CYBEREDUCATION-BY-DESIGN™: DEVELOPING A FRAMEWORK FOR CYBERSECURITY EDUCATION AT SECONDARY EDUCATION INSTITUTIONS IN ARIZONA

Most survey results agree that there is a current and ongoing shortage of skilled cybersecurity workers that places our privacy, infrastructure, and nation at risk. Estimates for the global Cybersecurity Workforce Gap range from 2.72 million (ISC2, 2021) to 3.5 million (Cyber Academy, 2021) for 2021 and the United States estimates range from 465,000 (Brooks, 2021) to over 769,000 (Cyber Seek, 2022) open jobs as of November 2022. The most optimistic estimates still demonstrate a critical issue. As cybersecurity threats continue to grow in sophistication, scope, and scale, the ability to secure the United States from these threats lies in the ability to develop cybersecurity professionals with the knowledge, skills, and abilities (KSAs) to accomplish the tasks associated with their cyber roles. The ability to supply qualified cybersecurity professionals is outpaced by the growing demand as previously outlined. This study proposes that conducting a case study of existing cybersecurity programs at secondary education institutions can identify the critical elements of these programs. These elements can be codified into program profiles and further refined into a comprehensive cybersecurity education framework for secondary education institutions. This framework can be used by school districts throughout Arizona to develop cybersecurity programs and ultimately develop qualified and competent cybersecurity professionals to overcome the cybersecurity workforce gap

Using Simulations to Prepare for College and Careers in Information Technology

While simulators can be used in place of hands-on hardware, there was not a significant body of quantitative research supporting the use of simulators for college and career success at the secondary level in information technology (IT). The purpose of this quantitative, nonexperimental study was to determine if there was a significant difference in college and career readiness of New York state high school students in approved IT content cluster high school programs, between those who use simulations and those who use hands-on hardware. Kolb\u27s theory of experiential learning was the theoretical foundation for this research. The research questions examined whether there was a significant difference in the written exam grades, the hands-on exam grades, and the certification pass rates of students, based on the percentage of simulation used in their coursework. A survey was used to collect data on 60 students. A one-way Welch ANOVA indicated no significant difference in written grades between groups. A Kruskal-Wallis ANOVA showed statistical significance between groups using all simulated labs and less than 50% simulated labs, as well as between all simulated labs and 50% or greater simulated labs for hands-on grades. Fisher\u27s Exact Test indicated that the proportion of students in the less than 50% simulated labs group who earned industry-level certifications was statistically significantly higher than the 50% or greater simulated labs group or the all simulated labs group. Implications for social change are that workers with entry-level IT skills can fill jobs in the growing IT field that offers well-paying jobs with more promising futures

Teaching Tip: What You Need to Know about Gamification Process of Cybersecurity Hands-on Lab Exercises: Lessons and Challenges

Cybersecurity education is becoming increasingly important in modern society, and hands-on practice is an essential element. Although instructors provide hands-on labs in their cybersecurity courses, traditional lab exercises often fail to effectively motivate students. Hence, many instructors desire to incorporate gamification in hands-on training to engage and motivate cybersecurity students, especially beginner learners. Given the dearth of guiding examples, this paper aims to describe the holistic process of converting traditional cybersecurity hands-on lab exercises to gamified lab exercises in an undergraduate network security course. We find that the gamified cybersecurity lab promotes students’ engagement, learning experience, and learning outcomes. The results show the positive acceptance of gamification by students as well as instructors. While gamification has been used in competitions and training, the success in the classroom and students’ desire for more gamification show that further investment in gamification will be more important in the classroom. We expect this paper to help instructors who are interested in gamification 1) convert traditional lab exercises to gamified labs; 2) estimate the extra workload and potential benefits; and 3) plan resources for implementation. This process is applicable to any cybersecurity courses with hands-on assignments

ATE Impacts 2018-2019

The ATE Impacts book, published every two years by Internet Scout Research, showcases all of the National Science Foundation's (NSF) Advanced Technological Education (ATE) Centers and selected nominated projects. The NSF ATE program focuses on the education of highly-qualified science and engineering technicians for advanced technology fields. Through the program's grant process, the NSF promotes the improvement of STEM education of science and engineering technicians at the undergraduate and secondary school levels, and in the workforce. The 2018-2019 ATE Impacts book marks the 25th anniversary of the NSF ATE program and offers an in-depth overview of the work done by the ATE community. This book includes a timeline of important achievements and events, a foreword by the program director, additional ATE program history, and information about ATE program Centers and a number of projects.Â

Understanding How to Diversify the Cybersecurity Workforce: A Qualitative Analysis

A robust cybersecurity workforce is critical for protection against a range of malicious attacks. However, it has been noted that there are many vacancies and a shortage of individuals entering the cybersecurity workforce. This workforce shortage has partly been attributed to the lack of diversity in the cybersecurity field, with women, African Americans, and Hispanics remaining underrepresented in educational and professional settings. Using a qualitative approach, this work sought to investigate what led underrepresented minorities currently involved in cybersecurity to the industry, with the goal of determining methods to attract and diversify the workforce. A thematic analysis was conducted using data collected during interviews with 23 participants including underrepresented minority students, underrepresented minority professionals, college instructors, and a high school administrator. The interview questions aimed to address (a) what attracted minorities to the field, (b) how they overcame educational and professional roadblocks, (c) how they built non-technical knowledge, skills, and attitudes, and (d) how they maintained engagement. Findings revealed 17 themes that were related to characteristics of (a) the learner, (b) the instruction, and (c) the environment. Based on these findings, recommendations are presented to illustrate how these themes can be implemented by instructors with the goal of increasing the participation and involvement of underrepresented minorities and fostering diversity in the cybersecurity field

Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases

[Abstract] Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan.This work has been funded by the Xunta de Galicia (ED431G2019/01), the Agencia Estatal de Investigación of Spain (TEC2016-75067-C4-1-R, RED2018-102668-T, PID2019-104958RB-C42) and ERDF funds of the EU (AEI/FEDER, UE)Xunta de Galicia; ED431G2019/0