it is a growing one. Delivering cybersecurity effectively across general computer science programmes presents a number of challenges related to pedagogy, resources, faculty and infrastructure, as well as responding to industry requirements.Computer science and cognate engineering disciplines are evolving to meet these demands — both at school-level, as well as at university — however, doing so is not without challenges. This paper explores the progress made to date in the UK, building on previous work in cybersecurity education and accreditation by highlighting key challenges and opportunities, as well as identifying a number of enhancement activities for use by the international cybersecurity education community. It frames these challenges through concerns with the quality and availability of underpinning educational resources, the competencies and skills of faculty (especially focusing on pedagogy, progression and assessment), and articulating the necessary technical resources and infrastructure related to delivering rigorous cybersecurity content in general computer science and cognate degrees.Though this critical evaluation of an emerging national case study of cybersecurity education in the UK, we also present a number of recommendations across policy and practice — from pedagogic principles and developing effective cybersecurity teaching practice, challenges in the recruitment, retention and professional development of faculty, to supporting diverse routes into post-compulsory cybersecurity education (and thus, diverse careers) — to provide the foundation for potential replicability and portability to other jurisdictions contemplating related education and skills reform initiatives and interventions

Using Bloom\u27s and Webb\u27s Taxonomies to Integrate Emerging Cybersecurity Topics into a Computic Curriculum

Recent high profile hackings have cost companies millions of dollars resulting in an increasing priority to protect government and business data. Universities are under increased pressure to produce graduates with better security knowledge and skills, particularly emerging cybersecurity skills. Although accredited undergraduate computing programs recognize the need to solve this problem, these computing programs are constrained by accreditation standards and have limited ability to modify their curricula. This paper discusses a case study on how one Accreditation Board for Engineering and Technology (ABET) accredited undergraduate IT program created a strategy to continue to teach existing security-related topics as well as emerging cybersecurity topics within its IT curriculum without increasing credit requirements. The faculty developed an IT Security-related and Cybersecurity Curriculum Taxonomy to identify strategies to move security-related topics taught in the higher level courses to lower and intermediate courses. Thus emerging cybersecurity topics could be added to high-level courses. The faculty also created the IT Student Learning (Security-related) Taxonomy by combining Bloom’s Taxonomy’s six levels of thinking with Webb’s Depth of Knowledge Model. This student learning taxonomy enabled the faculty to review the student learning outcomes for each of the existing security-related core topics and develop new ones for the emerging cybersecurity topics. Challenges, benefits, and application of this strategy to other disciplines are discussed

Cybersecurity, Technology, and Society: Developing an Interdisciplinary, Open, General Education Cybersecurity Course

This paper describes an interdisciplinary effort involving faculty from five different disciplines who came together to develop an interdisciplinary, open, general education cybersecurity course. The course, Cybersecurity, Technology, and Society, brings together ideas from interdisciplinary studies, information technology, engineering, business, computer science, criminal justice, and philosophy to provide students an interdisciplinary introduction to cybersecurity. We provide an overview of the rationale for the course, the process the authors went through developing the course, a summary of the course modules, details about the open education resources used as readings, and the types of assignments included in the class. We conclude by offering recommendations for others developing similar courses

Teaching cybersecurity: a project-based learning and guided inquiry collaborative learning approach

Cybersecurity is integral to modern life but it is often overlooked and taken for granted, creating an ever-increasing problem for governments, businesses, and consumers alike and costing billions of dollars in investments losses, disaster recovery expenses, and regulatory fines. Compounding this problem is the alarming shortage of cybersecurity professionals worldwide that has continued to worsen. In 2015, industry experts estimated a shortfall of 1.5 million cybersecurity professionals by 2019. The revised estimate in 2019 was 3 million and growing. For these reasons, educating and training cybersecurity professionals has become a top priority for governments and companies around the world. This research study investigates the performance of established student-centered active learning models. It combines Project-Based Learning (PBL) and Guided Inquiry Collaborative Learning (GICL) learning models to teach cybersecurity. Following Bloom’s Taxonomy pedagogical practices, a PBL-GICL framework and activities were developed for teaching a Cybersecurity Biometrics class. Scaffolding activities included items like lab assignments, guided inquiry questions, and a semester long project where students, through experimentation, designed and developed an optical fingerprint reader using a Raspberry Pi, a camera, a prism, and a 3D printed case. Embedded assessments consisting of a survey, peer reviews, exam questions, and research data from a published study that uses Process Oriented Guided Inquiry Learning (POGIL) to teach cybersecurity modules, are used to evaluate the following research questions: 1. How does PBL-GICL approach compare to POGIL as a learning model for teaching cybersecurity? 2. How effective is the PBL-GICL approach for teaching cybersecurity concepts? 3. What are the challenges and opportunities in implementing PBL-GICL to teach cybersecurity? Quantitative analysis of the survey data suggests that PBL-GICL performance is comparable to POGIL and exceeds it in categories like teamwork experience, motivation, and engagement. The data also suggests that the PBL-GICL approach is an effective student-centered learning model for teaching cybersecurity concepts. Lastly, several challenges concerning online teaching and opportunities for process improvements to implement PBL-GICL are discussed. These findings are important to mitigate the shortfall of qualified cybersecurity professionals by identifying effective student-centered active learning models that motivate and engage students