1 Cybersecurity Education Issues & Approaches Derek A. Smith Director of Cybersecurity Initiatives at Excelsior College AFCEA November 18, 2014
2 Where we are now! Symantec: In a world of increased cybersecurity attacks, an estimated 300,000 cybersecurity jobs are vacant in the United States
3 Where we are now! Rand Corporation: The nationwide shortage of cybersecurity professionals -- particularly for positions within the federal government -- creates risks for national and homeland security, according to a June study by Rand Corporation.
4 Where we are now! ISC2: The reasons for an inability to bridge the need for additional information security workers are fueled by three factors: business conditions, executives not fully understanding the need, and an inability to locate appropriate information security professionals (ISC2)
6 Where we are now! Contributing factor: Competing budget priorities, a narrow pipeline of prospects, training shortfalls, ambiguous skill-set requirements and a tug of war between the public and private sectors all add complexity to the process FCW Magazine
7 While billions of dollars are being spent on new technologies to secure cyberspace, it is the people with the right knowledge, skills, and abilities to implement those technologies who will determine success
8 Understanding the trends Four common trends that drive the need for cyber education: information security is increasing in relevance is increasing in attention and demand from students, private industry and government agencies more domains to secure and more ways to attack. focus more on the practices (not just general security)
9 Straining to address the needs and trends finding qualified instructors and professors struggling for resources with competing subject critical lack of equipment, laboratories and opportunities for students to get hands-on experience dynamic curriculum
10 Different approaches, common ground Common themes: Cybersecurity must evolve into a formal discipline in the curriculum similar to other existing disciplines. Programs must teach a combination of theory and practice. Cybersecurity should be taught in an integrated fashion, with all students learning basic principles. Independent study and student interest groups are a key teaching tool. Government and industry collaboration is extremely important. Providing strong faculty development opportunities is a must.
11 Program Components Technology Technology specific items Skills development (hands-on) Theory and research Critical Thinking Analysis and decision making Problem solving Finding unique solutions Information Literacy not just technology literacy Research process Interpersonal skills Team work Communications capabilities Writing, presentations
12 Cyber Security Content Areas (Examples at all training / education levels) Systems maintenance, patches, upgrades Content security Data assurance Physical security User education Detection (hacks, probes, etc.) Deterrence (fire walls, honey pots, etc.) Forensics (evidence gathering, preservation) Policy development Forward planning and professional development Preparation for certification Security budgeting & public communications Research all areas
13 "One of the first things at the high level is actually defining what it is you want this person to do because it's not as broad as it's sometimes made out to be when you just say 'cybersecurity career field,'" Howard Schmidt, formerly White House cybersecurity coordinator.
14 The Workforce Framework lists and defines 32 specialty areas of cybersecurity work and provides a description of each. Each of the types of work is placed into one of seven overall categories. The Workforce Framework also identifies common tasks and knowledge, skills, and abilities (KSA's) associated with each specialty area. The Workforce Framework will be used as guidance to the federal government, will be made available to the private, public, and academic sectors for describing cybersecurity work and workforces, and related education, training, and professional development. NICE Framework The National Initiative for Cybersecurity Education (NICE) developed the National Cybersecurity Workforce Framework (the Workforce Framework) to define the cybersecurity workforce and provide a common taxonomy and lexicon by which to classify and categorize workers.
15 Linking efforts at all levels Seven different tenets for cybersecurity education 1. Holistic 2. Interdisciplinary 3. Diverse programs 4. Business-focused 5. Hands-on 6. Research-oriented 7. Common language and science
16 Meeting the demands of tomorrow Increase awareness and expertise Treat security education as a global issue Approach security comprehensively, linking technical to non technical fields Seek innovative ways to fund labs and pursue real-world projects Advance a science of security
17 How We Approach It: Heavy doses of theory & fundamental principles Softer skills: writing, communications, problem solving, critical thinking, team work Some levels include lots of hands-on Different approaches depending on level Intro. level typically more skills based (also a mixed set of students and student backgrounds) Intermediate some hands-on but includes softer skills (theory, critical thinking, problem solving, communications, team work) Advanced managerial or research
18 Student Expectations Mind set preparation Understanding what the professional does Detailed analysis Constant monitoring Responsibility issues Want it immediately Expecting hands-on work in most programs Employment expectations High-paying jobs In some areas a security clearance is an issue
19 Faculty Preparation Full-time vs. part-time/professional faculty Backgrounds vary Technically adept but don t teach well Good teachers but don t know technology Teaching ability: preparation & in the classroom Keeping up with the changing technology New theories, problems, tools, techniques Developing specialization areas (may go out-ofdate ) Balancing: hands-on, theory, KSA's, softer skills Up to date on technology, law, business needs, costs/benefits
20 Sample Programs Capitol College Doctor of Science in information assurance (DSc) Master of Science in information assurance (MSIA) The Bachelor of Science in cyber and information security (BSCIS) Computer and Network Security(Certificate) Digital Forensics and Incident Handling (Graduate Certificate) Information Assurance Administration (Graduate Certificate) Network Protection (Graduate Certificate) Secure Cloud Computing (Graduate Certificate) Secure Mobile Technology (Graduate Certificate) Secure Software Development (Graduate Certificate) Security Management (Graduate Certificate)
21 Sample Programs University of Maryland, University College MASTER OF SCIENCE IN CYBERSECURITY MASTER OF SCIENCE IN CYBERSECURITY POLICY MASTER OF SCIENCE IN DIGITAL FORENSICS AND CYBER INVESTIGATION MASTER OF SCIENCE IN INFORMATION TECHNOLOGY: INFORMATION ASSURANCE BACHELOR OF SCIENCE IN CYBERSECURITY BACHELOR OF SCIENCE IN COMPUTER NETWORKS AND SECURITY BACHELOR OF SCIENCE IN SOFTWARE DEVELOPMENT AND SECURITY CYBERSECURITY POLICY CYBERSECURITY TECHNOLOGY DIGITAL FORENSICS AND CYBER INVESTIGATION FOUNDATIONS OF CYBERSECURITY INFORMATION ASSURANCE
22 Sample Programs Prince George s Community College Cybersecurity Assoc. of Applied Science Cybersecurity Certificate Cybersecurity Management, Certificate
23 Sample Programs Excelsior College Five Cybersecurity Programs Certified to Meet the NSA s Committee on National Security Systems (CNSS) Training Standards Master of Business Administration in Cybersecurity Management Master of Science in Cybersecurity Bachelor of Science in Cyber Operations Bachelor of Science in Information Technology [Without Concentration] Bachelor of Science in Information Technology (Cybersecurity) Undergraduate Cybersecurity Certificate Graduate Cybersecurity Management Certificate
24 Questions? Derek A. Smith Director, National Cyber Security Institute Excelsior College
Cybersecurity Education Workshop February 24-25, 2014 George Washington University Arlington Center Arlington, VA Final Report April 7, 2014 Sponsored by the National Science Foundation Directorates of
Report on Cyber Security Education Project June 9, 2014 For Further Information: Dennis Egan: email@example.com Fred Roberts: firstname.lastname@example.org Table of Contents ` Executive Summary...
110101001101101101010011000 11011010100110110101001100 11011010011011010100110000 10100110110101001100010010 Protecting Information The Role of Community Colleges in Cybersecurity Education A Report from
SOUTH DAKOTA BOARD OF REGENTS Full Board AGENDA ITEM: 26 1 (a) DATE: April 2-3, 2014 ****************************************************************************** SUBJECT: New Program: DSU D.Sc. in Cyber
CYBERSECURITY WORKFORCE DEVELOPMENT MATRIX RESOURCE GUIDE October 2011 CIO.GOV Workforce Development Matrix Resource Guide 1 Table of Contents Introduction & Purpose... 2 The Workforce Development Matrix
COMPUTER SECURITY AND IMPACT ON COMPUTER SCIENCE EDUCATION T. Andrew Yang Computer Science Department Indiana University of Pennsylvania Indiana, Pennsylvania 15705 TEL: 724-357-7995 Email address: email@example.com
Report of the Cyber Security Task Force to the University System of Maryland, May 2011 rm biometrics iques protect e-mail sector hub techniques global engineering metrics act data see assess alias illegal
A Human Capital Crisis in Cybersecurity Technical Proficiency Matters A White Paper of the CSIS Commission on Cybersecurity for the 44th Presidency cochairs Representative James R. Langevin Representative
Cataloging and Metadata Education: A Proposal for Preparing Cataloging Professionals of the 21 st Century A response to Action Item 5.1 of the Bibliographic Control of Web Resources: A Library of Congress
CYBERSECURITY WORKFORCE Getting in Front of the Cybersecurity Talent Crisis http://boozallen.tumblr.com/post/120784624298/ how-to-build-a-cyber-dream-team-when-it-comes-to CONTENTS INTRODUCTION Introduction...
THE GRADUATE SCHOOL CAreer Forward Advance with a respected graduate degree from UMUC. www.umuc.edu/moveforward An advanced degree opens the door to CAreer advancement Professional credentials can help
[DRAFT] A Model Curriculum for Programs of Study A Model Curriculum for Programs of Study in Information Security and Assurance in Information Security and Assurance v. 6.0 February 2013 [DRAFT] http://infosec.kennesaw.edu/infoseccurriculummodel.pdf
Toward Curricular Guidelines for Cybersecurity Report of a Workshop on Cybersecurity Education and Training Andrew McGettrick Professor, University of Strathclyde Chair, Education Board Association for
@ Educators, Technology and 21st Century Skills: Dispelling Five Myths A Study on the Connection Between K 12 Technology Use and 21st Century Skills @ Contents A Message from the President and Dean................
and Mission Information technology is a dynamic discipline that addresses the use of computing and I n t r o d u c t i o n information technology in business, education, government, and other organizations.
Information Systems Technology & Cybersecurity Programs Stay close. Go far. Computer Studies Faculty Trudy Gift Professor, Information Systems Technology 240-500-2214 firstname.lastname@example.org Carrie Pifer
Program Proposal for Master of Information Technology Security Submission to Post-secondary Education Quality Assessment Board February 3, 2004 Master of Information Technology Security 1 1 ORGANIZATION
BOARD OF REGENTS SUMMARY OF ITEM FOR ACTION, INFORMATION, OR DISCUSSION TOPIC: University of Maryland Eastern Shore: Master of Science in Cybersecurity Engineering Technology COMMITTEE: Education Policy
PELL CENTER for INTERNATIONAL RELATIONS REPORT and PUBLIC POLICY Professionalizing Cybersecurity: A path to universal standards and status Francesca Spidalieri and Sean Kern August 2014 Executive Summary
Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.
Information Security Curriculum Creation: A Case Study Bradley Bogolea College of Engineering The Pennsylvania State University University Park, Pa 16802 email@example.com Kay Wijekumar School of Information
E N V I R O N M E N T A L S C A N CYBERSECURITY Los Angeles and Orange Counties J U N E 2 0 1 2 E N V I R O N M E N T A L S C A N CENTER OF EXCELLENCE Los Angeles and Orange Counties Audrey Reille, Director
State of Cyber Workforce Development Marie Baker August 2013 WHITE PAPER CERT Division http://www.sei.cmu.edu Copyright 2013 Carnegie Mellon University Any opinions, findings and conclusions or recommendations
Cybersecurity Workforce Competencies: Preparing Tomorrow s Risk-Ready Professionals About Us About University of Phoenix University of Phoenix is constantly innovating to help working adults move efficiently