Cybersecurity Skills Journal: Practice and Research 1 Table of Contents

EXECUTIVE LETTER ……………...... …………....…. 4

RESEARCH PERSPECTIVES ……………………………………..………………………..………....…. 5

Raising the BAR of Cybersecurity Capability Maturity………………………...…….....……..…. 6

PRACTICE PERSPECTIVES …………………...……………………………………………..….…..…. 15

Meeting Industry Needs for Secure Software Development …………………….………...... …. 16

Have My Smart Lightbulbs Been Weaponized? …………………………………………...... …. 27

THEORETICAL PERSPECTIVES ………………………………..…..………………….……….…..…. 31

Competency is Not a Three Letter Word ………………………….………………….…...... …. 32

3CS FIFTH ANNIVERSARY RESOURCE GUIDE ……………………………………...…...….…..…. 39

Pathway Section: Fundamentals ……………………………….….....…….….………….…..…. 40

Pathway Section: Specialty Areas …………………………………..….....……...……….…..…. 53

RESOURCE GUIDE PRESENTER INDEX ……………....…...……………...... ………….………..…. 65

2 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 3 Executive Letter

Welcome to the first issue of the newly launched National CyberWatch Center’s (NCC) peer-reviewed, open-access academic journal: Cybersecurity Skills Journal: Practice and Research (CSJ).

The CSJ is published via the NCC Digital Press, which was created to produce and disseminate collections of timely publications on topics related to cybersecurity education, research, and workforce development. What could be timelier than a journal with a unique, dual focus on disseminating rigorous research combined with the application of techniques, tools, and packages of digital assets that raise the capability maturity of cybersecurity students and practitioners?

Articles appearing in the CSJ will document and/or analyze an instructional technique for developing skills; or tutorials on the use of procedures and tools to support skilled execution of cybersecurity functions, to name a few. Multimedia instructional content, assessment instruments, lab designs and other instructional digital assets produced by article authors will be made available through a subscription or pay-per-use Research Perspectives service, which will permit application of the instructional techniques, or guide the skilled performance of the tactics, techniques, protocols and/or procedures described in the open-access published article.

The launch of the first issue, “3CS Anniversary Special Issue - Five Years of Raising the Capability Maturity Bar,” coincides with the 5th Annual Community College Cyber Summit (3CS). This year for the first time, select submissions from our Innovations in Cybersecurity Education awards and recognition program will be eligible for inclusion in this CSJ Special Issue. Moving forward, we will be aligning the Innovations program and 3CS tracks with the focus of the CSJ, to include areas such as performance models and measurement, effective practices, and capability maturity development.

Please consider submitting an article, joining our Editorial Board, and helping us spread the word. In doing so, you will be contributing to “ground truth” practices that increase the maturity of cybersecurity capabilities in individuals and organizations, so critical to the prosperity and security of our nation.

Best,

Casey W. O’Brien Executive Director & Principal Investigator National CyberWatch Center

4 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 5 for talent management. Application of the BAR that underlie skilled performance. Raising the BAR of Cybersecurity Capability Maturity: assessment method to cybersecurity can establish reliable baselines and enable empirical validation Shifting emphasis in information assurance Five years of competency-based instructional design at of progressive accomplishment across the stages of and cybersecurity education. Several organizations the Community College Cyber Summit expertise: novice; beginner; proficient, competent, have proposed guidelines for information assurance expert, and master. Combined with valid behavioral and cybersecurity undergraduate curriculum. These measures, competency-based instruction promises to efforts range from early attempts to integrate David H. Tobey Raise the BAR of cybersecurity capability maturity. cybersecurity topics in an information technology Indiana University South Bend, United States degree programs [2] to the most recent ACM Figure 1: Curricula Pathway Model: Mapping Joint Task Force on Cybersecurity Education Abstract— The purpose of this paper is to review with conference venues in Maryland, Pennsylvania, Foundation Series through Pathway courses to NCWF [3]. Recently, Sabin, Alrumaih & Impagliazzo Categories of Cybersecurity Functions the development of competency-based educational Illinois, Nevada and Oregon. The contributions to [4] proposed to extend the ACM Joint Task Force innovations introduced at the Community College cybersecurity education are equally far-reaching Guidelines to support competency-based education. Cyber Summit (3CS) over the past five years guided and adventurous evidenced by the presentations They argue that the cybersecurity discipline requires by a standard curriculum mapping model. This of design, development and experimentation with taking a “performance perspective” of learning. In systematic analysis of the progressive development of this perspective, “learning transcends the boundaries competency-based instructional materials contributes new instructional devices. Through its focus of a topic, related concepts, and their relationships, insights into the foundations and trends in competency- on skills-based, hands-on instruction, 3CS is a based education (CBE) for cybersecurity. Most conference specializing in tools and techniques and focuses on the development of competencies” [4, notably limited in this accumulation of instructional that develop competence. Competence is defined p. 1216]. Sabin et al argue that the ACM guidelines innovations are valid assessments of capability as the “demonstration of skill in task performance.” mark an important transition in cybersecurity maturity and the efficacy of instructional interventions (Tobey, Gandhi, Watkins & O’Brien, this issue). education to competency-based education. that produce increases in capability. Accordingly, the Courses incorporating instructional techniques article will conclude with a discussion of how the 3CS and tools that mature the capability to apply While these guidelines provide frameworks for growing emphasis on security fundamentals might gain proficient understanding in skillful performance of instructional design, they do not provide instructional broader and deeper impact through increasing a focus materials which have undergone rigorous analysis to on Behaviorally-Anchored Rating systems (BARs). cybersecurity functions are therefore implementing the rudiments of competency-based education. ascertain effectiveness and validity in producing the Keywords—Trends in cybersecurity education, SOURCE: Tobey, David H. “Core Curriculum Mapping Report: targeted competencies. In perhaps the only extensive Cybersecurity capability maturity, Competency-based The purpose of this paper is to review the Mapping of the National CyberWatch Center’s Curriculum to study conducted of the effectiveness of certifications education, Behaviorally-anchored rating systems development of competency-based educational National Workforce Competency Requirements.” Technical and other assessments (n = 74) that attempted to Report. Cybersecurity Curriculum Standards. Largo, MD: innovations introduced at 3CS over the past five measure competency, the conclusion of a panel of National CyberWatch Center, 2017. years. The review applied the curriculum mapping 153 industry subject matter experts was that “many I. Introduction model (Figure 1) as a guide. The Curricula cyber security qualifications are using approaches The inaugural special issue of the Cybersecurity Pathway Model was developed by the first National to competency assessment that are perceived as Skills Journal: Theory and Practice is dedicated to A case could easily be made that competency- CyberWatch Center Curriculum Standards Panel neither effective nor cost-effective – something the competency-based education techniques and based cybersecurity education began in a southwestern [1, p. 84]. The model defines how curriculum that raises concerns as the industry attempts to tools introduced at the 3CS conferences. In addition suburb of Chicago. In Palos Hills, population and learning should evolve to mature capability address the cyber security skills gap” [5, p. 9]. to this review of the progression of CBE tools and 17,000 people, Moraine Valley Community College that is aligned with the National Cybersecurity Most notably, this group of experts concluded that techniques, the special issue contains a catalog of hosted the first annual Community College Cyber Workforce Framework competencies. An analysis rather than rely on existing assessments, the most capability-enhancing workshop and presentation Summit (3CS) in the summer of 2014. The founding of the progressive development of competency- effective approach was to review the history of tasks abstracts. The organization of the abstracts is Advanced Technology Education (ATE) centers, based instructional materials over the past five and duties performed—how often and effectively a intended to provide an encyclopedic resource guide supported by the National Science Foundation, years contributes insights into the foundations and person has performed critical tasks and procedures. for scholars, instructors, students, and practitioners welcomed nearly 50 “plank owners” to conduct trends in competency-based education (CBE). Most This finding is consistent with the recommendation seeking to raise the maturity levels of their workshops or make presentations on cybersecurity notably limited in this accumulation of instructional of the panel of experts that collaborated to produce cybersecurity capabilities. Finally, by organizing skill development. As described by the founding innovations are valid assessments of capability the nation’s first predictive model of performance the prior competency-based education initiatives directors, Casey W. O’Brien and Erich Spengler, maturity and the instructional interventions that in cybersecurity jobs that resulted in detailed within the Pathway Model, this special issue “In the Navy, a ship’s plank-owners are the sailors produce increases in capability. behavioral interview guides for the evaluation of seeks to encourage a dialogue around developing who were on-board for the vessel’s maiden voyage. cybersecurity talent [6], [7]. Numerous studies have empirically-validated curriculum that can become So welcome to All You 3CS Plank-Owners, and we Accordingly, the article will conclude with a shown that these behaviorally anchored rating scales a standard resource. Future articles in the peer- look forward to many future voyages together!” discussion of how the 3CS growing emphasis on are more valid and reliable predictors of subsequent reviewed issues of the Cybersecurity Skills Journal security fundamentals might gain broader and deeper job performance, while introducing less bias in will contribute to this growing library of validated, The 3CS conference is now celebrating its fifth impact through increasing a focus on Behaviorally- evaluation than alternative assessment methods [8], standard instructional materials by proposing, anniversary. The voyage has spanned coast to coast, Anchored Rating systems (BARs). BARs are [9]. developing and/or analyzing the effective practices widely-accepted, highly valid assessment solutions

6 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 7 One area where BARs has been applied to II. Method of 30%. Now at the highest point, one-third of all elements of instructional design by year. The first measure competencies is in cybersecurity competition sessions at the 2018 3CS conference are focused on two focus on assurance of learning. Assessment is design. The use of virtualized performance Instructional materials are disseminated in capability-enhancing content. Accordingly, it seems an empirical analysis of learner capability maturity. assessment was considered the second most valid two types of sessions at 3CS: workshops and quite timely to evaluate the focus and trends in these Efficacy studies are empirical analyses of the form of competency assessment in the Knowles et presentations. However, not all workshops and sessions as we celebrate the fifth anniversary of the instructional system capability maturity. The second al (2017) study. The National Cyber League (NCL) presentations are focused on instruction. For example, 3CS conference. two elements of instructional design decompose the is a “virtual training ground for collegiate students in the first year of the conference over 40% of the learning process into the development of knowledge to develop, practice, and validate their cybersecurity workshops were focused on program development. Table 1: Capability-Enhancing Session Types as a through instruction and skills through practice. skills using next-generation high-fidelity simulation The percentage of workshops focused on technical Percentage of Total Sessions environments” [10, p. 673]. The NCL produces capabilities increased thereafter to consistently The data demonstrate the historic emphasis of a BAR report for each competition participant average around 80% each of the following four cybersecurity education on instruction which is the that details how their strengths and weaknesses years. The materials discussed in workshops and primary focus of nearly 70% of all sessions across aligned with the competition learning objectives presentations is primarily focused on one of the four the five-year period. However, a shift in emphasis and professional competencies. Perhaps partially elements of instructional design: 1) assessments; 2) appears to be underway. A trend is evident towards due to the value provided by the performance- instructional guides, 3) practice exercises or labs; an increasing focus on skills — or competency- based assessment of cybersecurity competence, and/or 4) efficacy of the instructional interventions. based education. None of the sessions in the first the NCL has broken records year after year for the Similarly, the primary focus of a session can be year included specific skill development workshops numbers of participants and claims to be the largest mapped to one of the Pathway Model categories or presentation sessions. By 2018, 40% of the paid cybersecurity competition of its type in the shown in Figure 1. The mapping of the instructional Comparisons. The quantity of sessions primarily capability-enhancing sessions were focused on skill world (Weiss et al, 2017). The NCL is also unique design elements and the Pathway Model focus of the covering the instructional design elements and the development through practice labs or exercises. in that teaching, learning, practice and assessment session will provide the data for a systematic review Pathway Model competency areas were analyzed. Perhaps not coincidentally, in 2016 a presentation are given equal consideration in the design of each of the instructional practices discussed at 3CS over Since the number of sessions has consistently session led by Deanne Wesley of Forsythe Technical competition. The preparatory curriculum learning the past five years. increased over the five years, an analysis of the Community College was entitled “Designing a Cyber objectives, practice labs in a cyber gymnasium, relative focus on each of these session topics was Security Competency Based Capstone Course.” This and the competition activities are all anchored in Two researchers reviewed the abstracts of 3CS conducted. The latter analysis is intended to indicate session may have reflected or precipitated the shift the behaviors to be performed and rated to produce sessions from 2014 to 2018. The researchers were whether a particular form or focus of instruction has towards the increasing focus on competence-based the competitor’s score. An early study of the NCL a cybersecurity expert who has taught cybersecurity grown, remained stable, or has declined over the five education in cybersecurity programs. demonstrated the critical importance of aligning the courses for 14 years and an instructional designer years of the conference. competency of the participant with the challenges with over 30 years’ experience in capability maturity Equally notable is the limited focus on the presented during the competition, to achieve game development across a broad range of industries. III. Results assurance of learning. As noted above, sessions balance and increase participant engagement [11]. The abstracts were coded into instructional design focused on instruction and practice might include elements and the Pathway Model cybersecurity In this section, the results of the systematic a discussion of assessment or efficacy. However, These recent studies suggest we need better course categories. All abstracts were assigned a review will be reported. Two pairs of research these topics were the primary focus in only four understanding of what is being taught, learned, single design element and a single Pathway category questions were posed. The question pairs seek sessions across the five years. Clearly, the empirical practiced, and assessed to produce the competencies based on the primary focus described in the abstract. to understand the relative coverage and shifts in assurance of learning is an area that may warrant required by cybersecurity professionals. The coders agreed on the classification for 96% of the emphasis over time in instructional design elements further emphasis in future conferences. Accordingly, this review of the 3CS conference sessions. Differences in coding were discussed until and in competency areas. The final research question session data will seek to answer the following agreement was reached on the primary codification explored the implications of the 3CS session topic Table 2: Instructional Design Element Sessions by questions: of each session. patterns. An examination of the 3CS session Year trends may help to understand where cybersecurity • What instructional design elements received Population. This study systematically analyzes education has been, but also suggest how 3CS the most coverage in 3CS conferences? the presentations (n = 42) and workshops (n = 57) that may bring about needed changes in focus going How has coverage of instructional design included content intended to raise the cybersecurity forward. Since the answers for the last question are elements changed over the five years? capability maturity of students. Table 1 shows the speculative, the results section will focus on what the distribution of capability-focused sessions over data showed for the coverage and relative emphasis • What competency areas have received the the five years of the conference. The number of on instructional design elements and competency most coverage in 3CS conferences? How these sessions in the current year is almost triple areas. The implications of these trends will be has the coverage of competency areas the number at the first conference. The conference analyzed in the discussion section to conclude the Coverage and shifts in emphasis of changed over the five years? has also expanded considerably from the 38 total paper. competency areas. The increasing emphasis on sessions in the first year to over 90 sessions in 2018. Coverage and shifts in emphasis on the elements practice to improve skills raises the question of • What might the most notable trends indicate The percentage of sessions devoted to capability of instructional design. Table 2 shows the distribution which competency areas have received the most has been, and might become the focus of enhancement has been reasonably stable across the of capability-enhancing sessions across the four attention and whether there has been a shift in cybersecurity education? five years, fluctuating within a few percentage points attention over time. Table 3 shows the Pathway

8 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 9 Model course categories with at least one session the specialty area courses? To answer this question, (Tobey, 2017) was applied to assess the relative A revised model may help to clarify the oft- having primary focus on that competency area. The a post-hoc analysis was conducted which grouped emphasis and shifts in emphasis in instructional debated definitional distinction between information competency areas of Linux Server Fundamentals the sessions by the section of the Pathway Model to design and competency areas over the past five security or information assurance and cybersecurity. and Windows Server Fundamentals did not receive which they relate. This analysis is reported in Table 4. years. The revised pathway may also help to set appropriate primary coverage in the past five years. Of the expectations of the capabilities that information remaining ten competency areas, Information Table 4: Trends in Coverage Between the The data from the session analysis indicates a technology staff in every organization should Security Fundamentals has become the dominant Fundamentals and Specialty Areas developing shift in emphasis towards skill-based demonstrate. Finally, this model suggests that much focus of the conference, expanding from less than instruction through practice labs and exercises. This greater focus should be given to assessment of 10% of the sessions in the first year to become the shift was most notable in the upcoming conference fundamental skills and the efficacy of instruction primary focus in 43% of the capability-enhancing during which 40% of the capability-enhancing intended to develop these skills. sessions in 2018. The competency areas receiving sessions are focused on practice, more than double the least attention over the past five years are Collect the emphasis given to practice-based learning in Achieving readiness in security fundamentals and Operate, the advanced application of digital 2017. The analysis also revealed some important will require increased capability maturity in the forensics, and Networking Fundamentals, the first in nuances which suggests future shifts in emphasis foundations of the cybersecurity discipline—the a series of courses that establish the foundation of may be warranted. grounding of the discipline in the information the cybersecurity discipline. The section analysis shows that across the five technology fields of networking, programming, and years there is a nearly equal coverage of Foundation A trend towards a new conception of operating system architecture and administration. Table 3: Sessions by Pathway Model Competency Series and Pathway Series course topics. Specialty the curricular pathway. The Pathway Model The relative lack of emphasis in 3CS sessions on these Area by Year areas received more focus at the beginning while proposed to divide cybersecurity education into competency areas suggests that the cybersecurity the fundamentals are receiving more coverage in fundamental courses that establish the Foundations education community may have previously shifted this year’s conference. However, as noted above, and advanced speciality courses which align with focus away from these prerequisite capabilities. One the Fundamentals of Information Security has career paths. However, the data suggests that a reason for this shift may be that these competency received the most coverage of any competency area. more accurate depiction would position Information areas have well-established libraries of instructional If we separate out the coverage of this one set of Security Fundamentals as the gateway connecting material and existing certifications that are serving as course topics, then the competency focus for the the assurance of the information technology indicators of mastery. However, the lack of evidence Foundation Series is reduced to a total of 13 sessions infrastructure security to the specializations within presented at the conference which could establish the over the five years, with 2, 3, 1, 3 and 4 sessions in cybersecurity practice. This central importance of efficacy of the current assessments or instructional each of the five years of the conference, respectively. security fundamentals has emerged over the past five designs indicates the need for additional research In sum, the seven specialty area competencies have years of the 3CS conference. The trend warrants a that could be presented at future 3CS conferences. received almost four times the overall coverage revision to the Pathway Model shown in Figure 2. This research direction aligns well with the mission as the four foundation series courses related to Mastery of the Information Security Fundamentals and scope of the Cybersecurity Skills Journal. Thus, networking, scripting, Linux server and windows competencies should become the capstone of the a major implication of the study findings is for server fundamentals. Foundations Series track; the valid assessment of future 3CS conference to consider adding a track competence in this course signals readiness to engage for presentation of findings from empirical studies IV. Discussion in specialty training in the advanced specialty areas that may be peer-reviewed for inclusion into future of cybersecurity. issues of CSJ. A systematic review of the 3CS conference sessions over the past five years has sought to Figure 2: Revised Curricula Pathway Model Raising the BAR. A significant impediment While the coverage of Information Security understand the trends in cybersecurity education. to research on the efficacy of instructional design Fundamentals has consistently increased, coverage The 3CS conference may not be representative is the lack of valid measures of learning progress. change among the remaining competency areas was of the entire cybersecurity education community. With only three 3CS sessions in five years primarily inconsistent—an increase or decrease in one year However, as stated by Dr. Charlene Dukes in her devoted to assessment, it is perhaps not surprising not following through to the next. The one notable welcome statement for the 2016 conference, “The that only one session focused primarily on exception is the Investigate competency area. Community College Cyber Summit is emblematic evaluating the efficacy of instructional designs. Two Coverage of these digital forensics fundamentals has of the growing number of community colleges.” In of the three assessment-focused sessions related declined consistently from being the primary focus fact, the conference is rapidly becoming much more. to certifications as the learning outcome measure of over one-quarter of the capability-enhancing The number of attendees from four-year institutions, while the third proposed indicators of success in a sessions in the first year to zero in the 2018 corporations, and government agencies suggest virtualized environment. None of these sessions conference. Also, in four of the five years, Operate a growing recognition that the 3CS conference is provided evidence that the assessments were valid and Maintain and Securely Provision were each becoming the hallmark of cybersecurity education. indicators of capability. Sessions that included, but given primary coverage in only one session a year. Consistent with this view of 3CS as the standard- did not primarily cover, assessment appear to be Might a similar trend be found in the Foundation bearer, the curriculum framework that guides more focused on deriving questions that could be Series fundamental courses overall in relation to standards development for cybersecurity curriculum included in a test bank, rather than determining the

10 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 11 construct or predictive validity of these measures. according to some digital forensics is rapidly This study found that information security V. Limitations and Conclusion Finally, none of the assessments presented over the becoming the most sought-after cybersecurity fundamentals has emerged as a central gateway five-year period attempted to measure the learning competence [16]. Additionally, in four of the five connecting information technology/assurance As acknowledged from the outset this study’s curve and progress of a learner across the six years of the conference the coverage of Operate capabilities with the path to developing specialized purpose has been exploratory. The data was limited stages of expertise development: novice, beginner, and Maintain and Securely Provision was limited to expertise. Every year claims are made for a growing by focusing on abstracts rather than a detailed proficient, competent, expert and master. a single session. As the threat landscape continues skills gap in cybersecurity. The Cyber Seek website review of presentation content. Two researchers to expand to the Internet of Things, the ability [18] reports 768,096 people are employed in the classified the abstracts. A larger pool of input or As noted above, studies suggest that if learning to protect and defend a critical infrastructure is cybersecurity workforce. To meet the total demand differing interpretations might have resulted in is to raise capability maturity there must be greater increasingly interdependent a holistic capability present in open job positions, Cyber Seek reports different classifications of the sessions. Much of alignment between learning objectives, practice to securely provision, operate, and maintain the existing workforce must be increased by nearly the discussion above depends on the accuracy of design, and the accurate assessment of gains in skill operational infrastructure connected to information 40%. Combining the existing workforce with the the classifications. Accordingly, alternative insights and ability. The first step in determining the alignment systems [17]. demand for new workers brings the total current from the trends in 3CS sessions over the past five among the curriculum elements is developing clear demand for cybersecurity workers to just over one years are possible. and valid baselines that measure a learner’s current The predominant coverage given to information million. Compare the need for over 300,000 new competency profile. Only when we understand security fundamentals may be warranted by the workers to CompTIA’s 2017 estimate of 6.1 million Despite its limitations, this paper has shown what an individual already knows or can do is it conference’s focus on community college education workers in the information technology workforce that the contributions to cybersecurity education possible to assess learning gains. Evidence suggests and middle-skill jobs. However, greater coverage [19]. If the BAR of fundamental information have consistently grown over the five years 3CS that these individual competency profiles should of advanced topics in cybersecurity education may security capability was raised in just 5% of today’s has operated. These contributions appear both be anchored in behavioral statements that predict facilitate greater industry recognition of community information technology workforce, the skills gap broad and deep in their influence on the level of performance in cybersecurity roles [6], [7], [12]– college graduate capabilities, improved articulation crisis might simply evaporate! capability maturity in students and potentially [14]. Many program development workshops at 3CS into four-year degree programs, and increased interest the entire IT workforce. As the founding directors over the past five years were focused on mapping from other stakeholder groups such as government Yet, few would argue that today’s capabilities augured, 3CS has indeed been a valuable “voyage” curricula to national guidelines such as the National and industry sponsors. Therefore, the inclusion of will be sufficient to respond effectively to tomorrow’s for cybersecurity education. The next leg of the Security Agency’s Centers of Academic Excellence sessions focused on the career specialty areas could threats. Like a pilot needing to land on a river for voyage is yet to come. As maritime navigation was (CAE) program, the National Cybersecurity continue a trend to engage a broader cybersecurity the first time due to an unexpected engine failure, altered by the invention of the compass, this study Workforce Framework, and recently the ACM Joint education stakeholder community. Beyond the the cybersecurity workforce must be able to adapt suggests more accurate measures and evaluation of Task Force on Cybersecurity Education. However, already growing interest from baccalaureate- to unfamiliar or unknown assailants using tactics, proper direction is required to Raise the BAR going the guidelines do not specify the indicators of granting institutions, a broadening of the learning techniques and procedures that have yet to be devised. forward. proficiency (knowledge), performance (skill), and pathways covered in 3CS sessions could further How the aviation industry addressed the dilemma agility when facing novel challenges (ability) [15] grow interest, attendance and financial support from of managing flight safety against unpredictable References that should be measured to provide evidence that corporate training organizations seeking to develop events may provide clues to securing the nation the proposed competencies are maturing. Thus, cybersecurity specialists. against a constantly adapting threat landscape. [1] D. H. Tobey, “Core Curriculum Mapping Report: future 3CS conferences should expand the depth and Hours of practice in the simulator enabled Chesley Mapping of the National CyberWatch Center’s breadth of coverage provided to assessment models. Why might or should the workforce be Sullenberger to calmly and confidently land on the Curriculum to National Workforce Competency Reliable and valid measures are needed to establish interested in a conference traditionally focused Hudson River. Similarly, extending instruction Requirements,” National CyberWatch Center, the BAR that distinguishes competent performance on community college student development? The with assessment-guided practice holds promise for Largo, MD, NCC-17-CSP-01, 2017. and measure the maturation of capability towards findings reported here suggest two notable trends raising the BAR of capability maturity in addressing mastery. establish unique advantages of 3CS in addressing new threats and vulnerabilities. The most recent 3CS [2] B. M. Lunt et al., “Curriculum guidelines for the primary impediments to resolving seemingly doubled the number of sessions focused on advances undergraduate degree programs in information Broadening and deepening learning intractable problems with maturing cybersecurity in virtualized practice. This represents a four-fold technology,” Association for Computing Machinery pathways. However, raising the BAR requires more capability in the workforce. First, the central increase from just four years ago when the first (ACM) IEEE Computer Society, 2008. than effective indicators. Cybersecurity capabilities focus on the fundamentals of information security few sessions were dedicated to presenting effective also must broaden beyond the fundamentals and can bring millions more into the cybersecurity practices in cybersecurity simulation. Today, 3CS is [3] D. Burley, M. Bishop, S. Kaza, D. S. Gibson, E. deepen the level of skill produced within each workforce. Second, 3CS can bring scholarly rigor unique among conferences in its increasing focus Hawthorne, and S. Buck, “ACM Joint Task Force competency domain. Two trends, one concerning and practical relevance to the tools, techniques, and on practice-centered learning. While valuable to on Cybersecurity Education,” in Proceedings of and the other promising, will be reviewed before platforms required to mature today’s cybersecurity students, the evidence-based practices for virtualized the 2017 ACM SIGCSE Technical Symposium on concluding the analysis by examining the limitations knowledge into tomorrow’s effective skill and ability education and simulation design that are discussed Computer Science Education, 2017, pp. 683–684. of this study and implications for future research and to secure the the nation’s digital assets. In sum, by at 3CS hold even greater promise for raising practice. combining the trends towards repositioning the role cybersecurity capability maturing in the workforce. [4] M. Sabin, H. Alrumaih, and J. Impagliazzo, of Information Security Fundamentals and centering Aided by by designs perfected in peer review and “A competency-based approach toward curricular The systematic review of 3CS sessions found instruction and assessment around practice, 3CS can discussion at 3CS, information technology workers guidelines for information technology education,” a declining focus on digital forensic competencies. eviscerate threats of a growing skills gap crisis. may one day soon mature their capability in the in 2018 IEEE Global Engineering Education This notable trend is concerning because at least same manner as flight crews do in a different space. Conference (EDUCON), 2018.

12 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 13 [5] W. Knowles, J. M. Such, A. Gouglidis, G. Misra, [15] D. Tobey, M. Assante, S. King, and K. Ziegler, and A. Rashid, “All That Glitters Is Not Gold: On “Developing Ground Truth Expertise in Smart Grid the Effectiveness of Cybersecurity Qualifications,” Security Specialists.” National Board of Information Computer , vol. 50, no. 12, pp. 60–71, 2017. Security Examiners, 2010, August 24.

[6] L. R. O’Neil et al., “Developing secure power [16] Z. A. Baig et al., “Future challenges for smart systems professional competence: Alignment and cities: Cyber-security and digital forensics,” Digital gaps in workforce development programs,” US Investigation, vol. 22, pp. 3–13, Sep. 2017. Department of Energy, Alexandria, VA, PNNL- 22641, 2013. [17] T. Spyridopoulosa, K. Maraslisb, T. Tryfonasb, and G. Oikonomoub, “Critical infrastructure cyber- [7] L. R. O’Neil, T. J. Conway, D. H. Tobey, F. L. security risk management,” Terrorists’ Use of the Greitzer, A. C. Dalton, and P. K. Pusey, “SPSP Phase Internet: Assessment and Response, vol. 136, p. 59, III Recruiting, Selecting, and Developing Secure 2017. Power Systems Professionals: Behavioral Interview Guidelines by Job Roles,” 2015. [18] “Cybersecurity Supply And Demand Heat Map.” [Online]. Available: https://www.cyberseek. [8] P. J. Taylor and B. Small, “Asking applicants org/heatmap.html. [Accessed: 24-Jul-2018]. what they would do versus what they did do: A meta-analytic comparison of situational and past [19] “2018 IT (Information Technology) Industry behaviour employment interview questions,” J. Trends Analysis | CompTIA.” [Online]. Available: Occup. Organ. Psychol., vol. 75, no. 3, pp. 277–294, https://www.comptia.org/resources/it-industry- 2002. trends-analysis. [Accessed: 24-Jul-2018]. Practice Perspectives [9] N. P. Reilly, S. P. Bocketti, S. A. Maser, and C. L. Wennet, “BENCHMARKS AFFECT PERCEPTIONS OF PRIOR DISABILITY IN A STRUCTURED INTERVIEW,” J. Bus. Psychol., vol. 20, no. 4, pp. 489–500, Jun. 2006.

[10] R. Weiss, C. W. O’Brien, X. Mountrouidou, and J. Mache, “The Passion, Beauty, and Joy of Teaching and Learning Cybersecurity,” in Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education, 2017, pp. 673–674.

[11] D. H. Tobey, P. Pusey, and D. Burley, “Engaging learners in cybersecurity careers: Lessons from the launch of the National Cyber League,” ACM InRoads, vol. 5, no. 1, pp. 53–56, 2014.

[12] M. J. Assante and D. H. Tobey, “Enhancing the cybersecurity workforce,” IEEE IT Professional, vol. 13, pp. 12–15, 2011.

[13] D. H. Tobey, A competency model of advanced threat response. ATR Working Group Report NBISE-ATR-11-02. Idaho Falls, ID: National Board of Information Security Examiners, 2011.

[14] D. H. Tobey, “From cybersecurity competencies to a job peformance model,” 2011.

14 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 15 The Software Engineering Institute (SEI) recommendations, how ICC implemented those Meeting Industry Needs for Secure Software and government, commercial, and educational recommendations, and the return on investment organizations have expressed interest in educating (ROI) model presented to industry. We conclude this Development the software security workforce. However, until paper with our current status and future plans. The recently, there was little guidance on how to prepare timeline of activities in Figure 1 shows the initial Nancy R. Mead Girish Seshagiri for a career in software security. Most specialists major accomplishments at a glance. Carnegie Mellon University, United States Ishpi Information Technologies, Inc., United States start with some sort of degree in computing, maybe [email protected] [email protected] with a programming course that included topics in II. Meeting Industry Needs secure coding; then, through on- the-job training and Julie Howar experience, they gain proficiency in certain aspects In September 2013, Girish Seshagiri (an author Illinois Central College, United States of building secure software. It can be a difficult and of this paper) met with industry, government, and [email protected] meandering road. Unfortunately, this approach does academic stakeholders in Peoria, Illinois, and not provide the preparation needed for addressing proposed an initiative to create software developer current security risks, which are part of modern jobs and make the Peoria area a national center of Abstract— In this paper, we describe a partnership an increasingly prominent and serious problem. software and software- intensive systems [3, 4]. excellence for producing software that is secure between the Central Illinois Center of Excellence for The growing number of cyber-attacks represents a from cyber-attacks. He proposed using the German Secure Software (CICESS) and Illinois Central College pervasive threat to critical infrastructure and other The SEI’s Software Assurance Curriculum apprenticeship model to create a skilled workforce (ICC) that resulted in the creation of a two-year degree essential software-dependent systems. Defective program in Secure Software Development. That Project developed a series of software assurance that is trained, apprenticed, mentored, and certified software is insecure and a source of cybersecurity program incorporated an apprenticeship model and the curriculum recommendations, along with a software in secure software production. The initiative would vulnerabilities that attackers exploit. It is no longer Software Engineering Institute’s software assurance assurance competency model, and numerous partner with the school districts to encourage acceptable to leave the task of finding and fixing curriculum recommendations at the community additional educational resources and artifacts (listed graduating high school seniors to pursue software software defects until after the product has been college level. We describe the industry needs, the at http://www.cert.org/curricula/). A number of development careers in the Peoria area. delivered [1]. software assurance curriculum recommendations, universities and training organizations have adapted how ICC implemented those recommendations, and various aspects of the curriculum work. Courses and A. The Case for the German Dual Model the return on investment model presented to industry. As a result, the interest in and demand tracks based on the curriculum recommendations Apprenticeship for software security specialists have grown have been developed and offered by Carnegie Keywords—Software Assurance Education, dramatically in recent years, and there is an urgent Industry/University Collaboration, Secure Software Mellon University, Stevens Institute of Technology, In many countries, including the U.S., there need for a workforce capable of developing software Development The U.S. Air Force Academy, University of Detroit appears to be a mismatch between the kinds of jobs that is assured and secure from cyberattacks. The Mercy, University of Houston, and (ISC)2. In offered and the qualification profiles that job seekers (ISC)2 Global Information Security Workforce I. Introduction addition, Polytechnic University of Madrid designed attain from college education. The skills gap, as Study (GISWS) forecasts a shortfall of 1.5 a Master of Software Assurance degree program. It it is known, is too high with significant adverse million cybersecurity professionals by 2020 [2]. Modern society increasingly relies on software is possible that there are additional offerings based consequences to employers and job seekers alike. Government sources also project critical shortages systems that put a premium on quality and on the software assurance curriculum work that of cybersecurity professionals. dependability. The extensive use of the internet and have not been reported to us. There was a substantial Over the last several decades, the German dual distributed computing has made software security outreach effort by the curriculum team resulting in model has successfully helped match jobs and skills. numerous paper and conference talks, and there is Dual apprenticeship programs are popular not only a LinkedIn Software Assurance Education interest in Germany, but also in Switzerland, Austria, and group with over 500 members. several other European countries. Dual here means that, in addition to time spent in a vocational school, In this paper, we describe a unique collaboration this theoretical training involves relevant practical involving industry, government, and academia. training and experience at a partnering company, Using the SEI’s software assurance curriculum with the apprentices receiving a salary as they gain recommendations at the community college level, work-related skills. There is a growing awareness the Central Illinois Center of Excellence for Secure that the U.S. could reap substantial benefits from Software (CICESS) partnered with Illinois Central this model. College (ICC) to develop a two-year degree program in Secure Software Development, incorporating an Apprenticeships allow businesses to meet apprenticeship model. This is the first community the growing demand for skilled workers and lead college program based on the software assurance workers to higher wages and better employment curriculum recommendations that we know of, outcomes. Furthermore, apprenticeships are a smart although many community college programs public investment. A recent study in Washington in information security exist. We describe the State found that for every $1 in state investment Fig. 1. Timeline for Establishing Secure Software Development Program industry needs, the software assurance curriculum in apprenticeships, taxpayers received $23 in net

16 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 17 benefits—a return that far exceeds that of any other Table I. Goals of the Community Core Group As noted, we held a number of meetings and we the anticipated time line shown in Table II. workforce-training program in the state [5, 6]. also looked at local labor statistics that described a growing market in IT areas in the Peoria area. The steering committee made a strategic In October 2013, a community core group The timing seemed right as well given the local decision to become an official project of the Greater formed to develop a strategy for going forward support from employers who were already involved Peoria Economic Development Council (GP EDC). with this project. The group received valuable input and passionate about the program itself, the CMU The EDC’s mission is to drive economic growth from major cybersecurity education initiatives curriculum and the development of an apprenticeship in Greater Peoria through targeted business and [7, 8] and the SEI. It was clear to the group that a program. By the end of 2014, ICC had recognized talent development and attraction. As an official key cybersecurity focus area was secure software the need to include concepts of computer security economic development initiative, the CICESS development. What was less clear was how many and software assurance in the current Computer gained access to the local employers to promote its secure software development professionals were Science Associate Degree program. As a result, apprenticeship as a talent pipeline and workforce needed by employers in central Illinois and how the college modified its computer science courses development strategy. We needed an organization quickly a workforce that meets their needs could and incorporated the SEI Software Assurance that could enter into agreements with employers and be created. The group appointed subcommittees to Curriculum and, with employer input, created an provide administrative support for marketing and research and quantify the supply of and demand for Associate of Applied Science (AAS) in Secure finance. Since the GP EDC’s board is made up of secure software developers in central Illinois. Software Development degree. local employers, working with them was important.

Initially, we formed an ad hoc group to promote The steering committee designed other elements The steering committee demonstrated to the apprenticeship model to create secure software of the CICESS: employers’ decision makers the positive ROI of middle class jobs because the timing was right the CICESS apprenticeship in building a talent considering the rise in cyberattacks and the need for • Incorporated relevant topics from the SEI pipeline with an RO I calculator tool developed by secure software development. We analyzed the list process models in a standard apprenticeship the Manufacturing Institute. (The CICESS ROI is of local employers in Central Illinois and discussed curriculum explained in detail in Section V.) with some of them their difficulty in finding qualified • Incorporated (ISC)2 training courses in local candidates to fill current software development the curriculum to prepare apprentices for Table II. CICESS Time Line job openings as well as their needs for secure acquiring standard industry certification software development. The group set an aggressive for Associate of Certified Secure Software goal of cohort sizes of 20 to 40 apprentices per Lifecycle Professional (CSSLP) from semester at ICC, a local community college with a (ISC)2 to validate secure software track record of successful partnerships with local development competencies employers. • Working with ICC faculty, developed the schedule for the alternating blocks of weeks Table I lists the goals and achievement methods of academic instruction and apprenticeship that the group established in February 2014. on-the-job training in the dual model • Selected Berger Aptitude Test (B-Apt) for In May 2014, the group established a steering Computer Programming and established committee consisting of representatives from three Pass/Fail criteria for entry to the local employers, ICC, local workforce development apprenticeship program intermediaries, and the German American Chamber • Specified recurring and one-time-only fees of Commerce Midwest (GACCM). The committee’s from participating employers for ongoing goal was to design and implement the CICESS dual program administration, apprenticeship model program. The GACCM provided subject- curriculum development, and train-the- matter expertise in the dual model implementation. trainer materials for the CICESS to be self- ICC took the initiative to form a consortium of nine sufficient Central Illinois community colleges for scaling up • Set up guidelines for minimum hourly CICESS implementation in other communities. First, wages for the apprentices with flexibility to the steering committee identified existing applicable meet varied human resources practices of efforts [9, 10]. Then, the committee leveraged those participating employers efforts by participating in relevant working groups and forums. In April 2015, the steering committee convened a regional summit of industry, government, and For ICC, demand was based on the employers academic stakeholders and announced the planned who were part of the CICESS steering committee. launch of the first CICESS cohort in Fall 2015 with

18 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 19 The steering committee is currently developing number of apprenticeships in the U.S. We would education (in addition to four-year undergraduate Table III. SEI Software Assurance Curriculum CICESS documentation to meet the Registered like to invite the CICESS to be a LEADER in degree programs and master’s degree programs) Project Documents Apprenticeship Program standards [11]. apprenticeship – and to highlight the efforts and is that, according to the American Association commitments that the CICESS has put forth on for Community Colleges, roughly half of U.S. In December 2014, an announcement was made apprenticeship development and expansion.”1 undergraduate students have attended community of $100M in grants to transform apprenticeships college [19]. Community colleges provide access for the 21st century by expanding training into From November 2 to November 6, ICC to post- secondary education that minority, low- new high-skilled, high-growth industries [12]. celebrated National Apprenticeship Week (NAW) income, and first- generation college students may The CICESS met and in some cases exceeded the with events throughout the week to: not otherwise have. These colleges also prepare eligibility requirements of the grant proposal: students for transfer to four-year institutions, help 1. Promote apprenticeships in manufacturing, working adults prepare for new careers, and offer • American Apprenticeship (also referred to healthcare, and IT sectors to support the noncredit programs that offer a range of knowledge as Registered Apprenticeship) programs President’s goal of doubling the number of and skills. combine job-related technical instruction apprenticeships in America. with structured on-the-job learning 2. Demonstrate ICC’s partnerships with In Volume IV [18], after studying related degree experiences. employers to create middle-class jobs. programs, we introduced a suite of six courses that • 21st century apprenticeship approaches 3. Share goals, progress to-date and lessons could form part of a two-year degree program in are flexible and can be easily customized learned from projects that are recipients software assurance. The first three courses modify to meet the needs of the employer and of the American Apprenticeship Initiative existing courses from the Association for Computing apprentice. grant funds. Machinery Committee for Computing Education • Apprentices are hired and earn a wage upon 4. Recognize the chief executive officers in Community Colleges (ACM CCECC) to add a registration, and they receive progressive (CEOs) of the companies that have signed security emphasis. The other three courses are more wages commensurate with their skill letters of commitment with the GP EDC to specialized. In the report, we include prerequisites, attainment throughout the training program. hire CICESS apprentices. syllabi, sources, and Bloom’s taxonomy levels for • Upon successful completion of all phases of each course. Brief descriptions from Volume IV on-the-job learning and related instructional The NAW events were officially inaugurated in follow: components, registered apprentices receive Illinois on November 2, 2015 [13, 14]. nationally recognized certificates of ______Computer Science I: This course is the first in completion leading to long-term career 1 Email from DoL official to Girish Seshagiri, July 2015. a three- course sequence that provides students with Introduction to Computer Security: This opportunities. a foundation in computer science. Students develop course provides an overview of the fundamentals of computer security. Topics include security standards, III. The Curriculum and Course Materials fundamental programming skills using a language The CICESS agreed to support the Illinois that supports an object-oriented approach, secure policies, and best practices; principles, mechanisms, Manufacturing Association (IMA) in its role as the As noted earlier, the SEI recommendations coding awareness, human-computer interactions, and implementation of computer security and lead applicant for the American Apprenticeship for software assurance at the community college and social responsibility. data protection; security policy, encryption, and Initiative (AAI) grant in Illinois. level were adopted for the Illinois Central College authentication; access control and integrity models Program. These recommendations were part of Computer Science II: This course is the and mechanisms; network security; secure systems; In May 2015, the IMA was awarded a $3.9 million the body of work of the SEI’s Software Assurance second in a three- course sequence that provides programming and vulnerabilities analysis; principles grant to fund the Illinois Advanced Apprenticeship Curriculum Project. The SEI Software Assurance students with a foundation in computer science. of ethical and professional behavior; regulatory Consortium (IAAC) [12]. The CICESS became a Curriculum Project was established in 2009, and Students develop intermediate programming skills compliance and legal issues; information assurance; member of the IAAC and is thus eligible to receive developed a set of four volumes described in using a language that supports an object-oriented risk management and threat assessment; business grant funds. Table III [15, 16, 17, 18]. In the curriculum, approach, with an emphasis on algorithms, software continuity and disaster recovery planning; and software assurance is defined as the application of development, secure coding techniques, and ethical security across the lifecycle. In July 2015, the DoL Office of Registered technologies and processes to achieve a required conduct. Apprenticeship reached out to the CICESS: “We level of confidence that software systems and Secure Coding: This course covers security believe that the CICESS industry-led apprenticeship services function in the intended manner, are free Computer Science III: This course is the third vulnerabilities of programming in weakly typed approach and partnership with community colleges from accidental or intentional vulnerabilities, in a three- course sequence that provides students languages like C and in more modern languages like is an excellent model of a successful apprenticeship provide security capabilities appropriate to the with a foundation in computer science. Students Java. Common weaknesses exploited by attackers are program and exactly what we’re looking for in threat environment, and recover from intrusions develop advanced programming skills using a discussed, as well as mitigation strategies to prevent our Leaders of Excellence in Apprenticeship and failures. Since then, the definition has evolved, language that supports an object-oriented approach, those weaknesses. Students practice programming Development, Education and Research (LEADER) but it provides a useful context for discussion of the with an emphasis on data structures, algorithmic and analysis of software systems through testing initiative. It is a new initiative that we kicked off curriculum work and its transition. analysis, software engineering principles, software and static analysis. Topics covered include methods following the State of the Union earlier this year assurance checklists, and professionalism. for preventing unauthorized access or manipulation to help meet the President’s goal of doubling the Part of the reason we focus on community college of data, input validation and user authentication,

20 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 21 memory management issues related to overflow and In the Information Systems programs, these This is the point at which ICC faculty members When students enroll at ICC, they must provide corruption, misuse of strings and pointers, and inter- partnerships usually come in the form of student began integrating the SEI Software Assurance high school transcripts, proof of other college process communication vulnerabilities. internships and work-study opportunities at curriculum with their own. The SwA curriculum credits, and scores from any standardized tests such the college. Apprenticeship programs with the recommendations for community colleges [18] as the ACT. An ACT composite score indicates Introduction to Assured Software employers involved in the CICESS had not been consisted of the six courses described earlier. ICC whether a student will be successful doing college Engineering: This course covers the basic principles considered in prior years. The Information Systems faculty consulted with employers to determine work. Students who don’t have an ACT score or and concepts of assured software engineering; programs at ICC consist of three areas of study: which SwA courses were needed in addition to the evidence of high school math and reading scores that system requirements; secure programming in (1) science, (2) web, and (3) networking. Most of SEI recommended courses. These are shown below: show college preparedness must take the Compass the large; modeling and testing; object- oriented the students in the Computer Science programs are Test. ICC administers this standardized test that analysis and design using the unified modeling enrolled in one of the two Associate of Science (AS) • Essentials of Programming assesses college readiness in the areas of math and language (UML); design patterns; frameworks and transfer programs: (1) Computer Science with a • CSI: Programming in JAVA reading. According to ICC, a score of 81 in reading application programming interfaces (APIs); client- Technical Emphasis or (2) Computer Science with • CSII: Advanced Programming in JAVA is appropriate for the Secure Software program. server architecture; user interface technology; and a Business Emphasis. These were the programs first • Introduction to Relational Database Students also need to be ready for college algebra or the analysis, design, and programming of extensible presented to the CICESS as an option for students to • C# Programming take refresher courses to prepare them for that level software systems. achieve their two-year degree prior to transferring to • Event Driven Programming in Visual Basic of work. a four-year institution. • Advanced Programming in Visual Basic Subsequently, the project produced the Software • Mobile Application Programming Developed courses will be offered in a Assurance (SwA) Competency Model [20]. Two of The employers involved with the CICESS were • Structured Query Language traditional 16-week semester, in 8-week courses, the objectives of the software assurance competency struggling to define the point at which a student • UNIX and in an online format. Students who wish to be model are as follows: would be prepared to work as an apprentice. In • Database Administration eligible for the CICESS apprenticeship program will a traditional apprenticeship program, students • Structured System Analysis take the courses in accelerated 8-week sessions. In • Enhance SwA curricula guidance by would be employable from the beginning of their • Two electives from Computer Science, addition, employers wanted to be assured that the providing information about industry training and become more productive and able to Web or Networking student apprentices had an aptitude for computer needs and expectations for competent SwA work autonomously as time goes on. Because of programming. Therefore, students who want to professionals. the nature of the work of computer programming, Employers felt that students needed a good be considered for apprenticeship must also take • Provide direction and a progression for the these knowledge- management apprentices would foundation in SQL, C#, and Mobile Applications in a commercial computer programming aptitude development and career planning of SwA be exposed to information of a much more sensitive addition to the programming and security courses. test, the B-APT [21], and achieve a minimum professionals. nature and would need an established set of skills With the addition of the third Java programming score of 20. The B-APT assesses one’s ability to prior to starting. Unfortunately, this wouldn’t lend class and the three computer security courses do computer programming: “Organizations use From the viewpoint of the curriculum project, itself to the typical Associate of Science transfer identified while collaborating with the SEI, the the B-APT primarily to identify high aptitude the four curriculum documents and the competency degree in which students take general education new AAS degree in Secure Software Development candidates for programmer training. The examinee model set the stage for transitioning the work to classes in English, communication, math, science, consists of the following program requirements. need have no prior experience in programming, educational institutions that wished to offer software and the social sciences. Technical courses in their and those with some experience gain no advantage assurance concentrations or full degree programs. field of study are included but only to a limited • CSI: Programming in Java over the inexperienced. The tutorial, which uses a This made for an ideal match with the objectives of degree. The typical computer science students would • CS II: Programming in Java hypothetical language, equates the potential of the Illinois Community College and CICESS. Next, we graduate in two years with only six to nine credit • CSIII: Advanced Programming in Java inexperienced with the experienced.” discuss the ways we have tried to meet the above hours in computer science. The employers needed • Structured Query Language two objectives in this unique community college student apprentices who could program after the first • Introduction to Relational Database ICC implemented and launched the first-in-the- program. semester of classes. • C# Programming nation AAS degree in Secure Software Development • Mobile Application Programming in the Fall 2015 semester with over 20 students in IV. The Community College Program ICC faculty presented the option of the • Introduction to Computer Security the program. We were off to a strong start with Applied Science degree in which students would • Secure Coding 18 students in all interested in taking the classes. ICC in East Peoria, IL is a comprehensive take approximately 42 credit hours of technical • Introduction to Assured Software Twelve of those students were eligible to work community college in the Illinois Community computer science and database courses and only Engineering toward the apprenticeship. Like all students, we saw College system. Approximately 10,500 students 18 credit hours in general education. ICC had an • Database Administration some drop out along the way or decide that secure are enrolled in 58 applied degrees, 72 certificates, existing AAS degree in Computer Science and • Structured System Analysis software development was not what they wanted to and over 50 areas of study in associate of arts Database Development that seemed to more closely • Two electives in computer programming, pursue. We were down to twelve pretty quickly. and associate of science degrees for transfer. ICC fit employer needs. The goal of the CICESS was web, or networking, depending on employer has a close working relationship with many local to provide apprenticeships in Secure Software needs ICC provided the students with opportunities employers in central Illinois, particularly in the Development, however, so the current curriculum to work on resumes and interviewing skills prior applied sciences with programs such as automotive needed to include concepts of computer security and Students must also take 19 credit hours in to meeting the employers. Once the students met technology; heating, ventilation, and air conditioning software assurance. general education courses. with the employers, 7 students clearly stood out as (HVAC); and welding and diesel. leaders. These seven were offered apprenticeship

22 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 23 placement right away. One employer, the largest, was We point out the capabilities of CICESS Conclusions to-cybersecurity-education-nace-workshop is one late in interviewing the apprentices and decided that apprentices compared to other hires: such example. Cybersecurity is also included in none of the five final choices made a good fit. These • We are thankful for the support and broader curriculum guidance efforts such as CC2020 students will be coached in the coming months to • Have an Associate degree in secure software participation in our meetings from (Computing Curricula 2020) https://ieeexplore.ieee. improve on their soft skills. The employer still wants development with nearly the same number representatives of many organizations, org/document/8363484/ to be involved but will wait until next year. of credit hours as a four-year Computer including Department of Homeland Science degree for technical courses Security, Department of Labor, National We look forward to continued strategic V. Return on Investment Modle • Have over 3,000 hours of on-the-job Institute for Standards& Technology, partnerships to advance the cause of cybersecurity training and work experience on real-life National Security Agency, and (ISC)2. education, especially at the community college level. One study estimates the cost to the U.S. economy projects • Collaboration among industry, government, caused by the skills gap at $160 billion a year [22]. • Are prepared for Associate CSSLP and academia is a long and arduous With continued support from NIST/NICE, The skills gap for tech workers is unacceptably high. certification process, but it is essential for successful the Department of Labor, and the Department of • Are trained in quality methods implementation of apprenticeship programs Homeland Security, we anticipate expansion of Analysis by the Georgetown University Center • Are trained to be self-managed for workforce development, and skills the secure software development programs at the on Education and Workforce [23] found that U.S. • Are experienced with your processes, formation in high-wage, high-technology, community college level, broad recognition of the employers spend nearly $600 billion annually on standards, and procedures secure software development positions. CICESS apprenticeship program, and development formal and informal post-secondary workforce • Understand your business fundamentals, of a certification in secure software development. education and training, in addition to the $400 billion corporate culture, and customer focus, Current Status and Future Plans spent on two-year and four-year college courses. leading to higher productivity and Acknowledgements eventually leading to positions of increased ICC has experienced quite a bit of interest in It takes an average of over five months for new responsibilities the academic program from many types of local An earlier version of this paper, by the same employees to reach full productivity. The cost to • Are loyal to the company that trained employers. The apprenticeship program and the authors, was presented at the Conference on Software replace an employee ranges from 6 to 24 months of and hired them, leading to a more stable CICESS partnership is gaining membership and Engineering Education and Training (CSEET) [24] the position’s salary. These costs of the status quo workforce interest from businesses in the Peoria area. Some are not sustainable in the global economy. • Are willing, content, and happy to work for of those same organizations and others plan to send PSPSM and TSPSM are service marks of a local employer, resulting in a motivated current employees to ICC to brush up their skills in Carnegie Mellon University. In the presentations to potential participating and satisfied workforce Secure Software Development. ICC is developing a employers, we highlighted the following value certificate program to answer this need. References proposition from the CICESS apprentice program: One of the CICESS employers shows an anticipated return of $1.83 for every $1.00 invested ICC is also working with local high schools to [1] G. Seshagiri, “Emerging Cyber Threats Call for • Augmentation of your current workforce in the CICESS apprentice using an ROI calculator develop pathways into the program through dual a Change in the ‘Deliver Now, Fix Later’ Culture of development methods developed by the Manufacturing Institute. credit/dual enrollment. Students interested in this Software Development,” White Paper, ASIS ISC2 • Ability to plan for and satisfy future needs career path are encouraged to take computer science Security Congress, September 2013. for hard-to- fill secure software developers VI. Lessons learned, Conclusions, and Future courses in high school, as well as logic, math, and • Ability to build a secure software talent Plans other general education courses. [2] J. Peeler, “(ISC)² Study: Workforce Shortfall pipeline that includes women and minorities Due to Hiring Difficulties Despite Rising Salaries, who are trained, mentored, and certified Lessons Learned Since the initial curriculum work was Increased Budgets and High Job Satisfaction Rate,” • A cost-effective solution to training and completed, the SEI has produced a certificate (ISC)² Blog Post, April 17, 2015, retaining new workers in secure software • We need to improve our access to decision program in cybersecurity engineering and software available at http://blog.isc2.org/isc2_ development makers at employers assurance https://www.sei.cmu.edu/education- blog/2015/04/isc-study-workforce-shortfall- due-to- • High retention rates when apprentices • For workforce development, we need outreach/credentials/credential.cfm?customel_ hiring-difficulties-despite-rising-salaries-increased- become full-time employees to reach out to Human Resources (HR) datapageid_14047=33881 for learners in the budgets- a.html. executives as well as CIOs and CISOs workplace. The certificate program draws heavily We emphasize these unique features of the • Better communication, a strong message on the SwA Curriculum work. The SEI will [3] T.B. Hilburn and N. R. Mead, “Building Security design and implementation of the CICESS: and timeline need to be conveyed to the continue its involvement in transitioning the SwA In: A Road to Competency,” L. Goldrich (Ed.), IEEE employers and understood as they all go Curriculum. Security & Privacy, September/October 2013, pp. • Industry-defined competencies and through the hiring process. 89-92. certification in secure software development • We were pleased with the caliber of The cybersecurity education community has also • Employer-led governance model the cohort in terms of positive attitude, started to produce new guidelines for cybersecurity [4] N.R. Mead and T.B. Hilburn, “Building Security • World-class training while paying motivation and work readiness. education, as volunteer follow-on activities to In: Preparing for a Software Security Career,” L. apprentice wages workshops sponsored by NSF and NSA. The Goldrich (Ed.), IEEE Security & Privacy, November/ • Apprentices doing an increasing number of NACE Workshop held in June 2018 https://cisse. December 2013, pp. 80-83. hours of productive work info/news/918-22nd-colloquium-new-approaches-

24 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 25 [5] State of Washington Workforce Training and [15] N. R. Mead et al., Software Assurance Education Coordinating Board, “2013 Workforce Curriculum Project, Volume I: Master of Software Have My Smart Lightbulbs Been Weaponized? Training Results by Program: Apprenticeship,” Assurance Reference Curriculum, Technical Report available at http://www.wtb.wa.gov/Documents/2_ CMU/SEI-2010-TR-005, Software Engineering David Zeichick Apprenticeship_2013.pdf. Institute, Carnegie Mellon University, August 2010. California State University, United States

[6] B. Olinsky and S. Steinberg, “Training for [16] N. R. Mead et al., Software Assurance Success - A Policy to Expand Apprenticeships in Curriculum Project Volume II: Undergraduate Abstract— Internet of Things (IoT) devices are Students’ gain a startlingly glimpse into the the United States,” November 2013, Center for Course Outlines, Technical Report CMU/SEI-2010- being produced by manufacturers that contain critical flaws of one of the most popular smart home devices, security flaws (Hunt, Letey, & Nightingale, 2017). American Progress. TR- 019, Software Engineering Institute, Carnegie Google’s Nest, in the article Is Anybody Home? Criminals are leveraging IoT devices’ vulnerabilities Inferring Activity from Smart Home Network Mellon University, August 2010. to hijack the devices into becoming part of their Traffic (Copos, Levitt, Bishop, & Rowe, 2016). The [7] U.S. National Security Agency “National Centers botnet. In late 2016, a botnet consisting of thousands of of Academic Excellence in Information Assurance [17] N.R. Mead et al., Software Assurance compromised smart devices attacked a domain name research presented by Copos et al. demonstrates (IA)/Cyber Defense (CD),” available at https:// Curriculum Project Volume III: Master of Software server, effectively making major websites such as how it is possible to track if a resident is home or www.nsa.gov/ia/academic_outreach/nat_cae/. Assurance Course Syllabi, Technical Report CMU/ Twitter and Reddit inaccessible (Dobbins, 2016). Over away and, over time, build a complete timeline of SEI-2011-TR-013, Software Engineering Institute, the last few years there has been an explosive growth their activity. This article can also be used to test [8] National Initiative for Cybersecurity Careers and Carnegie Mellon University, March 2011. in the number of IoT devices purchased for household and, if necessary build, students’ comprehension of Studies (NICCS) website, available at https://niccs. use, dramatically increasing the number of eligible concepts such as DNS, hashing, and ICMP. new recruits for the IoT botnet army (Sivaraman, us-cert.gov/home/about-niccs. [18] N.R. Mead et al., Software Assurance Gharakheili, Vishwanath, Boreli, & Mehani, 2015). Curriculum Project Volume IV: Community College To round out students’ background knowledge they should learn about the smart device botnet in [9] National Initiative for Cybersecurity Education, Education, Technical Report CMU/SEI-2011- IoT devices, in comparison to personal computers, “Cybersecurity Workforce Framework,” National TR- 017, Software Engineering Institute, Carnegie present a new security challenge for consumers that the article IoDDoS — The Internet of Distributed Institute of Standards and Technology, available at Mellon University, September 2011. cannot be solved with traditional solutions, such as Denial of Service Attacks A Case Study of the Mirai http://csrc.nist.gov/nice/workforce.html. anti-virus software and automatic patching. This is Malware and IoT-Based Botnets (Hallman, Bryan, [19] American Association of Community Colleges, due to IoT devices’ constrained resources including: Palavicini, Divita, & Romero-Mariona, 2017). The [10] U.S. Department of Homeland Security, “The “2014 Fact Sheet,” April 2014, available at http:// limited power, a slow processor, and minimal storage. researchers in this article do an in-depth dive into National Cybersecurity Workforce Framework,” www.aacc.nche.edu/AboutCC/Documents/Facts14_ This is leading researchers to explore establishing the Mirai botnet including an analysis of the botnet’s security of home IoT devices at the network level. available at http://www.dhs.gov/national- Data_R3.pdf. code. This can get very technical, so it is important cybersecurity-workforce-framework. to guide the students through the article at a high I. Prerequisites [20] T. Hilburn et al., Software Assurance level, leaving room for advanced students to learn [11] U.S. Department of Labor Apprenticeship Competency Model, Technical Note CMU/SEI- more on their own. For a successful outcome, students must have an website, available at http://www.dol.gov/ 2013-TN-004, Software Engineering Institute, intermediate level of programming experience which apprenticeship/. Carnegie Mellon University, March 2013. III. Assignment Overview includes working with libraries. A background in Python is not required but would make setting up the [12] U.S. Department of Labor, “$100M in grants [21] Psychometrics, Berger Aptitude for The assignment described in this paper involves programming environment much easier. Students to transform apprenticeship for the 21st century by Programming Test (B-APT), website, available at actively creating both an IoT device and a program must also have some networking knowledge; they expanding training into new high- skilled, high- http://www.psychometrics-uk.com/page26.html. that monitors the IoT device’s behavior. Students should be familiar with networking tools such as growth industries,” Department of Labor press will broaden their programming knowledge by Wireshark and any packet capture utility. It is also release available at http://www.dol.gov/opa/media/ [22] A. Fisher. “Unfilled jobs cost the U.S. economy implementing Python’s socket library and interfacing important that students are comfortable working in a press/opa/OPA20142233.htm. $160 billion a year,” FORTUNE, November 18, with a web application’s API. Core networking Linux environment. 2014. concepts, which is a vital skill in cyber security, are [13] Illinois Central College, “ICC Hosts Inaugural addressed through analyzing network traffic on the II. Background Information National Apprenticeship Week Events November [23] A.P. Carnevale, J. Strohl, and A. Gulish; router using a Linux command line tool. 2-6,” October 12, 2015, available at https:// “College Is Just the Beginning,” Center on Education To maximize the learning outcomes of this icc.edu/news/icc-hosts-inaugural-national- and the Workforce McCourt School of Public Policy, The project is divided into four separate phases assignment it is important that students have some apprenticeship-week- events-november-2-6/. Georgetown University, 2015, available at https:// to reduce the overall complexity. The phases include: context of smart home devices and the devices’ cew.georgetown.edu/report/trilliontrainingsystem/. 1) connecting the sensor to the Pi and writing code on security problems. A great article about the current [14] Central Illinois News Now, “National the Pi to react to the sensor being tripped, 2) adding use of smart home devices is Paul’s Smart Home Apprenticeship Week kicks off at ICC,” November [24] Mead, N.R., Seshagiri, G, Howar, J., Meeting functionality on the Pi so that a text is sent when the Diary (2018) (2018). In the article Paul outlines all 2, 2015, available at http://www.cinewsnow.com/ Industry Needs for Secure Software Development, sensor is tripped, 3) capturing the network traffic of the smart home devices he has decided to include news/local/National-Apprenticeship-week- kicks- Conference on Software Engineering Education & on the router to establish a normal baseline, and 4) in his new home and talks about why he made each off-at-ICC-339672212.html Training (CSEET), April 5-6, 2016, IEEE Computer writing a program on the router to alert the user when choice. Society Proceedings. the network traffic deviates from the baseline.

26 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 27 IV. What to Purchase Passive Infrared Motion Sensor (PIR) Wireless Router Configuration Phase 3: Monitor for Deviant Traffic Connection and Python Program Please purchase these items as soon as possible. 1. configure router and set the SSID and The goal of this phase is to have your router 1. All of the directions on how to connect the password generate an alert whenever your Raspberry Pi sends 1. Raspberry Pi (make sure it has wifi) sensor to the Pi and the Python code that 2. connect the wireless router to one of the a packet to a site outside the norm established in 2. Micro SD card with adapter interacts with the sensor can be found here. open switch ports (in the networking lab) the previous lab. The idea is that you established The program is only a few lines of code 3. test your Raspberry Pi’s connection to a normal baseline of network traffic when you Mini router with OpenWrt installed (if OpenWrt and is fairly easy to understand. The part wireless router performed a capture while running your Text when is not installed make sure it is compatible with of the lab that students seemed to have the Tripped lab. If the traffic deviates from this norm OpenWrt). It is less complicated if your router has most difficulty with was setting the sensor’s Phase 2: Text When Tripped then something malicious could be occurring and at least 256 MB RAM. If it does not, it is possible to sensitivity level which is adjusted via a you should be notified. expand your router’s storage with an external USB knob on the sensor. Program your Raspberry Pi to text you drive. The directions to do so are here: https://wiki. whenever the sensor is tripped. Setup. Create a Python program on the router openwrt.org/doc/howto/extroot Figure 1: Passive Infrared Motion Sensor (PIR) that sends an alert whenever a destination IP is 1. Sign up for an account at Twilio different than the destination IPs observed during Phase I: Raspberry PI and Sensor Integration 2. Use Twilio’s SMS API for Python to send the packet capture lab. This alert can be as simple as texts a message on the router’s interface, an email sent, or 1. Install the Raspbian operating system onto 3. Add code to your sensor lab to send a text to a text message via Twilio. One note is that students a micro SD card Twilio when the sensor is tripped ran into significant challenges installing Twilio’s 2. Insert the SD card into the bottom of the Python packages onto the router. This is unexpected Raspberry Pi Phase 3: Capturing Network Traffic because the packages installed fine on the Pi.

Set a Static IP on Your Raspberry Pi. Capturing Communication with tcpdump Conclusion

• You need to set a static IP address on your Tcpdump can be installed on OpenWrt router Overall, students were very successful Raspberry Pi so that you can SSH into it itself. Therefore, this approach eliminates the need implementing this project. Over 90% of the (if the IP is dynamic, then you won’t know of having a remote Wireshark or similar listener to students successfully completed the first three what IP address to SSH into). analyze the traffic in real-time. phases. Unfortunately, only 60% of the class was able to complete the final phase. One main reason • Go here for directions on how to set a static 1. SSH into OpenWrt installed router and for this lack of success is that many students IP address install tcpdump with the commands: attempted to use Twilio to send a message from the router whenever deviant traffic was spotted and, as Enable SSH on Your Raspberry Pi • opkg update previously mentioned, the Twilio library for Python • opkg install tcpdump is extremely difficult to install on OpenWRT. • You will need to SSH into your Raspberry Pi so that you won’t have to connect it to a 2. Execute below command to listen on Future projects can build upon work done in Figure 2: GPIO Pinout Diagram Wireless Router monitor each time you use it. Configuration interface (-i) and store captured information this project. One idea is to have students monitor the to a file (-w) and be verbose while doing so traffic patterns of an actual home IoT device, such • To do this you will need to enable SSH on (-v): as a Nest. They could analyze all of the outgoing you PI. Directions to do this are here traffic destinations to determine the various sites that • tcpdump -i any -v -w pcap.cap the Nest communicates with. • You will also want to change the default password so that only you can SSH into 3. Now run your Text When Tripped lab. References your Pi. 4. Retrieve and open the pcap.cap file with [1]Copos, B., Levitt, K., Bishop, M., & Rowe, J. Set Your Pi to Automatically Connect to WiFi Wireshark for further analysis. (2016). Is Anybody Home? Inferring Activity From Smart Home Network Traffic. In 2016 IEEE Security • Since you will be working with a “headless” Bunch of tcpdump usage examples are available at: and Privacy Workshops (SPW) (pp. 245–251). Pi (not connected to a monitor) you will need https://doi.org/10.1109/SPW.2016.48 it to connect to WiFi automatically on boot. • http://www.rationallyparanoid.com/ articles/tcpdump.html [2] Dobbins, R. (2016). Mirai iot botnet description • The directions to connect automatically to and ddos attack mitigation. Arbor Threat Intelligence, WiFi are here. 28.

28 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 29 [3] Hallman, R., Bryan, J., Palavicini, G., Divita, J., & Romero-Mariona, J. (2017). IoDDoS—The Internet of Distributed Denial of Sevice Attacks.

[4] Hunt, G., Letey, G., & Nightingale, E. (2017). The Seven Properties of Highly Secure Devices. Microsoft Research.

[5] Sivaraman, V., Gharakheili, H. H., Vishwanath, A., Boreli, R., & Mehani, O. (2015). Network- level security and privacy control for smart-home IoT devices. In Wireless and Mobile Computing, Networking and Communications (WiMob), 2015 IEEE 11th International Conference on (pp. 163– 167). IEEE.

[6] (2018, March). Week 1: Paul’s Smart home diary.

Theoretical Perspectives

30 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 31 The confusion caused by the shifting and Example(s): Competency is Not a Three Letter Word inconsistent inclusion of competency components was perhaps best captured by LeDeist & Winterton • [1] The field of Identity and Access A Glossary Supporting Competency-based Instructional [4, p. 29] who review the history of definitions for Management may include the following Design in Cybersecurity competence. They conclude it is a “fuzzy concept” set of domains: a) User Account that may be best defined as “a characteristic” shown Management, b) Access Control Lists, c) to drive superior job performance that includes User Authentication, d) Security Group David H. Tobey Robin A. Gandhi knowledge, skills, attitudes, traits, habits, abilities, Administration (system access rights Indiana University South Bend, United States University of Nebraska at Omaha, United States and motives, with some combining outputs and and application permissions), e) Physical inputs, but which conflates constructs in tautological Security (facility access rights), and f) User/ Alan B. Watkins Casey W. O’Brien definitions despite attempts to create “coherent system log file analysis. National University, United States National CyberWatch Center, United States terminology.” In other words, competency is not a three-letter ‘word’ (or acronym) but is instead a • [2] The field of Network Security complex, multidimensional construct which must be Administration may include the following Abstract— Competence is a complex, competing terms. However consistent application decomposed to fully understand. set of domains: a) Firewall Configuration, multidimensional construct which must be decomposed is required to avoid confusion when implementing b) Router Configuration, c) Access Control to fully understand. We review the prevalent problems a competency-based mastery curriculum and its Consequently, we decided to develop a glossary Lists, d) System Log File Analysis, e) with the term competency, a term that is essential to desired KSA outcomes. Englander et al later in their of terms that eliminated recursive definitions to bring Network Traffic Analysis, f) Incident clarify if we hope to accurately assess the efficacy of article (p. 5) state their expectation that a competent clarity to competency-based instructional design. Response Planning, g) Network Security competency-based education. We develop a glossary We begin with a definition of mastery and each of Provisioning (ensuring proper system- of terms that eliminate recursive definitions to bring professional will: “Develop the ability to use self- awareness of knowledge, skills, and emotional the key sub-concepts. The result is a hierarchical to-system and application-to-application clarity to competency-based instructional design. taxonomy where the top term references another access), and h) Intrusion Detection System/ The proposed taxonomies suggest a framework for limitations to engage in appropriate help-seeking glossary term that is defined subsequently. Glossary Intrusion Prevention System (IDS/IPS) evaluating and organizing submissions for the new behaviors.” If we substitute in this statement the Cybersecurity Skills Journal. singular terms for ability, as defined in the brackets terms are highlighted in red italics. Beginning with Configuration. above, the result is a recursive definition. The the definition of mastery, or the proper attribution Keywords—Competency, Mastery, Assessment, statement would read: “Develop the ability to use to be made of a master, we progressively define Domain: A set of competencies. Definition, Taxonomy self-awareness of [ability] to engage in appropriate each level of the taxonomic hierarchy leading to help-seeking behaviors.” In other words, competent the foundational terms of task and concept. To • These competencies are required to fulfill I. Introduction people have the ability to be aware of abilities which avoid the conflation that limited the utility of prior one or more responsibilities that are requires the ability to be aware of their ability to be conceptions of competency, the foundational terms sufficient and necessary to accomplish one For many the word competence equates to aware of abilities. Confusing? We thought so. do not reference any other defined phrase in the or more goals. three letters: K, S, and A. The first two initials are taxonomy. Where applicable, examples related to rarely confused, K is for knowledge and S is for Similar confusions exist in the IT domain. The cybersecurity are provided to assist in understanding Example(s): skill. The third letter, A, has at least four possible ACM /IEEE-CS IT2017 report [2] puts forth a the connotation of each term. associations in the literature on competencies: formulaic definition of Competency = Knowledge • [1] User account lifecycle management ability, aptitude, attitude, and attribute. Each of these + Skills + Dispositions, where “Dispositions II. Taxonomy of Mastery Learning • [2] Firewall configuration terms has distinct meaning with little overlap in their encompass socio-emotional skills, behaviors, and • [3] network router configuration connotation, yet often definitions of competence attitudes that characterize the inclination to carry out Mastery (Master): The ability to generalize • [4] Windows system administration use them interchangeably, thereby conflating the tasks and the sensitivity to know when and how to expertise. meaning of competence. engage in those tasks.” They adopt Schussler’s view Competency (Competence, Competent): [3] that a disposition “concerns not what abilities Ability: Variation in the application of expertise Demonstration of skill in task performance. The conflation worsens when one of the concepts people have, but how people are disposed to use those across a field. is used in a definition of ability that then refers to abilities.” In this definition of competency, abilities another of the conflated terms. For example, in have been removed entirely. The “A” of KSA has been Expertise (Expert): Performance of domain- Skill: Perform practices in a consistent manner proposing a taxonomy of competencies for the replaced by “dispositions” to define competency as specific practices. despite the presence of distress or distraction. health professions, Englander et al [1, p. 2] defines KSD! In doing so, the task force is implying that competence as an “array of abilities [knowledge, abilities have no impact on competency which runs Field: A set of domains. Practice: The situational knowledge and skills, and attitudes, or KSA] across multiple counter to the vast literature on competency. At the conditional knowledge required to select the domains or aspects of performance in a certain same time, the report includes “the application of • For domains in a set, there is shared applicable procedural knowledge. context.” Here ability is defined in the brackets to be learning to new situations” in the definition of the agreement that the set is sufficiently and synonymous with all aspects of KSA, using attitude knowledge component. This transfer of learning is necessarily differentiated from domains in Situational knowledge: Knowing Where to specify the subordinate A term. Authors are often associated with expertise-related ability. other sets; however, it is possible for a single conditional knowledge is needed. certainly entitled to their semantic choice among the Domain to be included in more than one set.

32 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 33 • The environmental factors that are • [2] A learner knows how the strcpy function would include the “principle of least Figure I. Ability (Adapted from [13]) necessary or sufficient for conditions to be in C programming language copies the privileges” which has a definition; (2) a present. source buffer into the destination buffer. It Procedural Concept would include “limiting copies one character from source buffer into access rights” which consists of steps to Example: the destination buffer until it encounters a achieve a goal. null character in the source buffer. • [1] A learner knows where in written prose Research extending back to Bloom’s [7] the first letter in the word apple is uppercase Declarative knowledge: Knowing What a concept seminal article, has found that mastery learning or lowercase. Such conditions would be at means. techniques are the most effective, efficient and the start of a sentence or if Apple is a proper engaging learning strategies due to the focus noun. • he “concept; fact, proposition and the richly placed on developing skills and creating ability to interlinked associations among them. This transfer competence across domains [8]–[11]. The • [2] A learner knows where in a C program form of knowledge can be spoken about and American Psychological Association’s Task Force the source and destination string buffers written down“ [5, p. 26] on Assessment of Competence [12] argued that could be influenced by user input and accurate assessment of competence is essential hence, check their length and appropriate Example: to develop and certify the attainment of mastery. null termination before using the strcpy The assessment of instructional efficacy and the III. competency Assessment Taxonomy function. • [1] A learner knows what are the letters assurance of learning are two essential components in the alphabet and that the word “apple” of competency-based instructional design provided Threshold: The transition point, or liminal space Conditional knowledge: Knowing When a step means: The fruit. insufficient coverage at the Community College [14], that determines the level of proficiency. in or branch of procedural knowledge should be Cyber Summit (3CS), the focus of this special issue executed. • [2] A learner knows what the strcpy (Tobey, this issue). Accordingly, in next section we • “akin to a portal, opening up a new and (destination, source) function does in provide a competency assessment taxonomy. previously inaccessible way of thinking • It is similar to an if/then statement. the C programming language. It copies about something. It represents a transformed the contents of the source buffer to the Previously, we defined mastery as the ability to way of understanding, or interpreting, Example: destination buffer. generalize expertise, where ability is measured by or viewing something without which the the variation in the application of expertise across learner cannot progress…They must be • [1] A learner knows when to write the word Task: The performance of an activity to produce a field. This definition is consistent with Carroll’s transformative, irreversible, integrative, apple with an “s” at the end. If there are outcomes that achieve a desired goal state. [13] use of task difficulty thresholds as indicators bounded, and troublesome” [14, p. 1]. multiple apples then “s” is needed at the and differentiators of ability. Thus, it is important end. • Per Carroll [2], “any activity in which to be able to systematically modulate task difficulty • As such, from an assessment perspective a person engages, given an appropriate to accurately measure ability. Carroll [13, p. 8] thresholds can be of three types: Knowledge/ • [2] A learner knows when the source buffer setting, in order to achieve a specifiable defined ability as, “the possible variations over Concept thresholds, skill/action thresholds string supplied as input to the strcpy class of objectives, final results, or terminal individuals in the liminal levels of task difficulty and ability/judgement thresholds. function in C programming language is not states of affairs.” (or in derived measurements based on such liminal null terminated, strcpy will keep writing the levels) at which, on any given occasion in which all Example(s): source buffer string to the destination buffer Example: conditions appear favorable, individuals perform until it finds a null terminator, even beyond successfully on a defined class of tasks. In this • [1] Many learners have preconceived the bounds of the destination buffer. • [1] Use the word apple with appropriate definition, levels are specified as liminal (threshold) misconceptions about how and why electric grammar in given situations. values in order to take advantage of the fact that the charge flows within an electric circuit. It Procedural knowledge: Knowing How most accurate measurements are obtained at those would be reasonable to believe that the declarative knowledge is sequenced, interrelated, or • [2] Write an input statement in C that limits levels” (emphasis in original). Figure 1 visualizes charge that flows through a circuit to operate intermixed to produce an output. user input to a desired length. ability as a function of the probability of success a flashlight bulb must originate in the at thresholds of task difficulty. We propose that the flashlight battery compartment. However, in • A procedure is a sequence of steps in Concept: Symbols or designations, e.g., categories, diagnostic identification of, and passage through, reality a electrochemical cell only supplies performing an action. labels, relations, etc.“on which there is shared thresholds is the purpose of competency assessment. the energy needed to move a charge from agreement as to their meaning” [6, p. 46]. a low potential location to a high potential Example: location. The charge that flows through a • Shared agreement does not need to rise to circuit originates in the wires of the circuit. • [1] A learner knows how to write the word the level of general consensus or unanimity The charge carried in wires are simply apple. An “a” followed by two “p”s, an “l” for a concept to be defined. the electrons possessed by the atoms that and an “e”. make up the wires. “Flow of charge” can • Example(s): (1) a Declarative Concept be considered a threshold concept for any

34 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 35 further studies on electronic circuits. (http:// • Guessing has traditionally been estimated library behaves and acts like the JAVA Therefore, a primary contribution of this paper is www.physicsclassroom.com/class/circuits/ by a psychometric calculation when runtime engine. Or a belief that string to assist future presenters and workshop planners Lesson-2/Common-Misconceptions- performing logistic model analysis of lengths are explicitly maintained for strings for the Community College Cyber Summit (3CS) Regarding-Electric-Circuits) item characteristic curves. Hambleton, in C and are used by string manipulation in extending the coverage of evidence supporting Swaminathan & Rogers [15, p. 17] describe functions like strcpy to prevent buffer learning and instruction as called for in the opening • [2] Many learners have preconceived the calculation of a “pseudo-chance-level overflows. article of this special issue. notions about how strings are defined, parameter [that] provides a (possibly) stored and processed in C. Depending on nonzero lower asymptote for the item Confidence: A self-expressed level of belief by Two taxonomies were proposed. The first prior experience with other programming characteristic curve and represents the a learner in the accuracy of their knowledge for taxonomy elaborated the meaning of mastery while languages, novice programmers may probability of examinees with low ability choosing the selected answer [17]. the second taxonomy defined the terms needed to expect strings in C to be automatically answering the item correctly.” By defining effectively implement competency assessment. The managed during string manipulations. guess as explicitly expressed low confidence • “When we say that S knows p, we imply link between these two taxonomies is the concept However, in reality C places a lot of burden in a effective practice, a stochastic analysis that it is not just an accident that S believes of practice. Competence is therefore proposed on the programmer to manage strings in of guessing is unnecessary. The item the truth with respect to p. On the contrary, as situated in the skillful performance of a task. exchange for fine grained and direct access confidence rating provided by the test-taker we mean to say that S gets things right Practice is proposed as the essence of skill. Thus, to string memory locations. As result, the determines the level of guessing involved. with respect to p because S has reasoned the proposed taxonomies suggest a framework concept of null terminated strings in C in an appropriate way, or perceived things for evaluating and organizing submissions for the can be considered a threshold concept for • For example, the learner expresses low accurately, or remembered things well, etc. new Cybersecurity Skills Journal, a much-needed any further studies on string-related buffer confidence in explicitly validating buffer We mean to say that getting it right can be scholarly focus on effective competence theory and, overflows. length before the use of strcpy function, put down to S’s own abilities, rather than to well, practices! as an effective practice to avoid buffer dumb luck, or blind chance, or something Proficiency (Proficient): Comprehensive and overflows. else.” [18, p. 18] (emphasis added) S’s References accurate understanding in the absence of ignorance, strong belief in p stems from their past misunderstanding and misconception. Misunderstanding: Low confidence in a practice experiences with that subject matter. [1] R. Englander, T. Cameron, A. J. Ballard, J. that the learner is unaware is ineffective. Dodge, J. Bull, and C. A. Aschenbrener, “Toward Understanding: High confidence in an effective • Example: A programmer (S) with prior Java a Common taxonomy of competency domains practice. • Low confidence in an ineffective practice experience expresses a high level of belief for the health professions and competencies for may occur due to a learner’s awareness of that memory is managed automatically for physicians,” Acad. Med., 2013. • Practice is the connecting link between gaps in the conceptual schemas forming a C program. the mastery taxonomy and competency their mental models [16]. [2] ACM/IEEE Task Group on Information assessment taxonomy. Practices are Learner: A person who is engaged in the learning Technology Curricula, Information Technology effective or ineffective. • For example, the learner expresses low process by either taking formal education courses Curricula 2017: Curriculum Guidelines for confidence in the ineffective practice (i.e., a “student”) or other types of training courses. Baccalaureate Degree Programs in Information • For example, in the C programming of relying on the C standard library to Technology. New York, NY, USA: ACM, 2017. language, strcpy relies on the null automatically manage memory when using • Since learning takes place in many different terminator at the end of the source buffer the strcpy function. venues using different formats, media, [3] D. L. Schussler, “Defining Dispositions: Wading to stop copying characters to the destination and techniques, using the term “Learner,” Through Murky Waters,” The Teacher Educator, buffer. It does not check the length of the Misconception: High confidence in a practice that provides broader coverage than using vol. 41, no. 4, pp. 251–268, Mar. 2006. destination buffer before copying, so it is the learner is unaware is ineffective. “Student,” which traditionally is limited to [4] F. D. Le Deist and J. Winterton, “What is an unsafe function. But, strcpy is also a an academic environment. competence?,” Human Resource Development fast way to copy buffer contents. Checking • High confidence in an ineffective practice International, vol. 8, pp. 27–46, 2005. buffer lengths before using strcpy is an may occur due to incorrect relationships IV. Discussion effective practice. High confidence in the [16] among the nodes in conceptual [5] S. Billett, “Integrating experiences in workplace belief that validating buffer length is the schemas forming their mental models of This paper has sought to establish a clear, and university settings: A conceptual perspective,” responsibility of the programmer, and not which the learner is unaware. non-recursive, and coherent taxonomy of terms in Developing learning professionals: Integrating the C standard library leads to a correct that can better support the instructional design of experiences in university and practice settings, understanding of this practice. Explicit • For example, the learner expresses a very competency-based education in cybersecurity. We S. Billett and A. Henderson, Eds. Dordrecht, validation of buffer length before the use of high confidence in the ineffective practice have attempted to eliminate the confusion that is Netherlands: Springer, 2011, pp. 21–40. strcpy function is an effective practice of relying on the C standard library to often caused by intermingling terms and conflating to avoid buffer overflows. automatically manage memory when using the meaning of core concepts. We began by [6] P. D. Reynolds, A primer in theory construction. the strcpy function. The high confidence explaining the prevalent problems with the term Indianapolis: Bobbs-Merrill, 1971. Guessing: Low confidence in a practice that the may stem from a strong belief in non- competency which is essential to develop and learner is unaware is effective. normative theories such as: C standard assess the efficacy of competency-based education. [7] B. S. Bloom, “Learning for mastery,” Evaluation

36 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 37 comment; Reprinted by Regional Education and work-related performance: A meta-analysis,” Laboratory for the Carolinas and Virginia (Durham, Psychol. Bull., vol. 124, no. 2, pp. 240–261, 1998. NC), vol. 1, no. 2, pp. 1–12, 1968. [18] J. Greco, “Knowledge and success from ability,” [8] J. H. Block, “Introduction to mastery learning: Philos. Stud., vol. 142, no. 1, pp. 17–26, Jan. 2009. Theory and practice,” in Mastery learning: Theory and practice, J. H. Block and P. W. Airasian, Eds. New York: Holt, Rinehart and Winston, 1971, pp. 2–12.

[9] B. S. Bloom, “The 2 sigma problem: The search for methods of group instruction as effective as one-to-one tutoring,” Educ. Res., vol. 13, pp. 4–16, 1984.

[10] C. Ames and J. Archer, “Achievement goals in the classroom: Students’ learning strategies and motivation processes,” J. Educ. Psychol., vol. 80, no. 3, pp. 260–267, 1988.

[11] J. A. C. Hattie and G. M. Donoghue, “Learning strategies: A synthesis and conceptual model,” npj Science of Learning, vol. 1, p. 16013, 2016. 3CS Fifth Anniversary Resource Guide [12] N. J. Kaslow et al., “Guiding principles and recommendations for the assessment of competence,” Prof. Psychol. Res. Pr., vol. 38, pp. 441–451, 2007.

[13] J. B. Carroll, Human cognitive abilities: A survey of factor-analytic studies. Cambridge: Cambridge University Press, 1993.

[14] J. H. F. Meyer and R. Land, “Threshold concepts and troublesome knowledge: Linkages to ways of thinking and practising within the disciplines,” in Improving student learning theory and practice - 10 years on: proceedings of the 2002 10th International Symposium Improving Student Learning, C. Rust, Ed. Oxford: Oxford Centre for Staff & Learning Development, 2003, pp. 1–15.

[15] R. K. Hambleton, H. Swaminathan, and H. J. Rogers, Fundamentals of item response theory. Newbury Park, Calif.: Sage Publications, 1991.

[16] M. K. Kim, “Theoretically grounded guidelines for assessing learning progress: Cognitive changes in ill-structured complex problem-solving contexts,” Educ. Technol. Res. Dev., vol. 60, no. 4, pp. 601–622, 2012.

[17] A. D. Stajkovic and F. Luthans, “Self-efficacy

38 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 39 PATHWAY SECTION: the concepts being explored for assessing student National Science Foundation, provided training required to implement effective information security performance within a virtualized environment. opportunities in cyber defense labs and exercises management across a broad spectrum of security FUNDAMENTALS Real-world examples of these concepts will be and a CompTIA Security+ course to high school disciplines. The course introduces topics like risk demonstrated on a cybersecurity training platform teachers. This study investigated the effectiveness management, strategic planning, implementation managed by the Cyber Workforce Development of NCC Cyber Security CTE Educator Academy of security controls, and using information security Team at the Software Engineering Institute. program on improving teachers’ knowledge, skills, management frameworks like ISO 27000 and PCI. and practice. In a broader view, the purpose was to The session will include a demonstration of the Pathway Model Competency Area: Information Security determine the value of the academy program and student activities, instructor presentation materials Fundamentals Pathway Model Competency Area: Information Security to determine whether activities within the program and assessment tools. Instructional Design Elements: Assessment Fundamentals vary in their effectiveness and to try to understand Instructional Design Elements: Assessment the reasons for this variation. Creating a Cybersecurity Program That Values Packaged Certification Exam Content - Open Pathway Model Competency Area: Information Security and Prepares Students for Industry Certifications Fundamentals Resource for Community College Students Instructional Design Elements: Instruction Dave Termunde Pathway Model Competency Area: Information Security Steve Linthicum Fundamentals Center for Systems Security and Information Instructional Design Elements: Instruction Intro Cybersecurity Curriculum Resources for Assurance (CSSIA) Your Classroom This session provides both an introduction to Learning and playing: Integrating competition It has been debated for years; do industry CompTIA’s IT Fundamentals certification as well experiences into formal curriculum Deborah Boisvert certifications really make a difference? Our team as faculty access to “free” learning content created Broadening Advanced Technological Education will present the facts! The session will share data by community college faculty members working as Casey O’Brien, Director Connections (BATEC) that demonstrates a direct association between development teams utilizing” Strong Workforce” National CyberWatch Center certifications and student success. The session will grant funding from the California Community This workshop features hands-on exploration of include a demonstration of the tools used by students College Chancellor’s Office. Recognizing the This panel presentation describes how the National two curriculum units/course modules that are freely and faculty to improve the student pass rates. The importance of pathways into cybersecurity programs Cyber League, capture-the-flag competition, was available and ready to implement in your introductory session will share initiative used to increase the available at community colleges, this project focuses integrated into the teaching practice of faculty at one classroom. Orientation to a Cybersecurity Career, a number of students taking exams. Our team will on the development of no-cost learning content that hundred twenty 2- and 4-year institutions in the fall 16-hour unit designed to introduce the many career includes a supplement to the existing e-textbook demonstrate tools like MeasureUp software and lab of 2013. opportunities in the Information Security career exercises that impact student pass rates. Session will currently provided by CompTIA, course labs, sample field, provides a self-exploration of the cybersecurity also include a brief review of how to create a private chapter quizzes, and updated learning resources for careers currently available as well as how and where Pearson Vue testing center allowing our students the new FC0-U61 exam. This course will serve to gather data associated with currently advertised and faculty the opportunity to take tests on site. a foundation role for students with its focus on IT Pathway Model Competency Area: Information Security jobs. Each participant completes an extensive Fundamentals Participants will take away tools to help set students Fundamentals certification, viewed by CompTIA job search, analyzes findings, and presents the as the first in its line of core certifications inits Instructional Design Elements: Instruction up for success. knowledge, skills and abilities required of each job recommended” Cybersecurity Career Pathway.” posting culminating in a self-assessment survey Information Security Management Content: and creation of a custom study plan. Cybersecurity CASP Pathway Model Competency Area: Information Security Essentials is a 30-hour unit that can be added to an Fundamentals Pathway Model Competency Area: Information Security existing IT Essentials or A+ curriculum to expose Fundamentals Dr. John Sands Instructional Design Elements: Assessment students to cybersecurity. This new curriculum maps Instructional Design Elements: Efficacy Center for Systems Security and Information to elements of the NICE Framework and provides Assurance (CSSIA) Assessing Student Performance in a Virtualized a learning environment in which students build Impact of a CTE Professional Development Lab Environment practical skills and problem-solving abilities. Program on Teachers’ Knowledge, Skills, and The session will introduce the new CompTIA Practice Advanced Security Practitioner (CASP) certification Nicholas Winski designation for IT professionals in advanced-level Carnegie Mellon University Dr. Davina Pruitt-Mentle security skills and knowledge. The team at CSSIA Educational Technology Policy Research and has develop course materials, student activities Virtualized labs offer a unique opportunity for students Outreach and assessment tools designed to prepare your to gain hands-on experience with cybersecurity tools students for the CompTIA CASP certification exam. and concepts without impacting real-world systems. In response to the need to train high school educators The CASP exam covers the technical knowledge One significant challenge with virtualized lessons is and skills required to design and engineer secure that it can be more difficult to determine if a student to effectively teach cybersecurity content, an educator professional development program supported by a solutions across complex enterprise environments. has satisfied the learning objectives associated with The new certification includes concepts and skills a piece of content. This session covers some of National CyberWatch Center grant funded by the

40 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 41 Pathway Model Competency Area: Information Security class. Presenters will demonstrate a competency- Pathway Model Competency Area: Information Security Pathway Model Competency Area: Information Security Fundamentals based model approach and demonstrate various Fundamentals Fundamentals Instructional Design Elements: Instruction resources that can be utilized in this model. Instructional Design Elements: Instruction Instructional Design Elements: Instruction Presenters will also discuss and demonstrate how Infusing Cybersecurity Content into Introductory Cybersecurity Principles Workshop The C5 Cybersecurity Curricular Materials - they incorporate this model into their security Computer Science Process, Product, and Impact courses. Yesem Peker Dr. Elizabeth Hawthorne Columbus State University Melissa Dark Union County College Purdue University Pathway Model Competency Area: Information Security Fundamentals Participants of this workshop will take away The C5 Project is creating cybersecurity content for Instructional Design Elements: Instruction adaptable instructional resources for teaching The NSF-funded C5 (Catalyzing Computing and infusion into computer science courses taught at Cybersecurity Principles in both introductory Cybersecurity in Community Colleges) has two community colleges. This cyber-infused content is Cyber Security Capstone in Netlab cybersecurity and computer science courses at the primary goals: 1) increase the number of CAE2Y based on careful research into relevant curriculum collegiate level. Participants will receive a certificate schools, and 2) develop content modules and an frameworks, professional society curricular Philip Kazanjian acknowledging participation in this professional integrated course to enhance computer science recommendations (ACM CS2013), as well as Bunker Hill Community College development activity. Furthermore, the instructional and cybersecurity courses. This panel focuses on government standards from the College Board (AP materials carefully align to three prominent the second goal. To date, C5 has produced nine CS Principles) and the current NSA/DHS CAE Illustration/presentation of the capstone course. curricular standards: 1) the NSA CAE Knowledge cybersecurity content modules, which are also Core Knowledge Units for two-year cybersecurity Discussing the benefits and any challenges Units, 2) the ACM Computer Science Curriculum being integrated into a full course. Using student programs. encountered when developing the curriculum and Guidelines, and 3) the College Board AP Computer learning data to inform curriculum development, VMs for the virtual environment. Science Principles Big Ideas. The NSF Catalyzing the materials are carefully aligned to three curricular This 9-hour hands-on workshop trains community Computing and Cybersecurity in Community standards (NSA CAE Knowledge Units, AP CSP Big college faculty to modernize their introductory Colleges (C5) Project has finished developing Ideas, and ACM 2013 Curricular Guidelines). This computer programming courses (CS0 and CS1) Pathway Model Competency Area: Information Security this new modularized content and is now seeking panel will discuss the learning data and the content with contemporary cybersecurity content. The Fundamentals motivated faculty who are interested in being part of development model, the modules, the integrated workshop includes demonstrations of instructional Instructional Design Elements: Instruction an exciting pilot during the Fall 2017 semester. Pilot course, and impact to date. Participants will learn modules from faculty peers as well as practice time testers will provide the C5 Project with valuable how to access and use these curricular materials, so to hone and own the cyber-infused CS materials. Yes, Cryptography Can Be Interesting instructor feedback and student performance data in addition to learning about the project, attendees Faculty take home all instructional materials for free from actual classroom experiences. will walk away with usable resources. dissemination to students and colleagues. David Vargas National CyberWatch Center (NCC) This workshop is limited to 24 community Pathway Model Competency Area: Information Security Pathway Model Competency Area: Information Security college faculty willing to adopt and pilot test the Cryptography is considered a foundation security Fundamentals Fundamentals C5 instructional modules in their courses during technology. As a result, it is covered at some level Instructional Design Elements: Instruction Instructional Design Elements: Instruction the fall 2016 and spring 2017 terms and provide in almost every security course. However, its key feedback for revision and improvement. Workshop concepts can be difficult for students to master. In Learn2LockIt: CyberSecurity Awareness in the Pcaps, or it didn’t happen participants will be selected based upon their ability this presentation, attendees will be introduced to Community and commitment to adopt, test, and disseminate the techniques and applications that can help students Joe Eastman Cassandra Hodges modules. better understand encryption. After a general introduction to cryptography, the presentation will This presentation provides an overview of packet discuss the primary protocols and algorithms used As IT Security Students and Professionals, how analysis, network security monitoring, and network often are we putting out fires because a loved one forensics. It covers many related industry and Pathway Model Competency Area: Information Security by today’s predominant security technologies. There Fundamentals will then be a discussion of encryption-related has unwittingly contracted and maybe even spread academic components and challenges, and how you Instructional Design Elements: Instruction issues including the current Going Dark Debate. a virus? Our organization “Learn2LockIT” has can start developing your program’s capacity. The presentation will end by demonstrating several designed several workshops to educate the general Designing a Cyber Security Competency Based websites and applications that can be integrated public for free on these topics which allows us to Capstone Course into security courses to help students gain a better share our knowledge with others, while working understanding of cryptography. smarter and more efficiently. “Learn2LockIT” Dr. Deanne Wesley provides BYOD workshops that educate each Forsythe Technical Community College attendee on properly securing personal devices, social engineering tactics, social media behaviors, Presenters will discuss the importance of building a and other security topics. competency-based security undergraduate capstone

42 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 43 Pathway Model Competency Area: Information Security this new modularized content and is now seeking Countermeasures in their introductory computing life skill. In this interactive session, participants will Fundamentals motivated faculty who are interested in being part of and cybersecurity courses. All C5 instructional and learn basic cybersecurity concepts, begin to frame Instructional Design Elements: Instruction an exciting pilot during the Fall 2017 semester. Pilot assessment materials are freely available from the those as risks, and develop simple actions anyone testers will provide the C5 Project with valuable project website and carry a Creative License for can take to make themselves more cyber safe. Come Applied Cryptography Workshop instructor feedback and student performance data adoption and adaption to meet course needs. The prepared with your questions, ideas, and stories! from actual classroom experiences. instructional materials align to three prominent Yesem Peker curricular standards: 1) NSA CAE Knowledge Columbus State University Units, 2) ACM Computer Science Curriculum Pathway Model Competency Area: Information Security Pathway Model Competency Area: Information Security Guidelines, and 3) College Board AP Computer Participants of this workshop will walk away with Fundamentals Fundamentals Science Principles Big Ideas. Adopting this already Instructional Design Elements: Instruction adaptable instructional resources for teaching Applied Instructional Design Elements: Instruction vetted content will jumpstart those colleges pursuing Cryptography in both introductory cybersecurity the NSA CAE2Y designation and other colleges Cybersecurity4All - Teaching Cybersecurity and computer science courses at the collegiate level. Cybersecurity and Society Workshop developing cybersecurity certificate and degree Across the Disciplines Participants will receive a certificate acknowledging programs. participation in this professional development Flo Appel Debasis Bhattacharya activity. The NSF Catalyzing Computing and Cybersecurity in Community Colleges (C5) Project Participants of this workshop will take away Pathway Model Competency Area: Information Security Cybersecurity has become a prevalent topic in has developed and pilot tested the instructional adaptable instructional resources for teaching Fundamentals many colleges, but how it should fit into the overall materials at community colleges across the nation. Cybersecurity and Society in both introductory Instructional Design Elements: Instruction educational process is still not fully understood. A Furthermore, the instructional materials carefully cybersecurity and computer science courses at the project at the University of Hawaii Maui College align to three prominent curricular standards: 1) collegiate level. Participants will receive a certificate Strengthen Your Cyber Skills with Breakout! (UHMC), funded by the NSF ATE, spans multiple the NSA CAE Knowledge Units, 2) the ACM acknowledging participation in this professional disciplines and targets women, minorities and Computer Science Curriculum Guidelines, and 3) development activity. Furthermore, the instructional Dr. Deanne Wesley underrepresented groups. The goal of the project the College Board AP Computer Science Principles materials carefully align to three prominent Forsythe Technical Community College at UHMC is to ensure that a broad audience of Big Ideas. Adopting this already vetted content will curricular standards: 1) the NSA CAE Knowledge faculty, students and practitioners get trained in the help colleges strengthen their degree programs and Units, 2) the ACM Computer Science Curriculum This session will demonstrate how teachers can fundamentals of cybersecurity. Participants will certificates, as well as those colleges in pursuit of the Guidelines, and 3) the College Board AP Computer integrate breakout activities into a cyber curriculum obtain case studies, basic lesson plans, essential NSA CAE2Y designation. This workshop is open to Science Principles Big Ideas. The NSF Catalyzing to teach cybersecurity first principles to K-12 guidelines to embed modules within courses and tips all conference attendees, but seats are limited. Computing and Cybersecurity in Community students and teachers. Presenters will discuss their and guidelines for teaching cybersecurity across the Colleges (C5) Project has finished developing experience and demonstrate a breakout activity. disciplines, within their own institution! this new modularized content and is now seeking Participants will learn how to integrate a breakout Pathway Model Competency Area: Information Security motivated faculty who are interested in being part of group activity into a cyber curriculum and strengthen Fundamentals an exciting pilot during the Fall 2017 semester. Pilot current learning objectives. Participants will have an Pathway Model Competency Area: Information Security Instructional Design Elements: Instruction testers will provide the C5 Project with valuable opportunity to participate in a breakout activity. Fundamentals instructor feedback and student performance data Instructional Design Elements: Instruction Cyber Threats and Attacks Workshop from actual classroom experiences. Applied Cryptography Margaret Leary Pathway Model Competency Area: Information Security National CyberWatch Center Fundamentals Pathway Model Competency Area: Information Security Instructional Design Elements: Instruction Cliff Kemp Fundamentals Participants of this workshop will take away Instructional Design Elements: Instruction Unsafe at Any Speed: Seatbelts for the Cyberworld The NSF Catalyzing Computing and Cybersecurity adaptable instructional resources for teaching - An Interactive Introduction to Cybersecurity in Community Colleges (C5) Project has developed Cyber Threats and Attacks in both introductory Threats and Countermeasures C5 Module and tested a variety of cybersecurity materials at cybersecurity and computer science courses at the Anthony Israel-Davis community colleges across the nation. Participants collegiate level. Participants will receive a certificate Margaret Leary of this workshop will take away modularized content acknowledging participation in this professional National CyberWatch Center Look both ways before crossing the street, for teaching and assessing Applied Cryptography development activity. Furthermore, the instructional buckle your seatbelt, and always use dual-factor in their introductory computing and cybersecurity materials carefully align to three prominent The NSF Catalyzing Computing and Cybersecurity authentication; things your parents taught you courses. All C5 instructional and assessment curricular standards: 1) the NSA CAE Knowledge in Community Colleges (C5) Project has developed to keep you safe. If your parents didn’t teach you materials are freely available from the project Units, 2) the ACM Computer Science Curriculum and tested a variety of cybersecurity materials at about cyber security, you’re not alone. When they website and carry a Creative License for adoption Guidelines, and 3) the College Board AP Computer community colleges across the nation. Workshop were growing up, they didn’t have to worry about and adaption to meet course needs. The instructional Science Principles Big Ideas. The NSF Catalyzing participants will take away modularized content hackers, identity thieves, or phishing. Today, these materials align to three prominent curricular Computing and Cybersecurity in Community for teaching and assessing Cyber Threats and are daily concerns and cyber safety is an important standards: 1) NSA CAE Knowledge Units, 2) ACM Colleges (C5) Project has finished developing

44 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 45 Computer Science Curriculum Guidelines, and 3) and adaption to meet course needs. The instructional virtual lab environment pioneered by the CSSSIA part will be a hands-on session where participants College Board AP Computer Science Principles materials align to three prominent curricular center at Moraine Valley Community College. The can work through the scenarios together. The third Big Ideas. Adopting this already vetted content standards: 1) NSA CAE Knowledge Units, 2) ACM knowledge gained from these two projects has led part will be a brief description of how to integrate will jumpstart those colleges pursuing the NSA Computer Science Curriculum Guidelines, and 3) to a third initiative called the VetSuccess Immersion the challenges in the curriculum. CAE2Y designation and other colleges developing College Board AP Computer Science Principles Academy that uses labs and lessons learned from cybersecurity certificate and degree programs. Big Ideas. Adopting this already vetted content will both efforts. jumpstart those colleges pursuing the NSA CAE2Y Pathway Model Competency Area: Information Security designation. Fundamentals Pathway Model Competency Area: Information Security Pathway Model Competency Area: Information Security Instructional Design Elements: Practice Fundamentals Fundamentals Instructional Design Elements: Instruction Pathway Model Competency Area: Information Security Instructional Design Elements: Practice Using the NICE Challenge Project to Support the Fundamentals Cybersecurity Curriculum and/or CAE2Ys Jumpstart Teaching Cybersecurity Principles Instructional Design Elements: Practice Unique uses of NETLABs and Virtualization in the Classroom Dr. Vincent Nestler Yesem Peker Test Drive CSSIA’s New Ethical Hacking Labs CyberWatch West Columbus State University Bill Wolfe Tomas Koslab Center for Systems Security and Information The NICE Challenge Project uses Tasks and KSAs The NSF Catalyzing Computing and Cybersecurity Network Development Group (NDG) Assurance (CSSIA) from the NCWF to develop realistic, competency- in Community Colleges (C5) Project has developed based scenarios (challenges) that can be used in the and tested avariety of cybersecurity materials at NISGTC has developed Ethical Hacking labs This workshop will discuss unique uses of NETLABs classroom. Challenges can be technically based, community colleges across the nation. Participants that can be used to introduce learners to hacking and Virtualization in the Classroom to deliver policy based, or a combination. This workshop starts of this workshop will take away modularized content concepts and techniques. This lab library was enhanced LAB activities for Computer Technology with a presentation on what the NICE Challenge for teaching and assessing Cybersecurity Principles developed to introduce learners to a wide variety of and Computer Science Programs. Case Studies Project is and how it can be used in the classroom. in their introductory computing and cybersecurity vulnerabilities, techniques and methodologies used discussed will be related to Security, Voice, Wireless, It will then provide access to challenges, and courses. All C5 instructional and assessment by hackers. Governments, industries and educators Ethical Hacking, Digital Forensics, Storage, Big participants will have an opportunity to work with materials are freely available from the project value security experts with knowledge in this sector. Data and Cloud Technologies. Attendees will be able the interface. The session will conclude with an website and carry a Creative License for adoption This lab library was developed 18 months ago and to experience these Virtual LABs up-close, personal exploration of how the challenges can best be used and adaption to meet course needs. The instructional already requires updating. During this session we and first hand during the workshop. in various, specific settings. The NICE Challenge materials align to three prominent curricular will review the lab library, complete a lab exercise, Project has no cost, and participants will have standards: 1) NSA CAE Knowledge Units, 2) ACM and discuss how we as an academic community can accounts that can be used for deployments for their Computer Science Curriculum Guidelines, and 3) stay current, produce labs to help our learners, and Pathway Model Competency Area: Information Security students in their upcoming classes. College Board AP Computer Science Principles Big create a community of educators contributing to lab Fundamentals Ideas. libraries that are current and relevant. Instructional Design Elements: Practice Pathway Model Competency Area: Information Security Using the NICE-Challenge Project to Develop Fundamentals Pathway Model Competency Area: Information Security Pathway Model Competency Area: Information Security Real World Skills in Cybersecurity Instructional Design Elements: Practice Fundamentals Fundamentals Instructional Design Elements: Instruction Instructional Design Elements: Practice Dr. Vincent Nestler We Don’t Just Run You Through the Motions. CyberWatch West Our Labs Teach You How to Think! C5 Cyber Ethics and Society Creating Cybersecurity Professionals with Hands-On Activities The NICE-Challenge project (nice-challenge.com) Sean Hulbert Florence Appel is a federally funded project that creates real world Mike Qaissaunee scenarios based on the tasks listed in the NICE Cybersecurity in an immersive hands-on experiential The NSF Catalyzing Computing and Cybersecurity Brookdale Community College Framework. These scenarios or challenges are secure cloud environment for online training: This in Community Colleges (C5) Project has developed available for instructors to use for their students. The session will contain the benefits of distance learning and tested avariety of cybersecurity materials at Brookdale Community College and Moraine Valley challenges can be used within a period of instruction using Security Centric’s secure cloud environment community colleges across the nation. Participants Community College have established the country’s or as projects at the completion of appropriate with the implementation of cybersecurity best of this workshop will take away modularized content first Cyber Aces Academies to develop skilled preparation. The challenges are available to practices and what is used in the work-force today. for teaching and assessing Cyber Ethics and Society cybersecurity workers with significant hands-on schools free of charge. This session will be both Security Centric has worked with and designed in their introductory computing and cybersecurity skills. Critical to the success of these projects are informational and hands-on driven. The session many cyber security lab environments for Jones courses. All C5 instructional and assessment the hands-on activities implemented at the two will be broken down in to three parts. The first part and Bartlett, ISSA, Capella, Excelsior, and many materials are freely available from the project sites. In this workshop, we will share a variety will be informational giving a brief description and other entities. Our designs have won In-foSec, NSA, website and carry a Creative License for adoption of hands-on labs with participants, including a demonstration of the NICE Challenges. The second and DHS awards. Capella University has won the

46 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 47 Cyberwarrior’s competition 4 years running against Pathway Model Competency Area: Information Security Pathway Model Competency Area: Networking Pathway Model Competency Area: Networking US Army and NSA, with labs Security Centric Fundamentals Fundamentals Fundamentals Instructional Design Elements: Practice Instructional Design Elements: Instruction Instructional Design Elements: Instruction designed. EDURange: Hands-on Cybersecurity Exercises Introduction to Palo Alto Advanced Firewall Visualizations in Networking and Cybersecurity That Are Easy to Access to Teach Abstract, Complex and/or Dynamic Pathway Model Competency Area: Information Security Lou Balek Concepts Fundamentals Richard Weiss Center for Systems Security and Information Instructional Design Elements: Practice Evergreen State College Assurance (CSSIA) Mike Qaissaunee How to Get Students Work Experience Before Brookdale Community College Entering the Workforce for Free! Incorporating cybersecurity into the curriculum Over the last two years the Palo Alto academic team is a topic of continuing interest. The goal of this has worked with community colleges in integrating Cybersecurity and foundational networking concepts Dr. Vincent Nestler workshop is to provide participants who may or may their products into cybersecurity competitions are difficult to convey with traditional teaching tools CyberWatch West not have previous experience in cybersecurity with a including CCDC. Participants will gain knowledge and techniques. Students often struggle with early framework and some of our scenarios that facilitate of how the Palo Alto firewall and the Palo Alto concepts such as IP addressing and the OSI model, This session will start with a short introduction to incorporating this topic into the curriculum. Building academic partnership program work. The session will as well as more advanced topics such as Distributed the NICE Challenge project (nice-challenge.com) on previous workshops, this tutorial focuses on the include an overview of the Palo Alto architecture, Denial of Service (DDoS) and SQL injections. a federally funded project that is free for academic design of hands-on exercises that are easy to access, configuration, and management of a Palo Alto This session will demonstrate and share interactive institutions to use. The project focuses on creating running in the cloud. Taking on the role of player, firewall. The session will include remote access to content built to convey these abstract, complex and/ real world hands-on scenarios, based on the tasks participants will learn about security. Then, taking the Palo Alto equipment in a virtual environment. or dynamic and difficult to teach concepts. During for Job Roles of the NICE framework. It will then on the role of instructor, they will learn how to use This hands-on workshop will include sample lab and subsequent to the session, participants will introduce various ways the project can be used in these security exercises in the classroom, and how assignments that any college/university faculty can be able to interact with these learning modules on current and future classes. This will be a hands-on to create scenarios that they can use for their classes. use once they arrive back on their campuses. Labs virtually any device with a modern web browser. workshop in which participants will get accounts, will start from the bottom and reach to the advanced Additionally, participants will have the opportunity connect to the platform and work through one or level of forensics. There is no cost associated with to provide feedback on existing modules and make more challenges. At the conclusion there will be Pathway Model Competency Area: Information Security using the software. suggestions for ongoing and future development. a discussion of how to use in your own classroom Fundamentals what you experienced here. Instructional Design Elements: Practice Pathway Model Competency Area: Networking Pathway Model Competency Area: Networking How to Structure an Easy to Maintain 24/7 Fundamentals Fundamentals Online Virtual Lab Instructional Design Elements: Instruction Instructional Design Elements: Practice Pathway Model Competency Area: Information Security Fundamentals Glenn S. Dardick Overview of NETLAB+ Enhancements Cisco’s VIRL, A New Powerful Network Instructional Design Elements: Practice Simulation Tool The Virginia Cyber Range: Providing Cloud- The Embry-Riddle Aeronautical Cybersecurity Rich Weeks Bill Wolfe based Resources for Cybersecurity Education Lab used for its Daytona Beach and World- Network Development Group (NDG) Wide Campuses has built upon a tried-and-true Center for Systems Security and Information Assurance (CSSIA) Sandra Schiavo Virtualization Infrastructure. The infrastructure This session will introduce new NETLAB+ Virginia Tech provides Cybersecurity and Cyber Forensics cybersecurity courses. A NETLAB+ product exercises for its students on a 24/7 online engineer will review the NETLAB+ product This session will provide a hands-on experience using a new powerful network simulation tool released by The Virginia Cyber Range is a Commonwealth environment accessible in the classroom, online components, operations and best use practices. Cisco Systems. The session will include a hands- of Virginia initiative with a mission to enhance from anywhere from within the campus and online Multiple presenters will present several new on demonstration of how to install, configure and cybersecurity education in our high schools, from anywhere in the world. The system has had a courses with updated lab exercises. By the end of use this tool in your classroom to teach advanced community colleges and universities. The range major impact on student engagement - and can be this presentation you will understand a NETLAB+ network security concepts and skills. provides free educational resources to Virginia done at a fraction of the cost of existing solutions. topology (pod of virtual machines), complete educators including an extensive online courseware Classes can be provisioned in batches or by students several lab exercises for various courses and become repository for educators and a cloud-hosted virtual utilizing various instructor configured environments familiar with using NETLAB+ as a student and environment for students. The Virginia Cyber Range consisting of one or more subnets each containing instructor. can also host a competition environment to support one or more operating environments each containing capture-the-flag and other types of exercises. Hear one or more Virtual Machines. our vision andhow it supports educational initiatives such as earning CAE2Y designation and the NCWF.

48 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 49 Pathway Model Competency Area: Networking Pathway Model Competency Area: Scripting Fundamentals Pathway Model Competency Area: Scripting Fundamentals Pathway Model Competency Area: Scripting Fundamentals Fundamentals Instructional Design Elements: Instruction Instructional Design Elements: Instruction Instructional Design Elements: Instruction Instructional Design Elements: Practice Network Security Scripting for Cybersecurity PowerShell Scripting for Cybersecurity Scripting for Cybersecurity Specialists Developing Rigorous and Enhanced Academic Programs Professionals Modules (DREAMs) for High School Students Mike Masino Kevin Vaccaro Mike Masino Madison Area Technical College Gregory Teets Moraine Valley Community College Madison Area Technical College Clark State Community College Thisworkshopisdesignedtoprovideanoverviewof- This workshop provides a model course that This session will introduce a series of new labs modernscriptinglanguages commonly used to build This presentation will provide insight into the hands- meets the new NSA KU requirements to include developed by CSSIA for Cybersecurity professionals. and extend security tools. The course will introduce on lab modules being developed by Clark State programming and scripting in our curriculum. Learn how to use PowerShell to execute commands, scripting on both the Microsoft and Linux platforms Community College. This development is supported The workshop introduces scripting languages and analyze logs and interface with Metasploit. and will include an overview of Powershell and Py- by NSF Grant #1700566 - Developing Rigorous examples of PERL, PYTHON and Ruby; how to PowerShell enables a programmer to automate, thon. There will be a series of labs, each one explor- and Enhanced Academic Modules (DREAMs). The create scripts that automate processes, perform manage and analyze data in operations in a windows ing the uses of the language and 3rd party modules modules are designed for implementation in high- batch operations and extract information; and how to exchange VMware, and even Cisco environments. for accomplishing tasks including scanning, enu- school level courses and can be used in college identify script vulnerabilities. Topics include NASL All participants will be provided access to the new meration and basic exploitation. Note: You will be courses as well. These modules include ancillary Scripting, Nessus Scipting, writing SNORT alerts, set of labs distributed by CSSIA. provided with Python and Powershell labs, but we teaching materials to assist teachers in any subject building SQL injections and development of PERL will only be doing an overview of basics and how to matter area, and any level of technical expertise, with scripting using WireShark to monitor script actions. use the labs in class. ease of implementation. Attendees will be provided Pathway Model Competency Area: Scripting Fundamentals with an overview of the modules content, scope, and Instructional Design Elements: Instruction design. Attendees will be provided free access to the Pathway Model Competency Area: Scripting Fundamentals Pathway Model Competency Area: Scripting Fundamentals lab modules/ancillary teaching materials. Instructional Design Elements: Instruction Secure Scripting Workshop Instructional Design Elements: Instruction

Scripting for Cybersecurity Professionals: Matt Bishop Secure Scripting with Linux Primer Pathway Model Competency Area: Scripting Fundamentals Demonstrating New CSSIA Labs (PowerShell) UC-Davis Instructional Design Elements: Instruction Christan Servin Mike Masino Participants of this workshop will walk away with El Paso Community College Violent Python Madison Area Technical College adaptable instructional resources for teaching Secure Scripting in both introductory cybersecurity The NSF Catalyzing Computing and Cybersecurity Dr. Sam Bowne With the introduction of PowerShell Microsoft and computer science courses at the collegiate level. in Community Colleges (C5) Project has developed City College of San Francisco opened up a whole new world of administrative Participants will receive a certificate acknowledging and tested a variety of cybersecurity materials at automation. Along with giving systems participation in this professional development community colleges across the nation. Participants We use very simple scripting methods to make administrators a powerful new tool, they also activity. The NSF Catalyzing Computing and of this workshop will take away modularized content hacking tools, including: port scanning, login brute- enabled attackers to develop a new vector for system Cybersecurity in Community Colleges (C5) Project for teaching and assessing Secure Scripting in Py- forcing, port knocking, cracking password hashes, exploitation. A basic understanding of PowerShell has developed and pilot tested the instructional thon in their introductory computing and cyberse- and sneaking malware past antivirus engines. This is quickly becoming a necessity in the information materials at community colleges across the nation. curity courses. All C5 instructional and assessment is a hands-on workshop, so participants should bring technology arena. This hands-on workshop will Furthermore, the instructional materials carefully materials are freely available from the project website laptop computers with VMware Player or VMware walk the participant through some of the basics of align to three prominent curricular standards: and carry a Creative License for adoption and adap- Fusion on them. USB sticks will be provided with PowerShell scripting. The PowerShell labs used in 1) the NSA CAE Knowledge Units, 2) the ACM tion to meet course needs. The instructional materi- Kali Linux and Windows Server 2008 virtual the class are part of the new CSSIA/NDG Scripting Computer Science Curriculum Guidelines, and 3) als align to three prominent curricular standards: 1) machines to use. All the projects are freely available for Cyber Security lab series. Tasks will include the College Board AP Computer Science Principles NSA CAE Knowledge Units, 2) ACM Computer Sci- on my Web page (samsclass.info) for anyone to use. user and group enumeration and modification, Big Ideas. Adopting this already vetted content will ence Curriculum Guidelines, and 3) College Board Windows firewall manipulation and registry tweaks. help colleges strengthen their degree programs and AP Computer Science Principles Big Ideas. Adopt- Additionally, network authentication and PS- certificates, as well as those colleges in pursuit of the ing this already vetted content will jumpstart those Remoting will be touched on. NSA CAE2Y designation. This workshop is open to colleges pursuing the NSA CAE2Y designation and all conference attendees, but seats are limited. other colleges developing cybersecurity certificate and degree programs.

50 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 51 Pathway Model Competency Area: Scripting Fundamentals Pathway Model Competency Area: Analyze Instructional Design Elements: Practice PATHWAY SECTION: Instructional Design Elements: Instruction SPECIALTY AREAS Powershell Programming for Cybersecurity Pro- The Art of Penetration Testing: Teaching Ethical fessionals Hacking

Michael Masino Kevin Vaccaro Madison Area Technical College Center for Systems Security and Information Pathway Model Competency Area: Analyze Assurance (CSSIA) Instructional Design Elements: Instruction This session will provide a hand-on experience of the new CSSIA freely distributed “PowerShell Scripting The art of pen-testing is getting more sophisticated Android App Security Auditing: Identifying and for Cyber Security Professionals” activity library. The as operating systems and network resources become Exploiting Vulnerabilities in Android Apps session will walk you through several of the activ- more secure. This session will introduce some of ities that are now available through the Center for the latest tools and techniques in performing pen- Dr. Sam Bowne Systems Security and Information Assurance virtual testing. Modern cyber defense requires a realistic and City College of San Francisco lab library. The session will also present a new Cap- thorough understanding of Web application, network ture the Flag (CTF) virtual environment developed services test, remote access tools and hacking mobile Android apps are very insecure. Participants will around this activity library. The CTF environment device. The session will review the top 10 pen-testing learn to test for common vulnerabilities with a few is design to be used by faculty in local cybersecu- tools. The session will also introduce an overview of free tools: Android Studio, Genymotion, Burp, and rity competitions events, as advanced assessments undetectable backdoor tools. apktool. Participants will find vulnerabilities in real instruments or as high-level capstone exercises. All apps and exploit them. We will test for insecure participants will have the ability to download the ac- network transmission, insecure local storage, and tivity library. Pathway Model Competency Area: Analyze insecure logging. But the most common problem is Instructional Design Elements: Instruction failure to verify app signatures, so that apps can be modified, and Trojan code can be added. Participants Common Attack Methods and Security Analyst will do that to a real financial app, creating a proof-of- Challenges concept that leaks out private data such as username and password. Hamid Abdollahian Cuyahoga Community College, Ohio

Pathway Model Competency Area: Analyze This presentation covers the new Cisco Cyber Instructional Design Elements: Instruction Security specialist certification exam (SCyber 600- 199) and specifically, how security analysts develop BHCC’s Ethical Hacking Course: A Unique their skills and what topics are discussed in the Cisco Approach to Ethics and Social Engineering training course. This session discusses the job role of a security analyst and the complex nature of learning Jamie Mahoney how to identify threats and intrusions on the network Broadening Advanced Technological Education with the variety of technology products and SIEM Connections (BATEC) (Security Information and Event Management) tools available. The responsibilities often include the The session will offer a hands-on look inside BHCC’s following areas: monitoring, traffic analysis, event new Ethical Hacking course and an analytical and alarm handling, and incident response. This conversation about its unique approach to ethics and presentation will outline how Cisco has identified social engineering, led by the professors who created and worked with subject matter experts in intrusion and teach the course. The assignments in the course analysis and operations; then incorporated their are designed to specifically blend current technology knowledge and expertise into a course which seeks topics and methods in moral philosophy, thus pushing to develop the skills of an entry-level security analyst. students to explore their own ethics and moral values and cultivate their own ethos rather than relying on the opinions of others. Participants will play a bit of the social engineering game created for the course and engage in social engineering exercises and ethics discussions as if they were students in the course.

52 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 53 Pathway Model Competency Area: Analyze Pathway Model Competency Area: Analyze Pathway Model Competency Area: Analyze a necessary step in any complete Windows forensic Instructional Design Elements: Instruction Instructional Design Elements: Practice Instructional Design Elements: Practice examination. The transformation of documents from static binary files with little potential for harm Performing a Network Security Analysis: Transform Your Classes with the EC-Council National Cyber League (NCL) and Capture the to macro and scripting enabled documents makes it Students Applying Skills in the Real World STORM Mobile Hacking Kit & Gale Force 10 Flag (CTF) easy for attackers to evade detection with little effort. Expansion Pack! Keith Nabozny Dan Manson Macomb Community College National Cyber League Wesley Alvarez Pathway Model Competency Area: Collect and Operate Instructional Design Elements: Instruction Looking for a way for students to apply skills learned This session will provide participants with hands- In this session you will learn how to incorporate in their security classes to the real world? Have you on practice and resources needed to play in the NEW technology within your cybersecurity classes Demonstration of an Automated Mobile Digital considered a network security analysis? This session National Cyber League and related Capture the Flag with EC-Council STORM and the Gale Force Forensics System Using Python and Raspberry will share an assignment designed and perfected competitions. It will allow attendees to gain hands- 10 expansion pack! Learn how to challenge your Pi since 2013 to engage students by applying their on experience with Capture the Flag exercises. students with new hardware and software designed network security skills to a real-world assignment. Attendees should bring their own laptops with to break boundaries and encourage creativity. Use Dr. Myungiae Kwak The network security analysis asks students to wireless capability. You will learn what National these devices to setup your own learning solutions Middle Georgia State College review multiple facets of security for an actual Cyber League and Capture the Flag competitions or create Capture the Flag games on multiple devices client, including network and wireless security, are about, why they can be as valuable as classroom to run your own competitions and more! In this session, the presenters will provide a brief PC/device security, authorization/ authentication/ experience, what employers look for from students overview of mobile forensics trends and software accounting, backups/disaster recovery, physical who participate in cybersecurity competitions, and STORM Kit Overview: tools, followed by a detailed demonstration of security, and user education. Professor Nabozny how to use NCL Scouting Reports on your resume https://www.youtube.com/watch?v=6ikIAce7zrg&t=1s an Automated Mobile Digital Forensics System will share the network security analysis template and during the interview process. (AMDFS) that was developed using Python and document provided to students, the scaffolding used Raspberry Pi at Middle Georgia State College. The to guide students through the process of completing Pathway Model Competency Area: Analyze presenters will also discuss how the tool can be used Instructional Design Elements: Practice the assignment, the grading rubric used to assess Pathway Model Competency Area: Analyze in digital forensics courses. the completed assignments, examples of analyses Instructional Design Elements: Practice completed by students, and discussion of potential CompTIA CySA Materials and Labs pitfalls and how to avoid them. You will walk away Building Local Virtual Environments for Ethical John Sands Pathway Model Competency Area: Collect and Operate with the foundation for an engaging and instructive Hacking Instructional Design Elements: Instruction assignment! Center for Systems Security and Information Assurance (CSSIA) Tobin Shields Smartphone Forensics The session will include review of CompTIA’s Pathway Model Competency Area: Analyze While ethical hacking and penetration testing Charline Nixon Cybersecurity Security Analyst (CySA) Materials Instructional Design Elements: Practice is often one of the most requested and exciting Calhoun Community College domains of cybersecurity education, teaching it can and Labs content, instructional materials, assessment Test Drive CSSIA’s New Ethical Hacking Labs instruments, and labs. The presenter will provide be difficult. While many of the individual tools come Mobile devices are now used for risky activities access to CompTIA’s new labs and assessment with well-written documentation, and established such as purchases, social media, and emails. Tomas Koslab instruments concerning Security Analysis. methodology and textbooks help facilitate developing This course provides practical instructions and Network Development Group (NDG) full courses, simply creating and managing a hands-on exercises on the unique sets of evidence working lab environment for students to engage available on Smartphones, cellphone SMS exploits, Pathway Model Competency Area: Collect and Operate NISGTC has developed Ethical Hacking labs that can with can be cumbersome, expensive, and frustrating intrusion, rooting, malware, and other application Instructional Design Elements: Instruction be used to introduce learners to hacking concepts and to manage. This workshop covers how students can vulnerabilities. This course will also cover the aspects techniques. This lab library was developed to introduce build their own free local lab environment using Analyzing Malicious Documents and Memory of extracting and evaluating data from all type and learners to a wide variety of vulnerabilities, techniques Virtual Machine. This workshop also shares lessons, Forensics technology of Smartphones. and methodologies used by hackers. Governments, labs, instructional methodologies for building a industries and educators value security experts with course around this model. It is well suited for both Israel Aladejebi knowledge in this sector. This lab library was developed instructors looking to develop an ethical hacking Virtualization and Forensics Century College, 18 months ago and already requires updating. During course or instructors who are looking for solutions this session we will review the lab library, complete a lab and additional resources to expand a course that The rise of malicious documents (pdf, MS word) exercise, and discuss how we as an academic community already exists. can stay current, produce labs to help our learners, and threaten computers and network users. Many create a community of educators contributing to lab enterprise security analysts struggle to fix or respond to this type of attack. Likewise, Memory forensics and libraries that are current and relevant. the examination of volatile digital data has become

54 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 55 Pathway Model Competency Area: Collect and Operate Pathway Model Competency Area: Investigate performing a forensic examination, and report Pathway Model Competency Area: Investigate Instructional Design Elements: Practice Instructional Design Elements: Instruction writing. We also discuss training, education, job Instructional Design Elements: Practice opportunities, and certifications. Participants will Blended Learning: A Learner-centered Model The Digital Forensic Crime Scene Investigator – Using “Windows To Go” to Teach Hands-on be provided materials and tools that will allow them for Cybersecurity and Forensic Courses Manage & Solve an Abduction Case Windows-based Forensics at a Community to develop a fundamental understanding of sound College cyberforensics procedures through the application Dr. Philip Craiger of the learned procedures in hands-on exercises. Patricia Tamburelli Penn Wu Advanced Cyberforensics Education Consortium County College of Morris (ACE) “Windows To Go” is a feature of the Windows 10/8.1 Pathway Model Competency Area: Investigate A course in digital forensics can attract students operating system that enables the Windows OS to run Blended learning combines face-to-face instruction Instructional Design Elements: Instruction from different disciplines, with varying backgrounds from a USB drive, without interfering with the host with online activities, assignments, and projects. and different experience and skills. In this hands-on computer. This feature allows students to manage Advantages include convenience, flexibility, Open Source Digital Forensics in the Classroom workshop you will participate in a comprehensive a portable Windows-based USB drive to conduct improved learning, improved student interaction, exercise designed to appeal to the criminal justice, digital forensics and perform research-related tasks increased retention, reduced costs, and reduced seat Kevin Vaccaro business, information technology, or computer virtually anywhere. This presentation is an overview time. This panel presentation introduces a learner- Center for Systems Security and Information science student. Attendees will manage and solve an of “Windows To Go” deployment on USB drives that centered model for blended learning in cybersecurity Assurance (CSSIA) abduction case - from when the call first comes into enable faculty and students to boot Windows OS and forensics courses, emphasizing the importance central dispatch, to the victim being rescued, and from a USB drive on virtually any PC to perform of the design that focuses on student learning. Digital forensics is an ever-advancing field and the the perpetrators brought to justice. Attendees will hands-on learning activities. Attendees will learn costs associated with using commercial tools and complete affidavits for search warrants, process the how to prepare, create, and manage a “Windows To equipment in the classroom are an ever-increasing crime scene, collect and analyze evidence, prepare Go” drive with a guideline to teach Windows-based Pathway Model Competency Area: Investigate budget concern. Using open source and free tools, testimony and testify in court. Attendees will also Instructional Design Elements: Instruction forensics topics. an instructor can better demonstrate to the student use tools and technology that will aid in a successful how commercial tools analyze evidence and why resolution of the case. Gamification for Digital Forensics: Serious the tool creates a given output. This workshop will Games for Teaching Forensics Processes and Pathway Model Competency Area: Investigate demonstrate various open source and free tools Procedures Instructional Design Elements: Instruction that can be used to teach digital forensics in the Pathway Model Competency Area: Operate and Maintain Instructional Design Elements: Instruction The Art and Science of Cyberforensics Dr. Myungjae Kwak classroom. Middle Georgia State College Security of Smart Grid Technology Dr. Philip Craiger Pathway Model Competency Area: Investigate Advanced Cyberforensics Education Consortium This panel session shows how to use related software Instructional Design Elements: Practice Tim Yardley (ACE) tools to create serious games to teach digital forensics University of Illinois processes and procedures. Presenters discuss game Mobile Forensics Tools for Free This is a hands-on workshop covering: evidence design and development, gamification of learning, This day-and-a-half workshop provides an identification and handling, creating anddigital forensics processes and procedures, and Dr. Charline Nixon orientation to the resiliency of power grid systems verifying a forensic image, performing a forensic demonstration of the game development and Calhoun Community College, Alabama as Smart Grid technologies are adopted. Smart examination, report writing, training and education prototyping process. Grid introduces extensive communications, opportunities, certifications, and legal issues. We This session demonstrates open source mobile networking, and control components at all levels provide participants with materials, tools, and forensics tools for educators. These tools are readily of grid operation, from generation to consumer, links to our free online self-paced train-the-trainer Pathway Model Competency Area: Investigate available, some are free, and some might require intended to enable more efficient and reliable grid program that provides participants with faculty Instructional Design Elements: Instruction minimal cost to use the tools. operation, integration of renewables, new markets, training and classroom materials for use in their own and customer choice. This technological revolution cyberforensics courses. Hands-On Introduction to Cyberforensics introduces complexities and challenges that must be understood to craft an effective national strategy Patrick Vilkinofsky to achieve the intended benefits of Smart Grid. The Advanced Cyberforensics Education Consortium short course is suitable for participants with or (ACE) without an engineering background. In this hands-on workshop we introduce participants to cyberforensics. Topics covered include demonstrations of evidence identification and handling, creating and verifying a forensic image,

56 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 57 Pathway Model Competency Area: Operate and Maintain Pathway Model Competency Area: Operate and Maintain Pathway Model Competency Area: Operate and Maintain Pathway Model Competency Area: Oversight and Instructional Design Elements: Instruction Instructional Design Elements: Instruction Instructional Design Elements: Instruction Development Instructional Design Elements: Instruction Advanced Wireless Security: Review of Emerging SCADA “Critical Infrastructure Cybersecurity” Industrial Control Systems: A Curriculum for Technologies course from CyberWatch West Cyber Security Training Teaching Cybersecurity in Critical Infrastructure Systems at Community Colleges Bill Wolfe Stephen Miller Greg Randall Center for Systems Security and Information Eastern New Mexico University-Ruidoso Christie Jones Assurance (CSSIA) This presentation is intended for Industrial National CyberWatch Center (NCC) The session will provide participants an overview Technology instructors, Computer Science A major challenge for cybersecurity managers of the “Critical Infrastructure Cybersecurity” and instructors, Division Directors, and Deans who are The Critical Infrastructure Higher Education concerns mobile devices on the organization’s demonstrate the hands-on and team activities interested in implementing cyber defense curriculum Initiative (CI HEI), in partnership with CyberWatch, wireless network. This session will examine new including a walk-through risk assessment case study in existing or future industrial maintenance training is building a course designed to address the technical, technologies to manage, monitor and control mobile using the DHS CSET tool. This session will show programs. The developed course material also industry and policy aspects of cyber security issues devices. New standards like 802.11ax, 802.11ad, how to access and download the CSET tool and introduces computer science students to the field of involved in SCADA and industrial control systems 802.11ah and multi-user MIMO will be introduced. how to use the Cybersecurity Critical Infrastructure automation and industrial control. The curriculum of critical infrastructure systems. The course will Topics include emerging technologies, standards and Framework standard within the CSET tool. A provided can be included in current courses as be complete in March 2016, and this presentation products; cloud-based management; authentication SCADA and corporate enterprise network will modules or as a standalone course. Outcomes for this will introduce the finalized curriculum and related systems; secure communications; Highly Available be used in the assessment demonstration with presentation aim to prepare students to recognize course materials to the 3CS community. Speakers Redundant Architecture; and guarding the interaction with the session participants to assess threats and implement countermeasures to protect will also answer any questions faculty and educators organization’s air space. the possible risks in the network. Participants will critical control system infrastructure from cyber- may have about implementing the course into their be provided download links to the CyberWatch attacks. programs. West “Critical Infrastructure Cybersecurity” course, Pathway Model Competency Area: Operate and Maintain e-book, and CSET tool download procedures. Instructional Design Elements: Instruction Pathway Model Competency Area: Operate and Maintain Pathway Model Competency Area: Oversight and Development Instructional Design Elements: Practice Technical Customer Service - Soft Skills Pathway Model Competency Area: Operate and Maintain Instructional Design Elements: Instruction Essentials for Success Instructional Design Elements: Instruction Teach Industrial Control Systems (ICS) in Your Responsible Software Development Workshop Existing Labs! Judy Archer Industrial Control Systems/SCADA Security Debbie Wolf North Central Texas College Mike Masino Shalon Simmons Madison Area Technical College Participants of this workshop will walk away with Ask any employer about the pool of potential adaptable instructional resources for teaching employees and the lack of soft skills ALWAYS come Industrial Control Systems/SCADA (Supervisory This session will include hands-on exercises using Responsible Software Development in both up! Of course, our graduates are being trained with Control and Data Acquisition) play an essential role the Cybati lab manual and mock ICS environment. introductory cybersecurity and computer science technical expertise but often it’s the lack of soft in our nation’s Critical Infrastructure. However, the We will review labs developed by Cybati to teach the courses at the collegiate level. Participants will skills that cost them the job interview or long-term security of Industrial Control Systems/SCADA has basics of security for industrial ICS/ IOT applications. receive a certificate acknowledging participation employment. See how North Central Texas College been largely ignored because the networks have been We will use Kali Linux and custom Cybati Linux in this professional development activity. The is bridging the gap in preparing the workforce of the traditionally separate from the rest of the corporate Virtual Machines/Raspberry Pi hardware to learn NSF Catalyzing Computing and Cybersecurity future with essential to long term success in their infrastructure. With advancements in the Internet of about surveying your attack surface physical-cyber- in Community Colleges Project has developed, Things, many Critical Infrastructure systems can be operational assessments, and penetration tests. Note: careers and their lives. and pilot tested the instructional materials at controlled by mobile devices such as smart phones The goal of this workshop is to present a cost-effective community colleges across the nation. Furthermore, and corporate network computers. In addition, a strategy for teaching ICS/IOT security in our current the instructional materials carefully align to three great deal of information is readily available on the IT labs at the technical college level with a minimal Internet such as equipment IP Addresses, passwords prominent curricular standards: 1) NSA CAE investment in expensive hardware/software. as well as the code for STUXNET which was used to Knowledge Units, 2) ACM Computer Science attack an Iranian nuclear facility. This presentation Curriculum Guidelines, and 3) College Board AP will provide information on how to build an Computer Science Principles Big Ideas. Adopting Industrial Control Systems/SCADA Security this already vetted content will help colleges class and/or program based on the Department strengthen their degree programs and certificates, as of Homeland Security Industrial Controls System well as those colleges in pursuit of the NSA CAE2Y Computer Emergency Response Team curriculum. designation. This workshop is open to all conference attendees, but seats are limited.

58 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 59 Pathway Model Competency Area: Oversight and Pathway Model Competency Area: Oversight and recently aligned to the ACM/IEEE cs2013 curricula; Pathway Model Competency Area: Protect and Defend Development Development a document that compiles 12 knowledge areas (KA) Instructional Design Elements: Instruction Instructional Design Elements: Instruction Instructional Design Elements: Practice in computer science, and plenty of knowledge units Teaching Network Forensics and Incident (KU). Embedding Security into an iCREAT Robotics Micro Labs: A Low-Cost Raspberry Pi Response Course Networking & Security Environment The cs2013 curricula also helps to separate the Dr. Philip Craiger notion of a specialized course and the learning Shamsi Moussavi Shamsi Moussavi Advanced Cyberforensics Education Consortium outcomes that a knowledge unit should address. MassBay Community College Broadening, Advanced Technological Education (ACE) Therefore, we design these programming labs based Connections (BATEC) on learning outcomes from cs2013 with the emphasis This session demonstrates embedding security into This workshop introduces a course in network in cybersecurity to teach secure code in CS II. a multidisciplinary course. Two 3-credit college Raspberry Pis (RPi) are great versatile tools to forensics and incident response taught at Daytona courses were developed to teach high school students’ experiment with many computing concepts. An State College. In addition to a discussion and programming, technology, and engineering using RPi is a very inexpensive credit card-sized single- description of topics covered, participants will get active learning methodology and robotics projects. board computer developed in the United Kingdom Pathway Model Competency Area: Protect and Defend Instructional Design Elements: Instruction hands-on experience using several of the assignments While students learn to make an autonomous robot in order to teach basic computer science in schools. from the course. Topics include identifying in the first course; they create, code, configure the We use RPis to teach programming, networking, Configuring an Intrusion Detection System for anomalous network packets; malware analysis; network, and setup security of a Telepresence robot robotics, and computational thinking to high an Industrial Control System honeypots and host-based intrusion detection in the second course. Details of the networking and school students and college freshmen, and we are systems; recovering and analyzing volatile evidence; security labs/assignments will be shared along with developing curriculum for interdisciplinary courses. Robert Hamilton forensic imaging over a network; and identifying and our methods for embedding security into a multi- We use a very inexpensive ($300-$400) network Cyber Security Education Consortium (CSEC) analyzing evidence of a server intrusion. disciplinary robotics course. of RPis, switches, and routers that mimics a real network environment, and the whole network fits Learn how to configure a Security Onion Intrusion in a standard suitcase, making it an ideal mobile Detection System (IDS) to monitor an Industrial Pathway Model Competency Area: Protect and Defend networking lab for classrooms, presentations, and Instructional Design Elements: Instruction Pathway Model Competency Area: Oversight and Control System (ICS) using common ICS protocols. Development community events. The micro labs presented at the Instructional Design Elements: Instruction workshop use common tools such as Cisco Packet Cybercrime 101 Tracer, WireShark, EtherApe, and others. You will C5 Responsible Software Development leave this workshop with a set of instructions for Pathway Model Competency Area: Protect and Defend David Vargas Instructional Design Elements: Instruction creating the networks as well as the lab exercises. National CyberWatch Center (NCC) Debbie Wolf ICS/SCADA Cyber Security: Protecting the Critical Infrastructure Where do hackers go to store the data they have The NSF Catalyzing Computing and Cybersecurity Pathway Model Competency Area: Oversight and stolen? Where can they communicate with the in Community Colleges (C5) Project has developed Development Clinton Webb utmost secrecy? And where can they quickly (and and tested a variety of cybersecurity materials at Instructional Design Elements: Practice Cyber Security Education Consortium (CSEC) safely) monetize the results of their work? Known community colleges across the nation. Participants by many names, the Darknet is a hidden area of the of this workshop will take away modularized content Computer Security Labs in CS II: An Applied The ICS/SCADA cyber security presentation is Internet that is commonly used for illegal activities. for teaching and assessing Responsible Software Secure-Programming Approach to Fundamentals designed to give an overall look at the historical and Because of the anonymity it provides, the Darknet Development in their introductory computing and in Programming current implementations of ICS/SCADA systems has become the natural home to those who exploit cybersecurity courses. All C5 instructional and in critical infrastructure, and how cyber security personal computers and corporate networks. This assessment materials are freely available from the Dr. Christian Servin principles can be applied to them. The presentation lab course is an introduction to the primary tools project website and carry a Creative License for El Paso Community College also covers what the current threats are to ICS/ used to access the Darknet. After explaining what the adoption and adaption to meet course needs. The SCADA systems, covering real- world attacks on Darknet is, attendees will be taken to Darknet sites instructional materials align to three prominent This demo presents a set of computer programming these systems. Finally, the presentation reviews the using some of the more common navigation tools. curricular standards: 1) NSA CAE Knowledge labs for the Elementary Data Structures and cyber security principles that can help in securing Because the Darknet’s most popular application is Units, 2) ACM Computer Science Curriculum Algorithms course (a.k.a. CS II). Designed in Java the Tor Browser, attendees will learn this application these systems. Guidelines, and 3) College Board AP Computer and assigned to students for the last four semesters, first. Science Principles Big Ideas. Adopting this already these labs are inspired by current computer security vetted content will jumpstart those colleges pursuing issues faced by employers in the El Paso region. Topics the NSA CAE2Y designation and other colleges include a biometric simulation, password protection, developing cybersecurity certificate and degree modeling Multi-Level Security (MLS) systems, and programs. deciphering passwords. The programming labs were designed based on learning outcomes that are

60 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 61 Pathway Model Competency Area: Protect and Defend Pathway Model Competency Area: Protect and Defend Pathway Model Competency Area: Protect and Defend to the virtualization concepts covered in Dr. Sand’s Instructional Design Elements: Instruction Instructional Design Elements: Instruction Instructional Design Elements: Instruction Tuesday afternoon workshop. Attendees can perform cloud computing hands on labs during and after this Teaching Network Forensics and Incident Avoiding Armageddon Utilizing Artificial Intelligence to Identify and Response Mitigate Security Vulnerabilities in Workplaces workshop. Charles Brooks Dr. Philip Craiger Cemal Tepe Advanced Cyberforensics Education Consortium Industrial/Utility Network Security: A multitude of Pathway Model Competency Area: Securely Provision Instructional Design Elements: Instruction (ACE) IT-centric computer/ network/cyber security courses You will learn how and where you can utilize and certifications are available, yet few individuals Artificial Intelligence to identify and mitigate Cloud Based Wireless Security Infrastructure This hands-on workshop introduces a course in possess the skills and knowledge of cyber security security vulnerabilities in workplaces. network forensics and incident response taught at as it relates to Industrial Control Systems (ICS) and Bill Wolfe Daytona State College. In addition to a discussion Operations Technology (OT). The ICS/OT network Center for Systems Security and Information and description of topics covered, participants security environment is built on devices, protocols, Pathway Model Competency Area: Protect and Defend Assurance (CSSIA) will get hands-on experience using several of the connectivity specifications and requirements that Instructional Design Elements: Instruction assignments from the course. Topics include: do not exist in the SOHO or Enterprise network Teaching Cybersecurity Students to Apply A major challenge for network and cybersecurity identifying anomalous network packets; malware environments. You will be introduced to ICS managers concerns mobile devices on the analysis; honeypots and host-based intrusion embedded devices including PLCs, RTUs and IEDs. Regression Analysis to Predict Losses from Security Incidents organization’s wireless network. This session will detection systems; recovering and analyzing volatile You will also become acquainted with industrial examine new technologies to manage, monitor and evidence; forensic imaging over a network; and control network protocols including Modbus, Penn Wu control mobile devices. Topics include emerging identifying and analyzing evidence of a server DNP3, BacNet, etc. Other key topics include ICS/ technologies, standards and products; cloud- intrusion. Utility network communication methods and the based management; authentication systems; secure Learn how to teach students to apply regression IAC tenets associated with these networks that are communications; Highly Available Redundant analysis, a sophisticated statistics model, to predict completely reversed from those taught for enterprise Architecture; and guarding the organization’s air losses from security incidents. The presenter will Pathway Model Competency Area: Protect and Defend networks. Because ICS/Utility networks are so space. Instructional Design Elements: Instruction different from traditional IT networks, you will be describe how to guide students. The presenter will also describe how to develop the instructional challenged to implement security for these networks With Cloud Managed Services becoming Securing Data from Risk materials, conduct a three-hour long lecture, design while also delivering the IAC requirements they mainstream and utilized by companies of all sizes the hands-on learning activities, and incorporate need to function properly. and industries, Meraki offers a number of solutions Matt Bishop this topical area with the existing cybersecurity utilizing Cloud Based Services for Network UC-Davis curriculum. Sample handout and lecture notes will Infrastructure. The exposure to these cloud-based Pathway Model Competency Area: Protect and Defend be available for interested audiences. services allow students to be more valuable to future The NSF Catalyzing Computing and Cybersecurity Instructional Design Elements: Instruction employers by gaining hands-on experience with in Community Colleges (C5) Project has developed IaaS (Wireless, Switching and Security). This session and tested avariety of cybersecurity materials at How Do Automated Defenses Potentially Change Pathway Model Competency Area: Securely Provision will allow attendees to experience first-hand the community colleges across the nation. Participants INFOSEC Skill Needs? Instructional Design Elements: Instruction Meraki Dashboard, various Cloud Services and a of this workshop will take away modularized content Virtual Infrastructure which can be configured and for teaching and assessing Securing Data from Risk Jeanette Smith-Perrone Cloud Computing 101: Bringing Security into the managed and made available within an instructor’s in their introductory computing and cybersecurity Cloud courses. All C5 instructional and assessment What does it mean today to defend against a DDoS curriculum and classroom activities. materials are freely available from the project attack? How are DDoS attack vectors and attacker Rick Watson website and carry a Creative License for adoption motivations changing? Workshop demonstration VMWare IT Academy and adaption to meet course needs. with a DDoS defense system that learns from the Pathway Model Competency Area: Securely Provision unique attack pattern and automatically implements Every cyber security professional knows cloud Instructional Design Elements: Instruction the defense in under 10 seconds. Discussion on how computing is the new IT paradigm, but most don’t Mobile Device Security this type of automated defensive system changes how understand it well. You must understand the cloud today’s defenses are implemented by companies and before you can secure it. This workshop examines Shalon Simmons potential changes in INFOSEC skill needs. concepts such as public cloud, private cloud, hybrid cloud, and community cloud. We sort through the alphabet soup of PaaS, SaaS, IaaS, DaaS, and Mobile devices are prevalent in every aspect of explain the basic cloud concepts of multi-tenancy, society. Today’s Cybersecurity programs should snapshots, fenced networks, linked clones, and devote a significant amount of time to teaching more. This workshop provides a great introduction students about Mobile Device Security whether that be a course devoted to the topic or incorporating a

62 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 63 module in Cybersecurity classes. This presentation Pilot testers will provide the C5 Project with valuable will explore ways to incorporate mobile Device instructor feedback and student performance data Security into classes. Topics covered will include (but from actual classroom experiences. not be limited to) how to secure mobile devices as well as how to secure information stored, processed and/ or transmitted by them (e.g. credit card payments Pathway Model Competency Area: Securely Provision via the square). In addition, the issue of Bring Your Instructional Design Elements: Practice Own Device and how it can be incorporated into the curriculum will also be addressed. Home Automation IoT Labs

Kevin Vaccaro Pathway Model Competency Area: Securely Provision Center for Systems Security and Information Instructional Design Elements: Instruction Assurance (CSSIA)

Using IAAS to Teach Cloud-based Security This session will present the new lab activities developed by the CSSIA team designed to introduce Bill Wolfe students to home automation devices in the world Center for Systems Security and Information of IoT. The session will provide an overview of Assurance (CSSIA) equipment required to implement a lab, introduce participants to the installation and configuration This workshop will provide a hands-on experience of devices and discuss security concerns associated with the new Muraki cloud-based security products. with home automation. Faculty members will receive Learn how organizations can implement and access to download new labs developed by CSSIA. manage enterprise security in the cloud. The session Resource Guide Presenter Index will introduce the full line of new products and how to introduce these technologies in your classroom. Pathway Model Competency Area: Securely Provision Instructional Design Elements: Practice

Blockchains, Bitcoin, and Cryptocurrencies: Pathway Model Competency Area: Securely Provision Instructional Design Elements: Instruction Quick Way to Become Rich? Or a Complete Scam? Securing Risky Data Workshop Douglas R. Spindler Matt Bishop UC-Davis In this workshop, you will create your own cryptocurrency and learn how to dominate the world! Participants of this workshop will take away Mine your cryptocurrency and make millions! Go adaptable instructional resources for teaching on a spend spree with your e-currency and see what Securing Risky Data in both introductory you can buy! Learn about blockchains and the story cybersecurity and computer science courses at the of Bitcoin. What’s the future of cryptocurrencies, collegiate level. Participants will receive a certificate Bitcoin, e-currencies, and blockchains? Learn lab acknowledging participation in this professional exercises you can use to teach your students about development activity. Furthermore, the instructional blockchains and cryptocurrencies. materials carefully align to three prominent curricular standards: 1) the NSA CAE Knowledge Units, 2) the ACM Computer Science Curriculum Guidelines, and 3) the College Board AP Computer Science Principles Big Ideas. The NSF Catalyzing Computing and Cybersecurity in Community Colleges (C5) Project has finished developing this new modularized content and is now seeking motivated faculty who are interested in being part of an exciting pilot during the Fall 2017 semester.

64 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 65 A Moussavi, Shamsi 60 Abdollahian, Hamid 53 Aladejebi, Israel 55 N Nabozny, Keith 54 Alvarez, Wesley 55 Nestler, Vincent 47, 48 Appel, Flo 44, 46 Nixon, Charline 55, 57 Archer, Judy 58 O B O’Brien, Casey 41 Balek, Lou 49 Bhattacharya, Debasis 45 Bishop, Matt 51, 62, 64 P Peker, Yesem 43, 44, 46 Boisvert, Deborah 41 Pruitt-Mentle, Davina 40 Bowne, Sam 50, 53 Brooks, Charles 62 Q C Qaissaunee, Mike 46, 49 Craiger, Philip 56, 61, 62 R D Randall, Greg 59 Dardick, Glenn S. 48 Dark, Melissa 42, 43 S Sands, John 41, 55 Schiavo, Sandra 48 E Servin, Christan 51, 60 Eastman, Joe 43 Shields, Tobin 54 Simmons, Shalon 58, 63 H Smith-Perrone, Jeanette 62 Hamilton, Robert 61 Spindler, Douglas R. 64 Hawthorne, Elizabeth 42 Hodges, Cassandra 43 Hulbert, Sean 47 T Tamburelli, Patricia 57 Teets, Gregory 50 I Tepe, Cemal 63 Israel-Davis, Anthony 45 Termunde, Dave 40 J Jones, Christie 47, 59 V Vaccaro, Kevin 50, 53, 57, 64 K Vargas, David 42, 61 Kazanjian, Philip 42 Kemp, Cliff 45 W Watson, Rick 63 Koslab, Tomas 46, 54 Webb, Clinton 61 Kwak, Myungiae 55, 56 Weeks, Rich 49 Weiss, Richard 48 L Wesley, Deanne 42, 45, 55 Leary, Margaret 44 Winski, Nicholas 40 Linthicum, Steve 40 Wolf, Debbie 59, 60 Wolfe, Bill 47, 49, 58, 63, 64 M Wu, Penn 56, 63 Mahoney, Jamie 53 Manson, Dan 54 Masino, Mike 50, 51, 52, 59 Y Yardley, Tim 57 Miller, Stephen 58

66 Cybersecurity Skills Journal: Practice and Research Cybersecurity Skills Journal: Practice and Research 67 68 Cybersecurity Skills Journal: Practice and Research