Teaching Security Defense Through Web-Based Hacking at the Undergraduate Level

The attack surface for hackers and attackers is growing every day. Future cybersecurity professionals must have the knowledge and the skills to defend against these cyber attacks. Learning defensive techniques and tools can help defend against today’s attacks but what about tomorrow\u27s? As the types of attacks change so must the cybersecurity professional. The only way for the cybersecurity professional to achieve this nimbleness is to understand the structural anatomy of the various attack types. Understanding the threat environment is the key to future success. Security defense through offensive techniques should and can be taught at the undergraduate level. Using the OWASP Mutillidae project [5], students can have a self-contained, sandbox environment for dissecting and discussing cyber attacks

Constructing a Methodology for Developing a Cybersecurity Program

This paper serves to introduce the problem of constructing a methodology to develop a cybersecurity program. The goal of the program is to prepare students graduating from an accredited two-year college for success in cybersecurity careers. Several challenges must be addressed such as program accreditation, workforce development, and DHS/NSA Center of Academic Excellence in Cyber Defense (CAE-CD) designation. All of these serve as inputs in constructing a methodology to develop such a program to meet local industry needs for cyber professional

Future Needs of the Cybersecurity Workforce

Expected growth of the job market for cyber security professionals in both the US and the UK remains strong for the foreseeable future. While there are many roles to be found in cyber security, that vary from penetration tester to chief information security officer (CISO). One job of particular interest is security architect. The rise in Zero Trust Architecture (ZTA) implementations, especially in the cloud environment, promises an increase in the demand for these security professionals. A security architect requires a set of knowledge, skills, and abilities covering the responsibility for integrating the various security components to successfully support an organization’s goals. In order to achieve the goal of seamless integrated security, the architect must combine technical skills with business, and interpersonal skills. Many of these same skills are required of the CISO, suggesting that the role of security architect may be a professional stepping-stone to the role of CISO. We expected degreed programs to offer courses in security architecture. Accredited university cyber security programs in the United Kingdom (UK) and the United States of America (USA) were examined for course offerings in security architecture. Results found the majority of programs did not offer a course in security architecture. Considering the role of the universities in preparing C-suite executives, the absence of cyber security architecture offerings is both troubling and surprising

Holistic Cyber Education

This paper provides a multi-level, multidisciplinary approach for holistically integrating cyber into a student’s academic experience. Our approach suggests formally integrating cyber throughout an institution’s curriculum, including within the required general education program, in electives from a variety of disciplines, as multi-course threads, as minors, and in numerous cyber-related majors. Our holistic approach complements in-class curricula with both a pervasive cyber-aware environment and experiential, outside-the-classroom activities that apply concepts and skills in real-world environments. The goal of our approach is to provide all educated individuals a level of cyber education appropriate for their role in society. Throughout the description of our approach, we include examples of its implementation at the United States Military Academy.https://digitalcommons.usmalibrary.org/books/1024/thumbnail.jp

Development and Dissemination of a New Multidisciplinary Undergraduate Curriculum in Digital Forensics

The Information Trust Institute (ITI) at the University of Illinois at Urbana-Champaign is developing an entirely new multidisciplinary undergraduate curriculum on the topic of digital forensics, and this paper presents the findings of the development process, including initial results and evaluation of a pilot offering of the coursework to students. The curriculum consists of a four-course sequence, including introductory and advanced lecture courses with parallel laboratory courses, followed by an advanced course. The content has been designed to reflect both the emerging national standards and the strong multidisciplinary character of the profession of digital forensics, and includes modules developed collaboratively by faculty experts in multiple fields of computer science, law, psychology, social sciences, and accountancy. A preliminary plan for the introductory course was presented to a workshop of digital forensics experts in May 2013 and received their strong approval. Pilot versions of the introductory and introductory lab courses were taught to a mixture of computer science and law students at the University of Illinois in the fall of 2013, and were very positively received by the students, who made it clear that they appreciated the multidisciplinary approach. The curriculum, which is designed to obviate the need for expensive labs or team-teaching by specialized faculty, will be made available to other colleges and universities in order to improve the content and quality of existing digital forensics programs, to inspire and greatly facilitate the creation of new programs, and, ultimately, to increase the number of educated practitioners. The developed resources can be used as the basis for future academic programs, distance learning, and multidisciplinary, multi-institutional programs that meet evolving digital forensics educational standards. Much of the material, including a virtual laboratory, will be provided on-line. Introductory course materials will be distributed to other institutions beginning in the summer of 2014; advanced course materials should be available for distribution in 2015. Related outreach activities have been undertaken and will be continued. Keywords: Digital forensics, Computer forensics, Curriculum development, Curriculum standards, Education standards, Training standards, Undergraduate education, Interdisciplinary studie

Ethical hacking assessment as a vehicle for undergraduate cyber-security education.

The need for cyber security professionals in the UK is growing, motivating the need to introduce cybersecurity at an earlier stage of an undergraduate's education. However, despite on-going interest in cybersecurity pedagogy, there has been comparatively little work exploring the role of assessment in educating future cybersecurity practitioners. This paper presents a case study on the re-design and critical evaluation of an undergraduate ethical hacking coursework assignment. The study describes how recent work in ethical hacking pedagogy informed an assignment re-design, and the revised assignment was critically analysed based on constructive alignment, student engagement, and plagiarism

Faculty Workshops for Teaching Information Assurance through Hands-On Exercises and Case Studies

Though many Information Assurance (IA) educators agree that hands-on exercises and case studies improve student learning, hands-on exercises and case studies are not widely adopted due to the time needed to develop them and integrate them into curriculum. Under the support of the National Science Foundation (NSF) Scholarship for Service program, we organized two faculty development workshops to disseminate effective hands-on exercises and case studies developed through multiple previous and ongoing grants. To develop faculty expertise in IA, the workshop covered a wide range of IA topics. This paper describes the hands-on exercises and case studies we disseminated through the workshops and reports our experiences of holding the faculty summer workshops. The evaluation results show that workshop participants demonstrated high levels of satisfaction with knowledge and skills gained in both the 2012 and 2013 workshops. Workshop participants also reported use of hands-on lab and case study materials in our follow-up survey and interviews. The workshops provided a valuable opportunity for IA educators to communicate and form collaborations in teaching and research in IA

Teaching Tip: Hackalytics: Using Computer Hacking to Engage Students in Analytics

The demand for qualified analytics professionals remains high with forecasts showing a continued need over the next few years. While this demand necessitates instruction in analytics in the classroom, many students find analytics concepts to be complicated and boring. This teaching brief describes a novel approach to teaching analytics through computer hacking. Students are exposed to the entire data lifecycle by first collecting intrusion detection data through the hacking of other student machines and then utilizing simple analytics procedures to analyze this data. Qualitative results show that the students enjoy the activity both in terms of the fun of hacking their fellow classmates as well as analyzing this data in an area less utilized in analytics instruction – security analytics. Three levels of the exercise are provided as well as how-to materials for students to run the exercise

Application of intervention mapping in cybersecurity education design

Education in Cybersecurity is considered one of the key challenges facing the modern digitized world. Several frameworks, e.g., developed by NIST or ENISA, have defined requirements for cybersecurity education but do not give recommendations for their development. Developing appropriate education offerings need to incorporate theory-based approaches that are evidence supported. Adopting the Intervention Mapping paradigm, we propose an educational framework incorporating validated theoretical and evidence-based approaches to cybersecurity education encompassing stakeholders' input, identified competency needs, and how to implement and evaluate learning outcomes. This paper presents a case study of how Intervention Mapping can be used to help design cybersecurity education, discuss challenges in educational and professional aspects of cybersecurity, and present an applied educational approach based on Intervention Mapping and its evaluation.publishedVersio

Understanding Student Perspective of Undergraduate Cybersecurity Programs and Experiences Across Christian Colleges and Universities

The number of Christian colleges and universities that are offering cybersecurity four-year degrees is rising. The workforce is in dire need of cybersecurity professionals; however, has anybody asked the new cybersecurity professionals in the workforce how their recent academic experience prepared them for such a global need? Research is well-documented about what industry currently needs in cybersecurity professionals; however, this research focused on asking graduates what students need for the workforce. The purpose of this explorative qualitative study was to gain an understanding of the phenomena of the holistic experience (technical, nontechnical, and whole-person) strengths and shortcomings (if any) recent cybersecurity graduates who are now in the workforce experienced at various Christian colleges and universities during their undergraduate education. The population of this research was recent graduates of Christian undergraduate cybersecurity programs that are currently in the cybersecurity workforce. The gap that drove this study was the need to learn how current cybersecurity programs have influenced and molded students for the workforce and allow Christian cybersecurity program leaders to utilize this research and optimize the experience their students have at their institution. The theory which guided this exploratory research was academic outcomes assessment theory in which student opinions are sought to identify the satisfaction relationship their technical, nontechnical, and whole-person development in their Christian undergraduate program as preparation for real-world application. This qualitative, exploratory, phenomenological research identified Christian undergraduate program strengths and gaps, such as an overwhelming trend of recent cybersecurity graduates that are not fully satisfied with their technical development