LOS RIOS COMMUNITY COLLEGE DISTRICT Sabbatical Leave Application Name Lance Parks College: CRC Present Assignment: CIS Type of Leave Requested: A. Type A One Semester: Fall Spring X Entire Year Will you be a tenured faculty member at the commencement of this leave? Yes _X No If you have previously been awarded a Type A leave, have you completed a sequence of seven full years of service with the District since the last Type A leave? Yes No B. Type B Fall % Spring % Will you have completed a sequence of at least three full years of service with the District at the commencement of this leave? Yes No Title of Proposal: _ Obtain CAE2Y Status Brief Description of Proposal: The National Security Agency (NSA) and the Department of Homeland Security (DHS) jointly sponsor the National Centers of Academic Excellence in Information Assurance (IA) award at two-year institutions (commonly referred to as CAE/2Y ). The goal of this program is to reduce vulnerability in our national information infrastructure by promoting higher education and research in IA and producing a growing number of professionals with IA expertise in various disciplines. Currently thirteen community colleges in the United States have obtained CAE2Y status. I d like to apply and have Cosumnes River College become the fourteenth college on that list. What are your qualifications to undertake and complete your proposed project? I am the only full-time instructor in the district with a master s degree in computer security. In addition, I created the first security program at a community college (CRC) in the state. Explain in detail how the accomplishment of your proposal will promote the objectives of serving students within the Los Rios District: This new designation will help distinguish the strengths of Cosumnes River College s Information Systems Security (ISS) program against other programs in the state, benefitting not only the college, but also students, and employers in our area.
Sabbatical/Professional Development Leave Request, Page 2 Will you be receiving any outside remuneration for the proposed activities during your requested leave? Yes No _X_ (If yes, please submit explanation on separate sheet.) Do you anticipate receiving any commercial benefit from your project or product through future sales? Yes No _X_ (If yes, please submit explanation on separate sheet.) Please submit on a separate sheet: See Attachment A I. A narrative on your planned program containing a statement of purpose and objectives, a detailed description of the proposed activities, and budget or resources support. II. III. IV. An appropriate method of evaluation. A plan for sharing the results of the project. Professional Growth Attachment V. Explain how you arrived at the requested leave time. VI. Explain why the project is outside of your normal duties. I agree to comply with all requirements stipulated in the faculty contract if awarded this leave. Signature of Applicant Date Approval/endorsement of immediate or appropriate supervisor: I have reviewed this proposal and believe, do not believe, that it is an appropriate project/activity, which will promote the objectives of the college/district. Comments Signature of Supervisor Date
Obtain Center for Academic Excellence 2 Year (CAE-2Y) Status Proposal Lance Parks VII. A narrative on your planned program containing a statement of purpose and objectives, a detailed description of the proposed activities, and budget or resources support. The number of information security professionals are projected to continuously grow more than eleven (11) percent annually over the next five years. Seventy-nine percent of information security professionals in developed countries in the Americas also have average salaries of $80,000 or higher. However, many information security professionals believe there is a workforce shortage (Attachment B). To address these shortages the National Security Alliance (NSA) and the Department of Homeland Security (DHS) jointly sponsor the National Centers of Academic Excellence in Information Assurance (IA) 2-year Education (CAE/2Y) and IA Research (CAE/R) programs. The goal of these programs are to reduce vulnerability in our nation s information infrastructure by promoting higher education and research in security and produce a growing number of professionals with IA expertise in various disciplines. The purpose my sabbatical is to find the time necessary to work on obtaining CAE/2Y status for Cosumnes River College s Computer Information Systems Security (CISS) program. This will help us to meet the needs of employers in the region, provide more opportunities for our students and improve the overall quality of the program. My objectives are the following: Provide a security program that is committed to excellence in the field. CAE/2Y is the highest security designation a junior college can obtain. Provide innovative, comprehensive and multidisciplinary education and training in the field. Currently, our CISS program is pretty innovation and multidisciplinary. However what it lacks is being comprehensive. This designation would result in a complete overhaul of all of our Computer Information Science Networking (CISN), Health Care Information Technology (HCIT) and CISS courses, certificates and degrees. Strengthen the cybersecurity workforce by providing security education and training through degree and certification programs at Cosumnes River College. It will result in two new certificates, Health Care Security and Security Incident Analysis and Response (Attachment C). Build an effective education pipeline model with K 12 schools to encourage students at an early age to enter the security fields of study. I plan on accomplishing this by meeting with local high schools in the area and sharing information about our program with them. I have also thought about putting together a kid s security boot camp that could be offered over the summer. Provide the region with a pipeline of qualified students poised to become a future skilled technical workforce. Fortunately I have a good working relationship with Sacramento s Information System Security Association (ISSA). They meet on a monthly basis and offered to let me talk about the new program if we get certified. Since most of the employers, who hire our students attend these meeting it is critical I make sure everyone knows our program is better than the rest. The CAE2Y Program is open to current regionally accredited two-year community colleges, technical schools, state or federally endorsed IA/Cybersecurity training centers or U.S. Government IA/Cybersecurity training centers. Successful institutions will be designated as a NSA/DHS National
Center of Academic Excellence for Information Assurance/Cyber Defense for Two-Year Education (CAE2Y). The overall CAE2Y requirements are: Demonstration of program outreach, student development, IA/CD Center establishment and maintenance, IA/CD faculty, and student curriculum path. Successful mapping of the institution s curriculum to the two-year core Knowledge Units (KUs). Institutions shall demonstrate that students can successfully complete the CAE2Y course of study and receive recognition on a transcript, diploma, etc. Creation of Focus Areas (or certificates). Dean Bedford and the CIS Department support the CISS program and the proposed changes. At our last meeting (August 2014) the department agreed that new FTE would be used for CISS to allow it to grow and support the needs of this certification. VIII. An appropriate method of evaluation. All of these requirements require work. This includes, but is not limited to the following: Finding evidence that our program meets their knowledge units (KU) or standards (see Attachment D). This will take the most time, because their standards are quite complex and I have to document each one. This will require both revision to existing curriculum and the creation of new courses, and certificates. Working with student services, campus IT and others to ensure the college meets the necessary requirements for this program (see Attachment E, page 4). Filling out the necessary application/paperwork (https://www.iad.gov/nietp/login_join.cfm or Attachment F). This will require some time, because besides applying I have to include the information for every course, and focus area (certificate) as well. It s too bad SOCRATES and this system do not communicate with one another. There are eleven core courses to be part of the CAE2Y program (Attachment D). They are: o Basic Data Analysis (CRC) o Basic Scripting or Introductory Programming (CRC) o Cyber Defense (CRC) o Cyber Threats (CRC) o Fundamental Security Design Principles (CRC) o IA Fundamentals (CRC) o Intro to Cryptography o IT Systems Components (CRC) o Networking Concepts (CRC) o Policy, Legal, Ethics, and Compliance (NEW) o System Administration (CRC) Here are some optional courses that will likely be required for our certificates: Data Administration (CRC) Databases (CRC) IA Compliance (NEW) IA Standards (NEW) Life-Cycle Security (NEW) Security Program Management (NEW)
Software Security Analysis (CRC) Supply Chain Security (NEW) Cybersecurity Planning and Management (NEW) Digital Investigations (CRC) IA Architectures (CRC) Operating Systems Hardening (NEW) Overview of Cyber Operations (NEW) Security Risk Analysis (CRC) Vulnerability Analysis (NEW) The Knowledge Unit mapping requires a college to demonstrate how it meets each Core and chosen Optional KU (Attachment G). We have many ways to demonstrate how our program meets/fulfills each KU. Some examples include: course syllabus, course outline, student assignments, lab assignment, modules in a course/collection of courses, and certifications. Required information does include: course syllabi, course outlines and justifications showing where and how the KUs are addressed in the curriculum. One course may fulfill the requirements of multiple KUs, and multiple courses may fulfill the requirements of a single KU. Advisory panels are crucial to programs such as these and CyberWatch West (a security consortium) has Institutional Members and Partners, as well as Advisory Board Members. After being certified Cosumnes River College will be able to join this consortium and get access to its resources. After applying the college will be evaluated by CAE Program staff with assistance from Subject Matter Experts. The last phase of the criteria may be an on-site evaluation focused on course content, course relevance, laboratory facilities, and faculty involvement. Successful colleges are designated as a NSA/DHS National Center of Academic Excellence for Information Assurance/Cyber Defense for Two-Year Education (CAE2Y). The designation period lasts about five years. IX. A plan for sharing the results of the project. I will work with faculty in this area on the changes to the curriculum and to the program. I will also highlight the benefits of having this designation. As I mentioned earlier I will also go to local high school and ISSA and share information about the program with them. I would also work with Kristie West on some publicity over this designation. X. Professional Growth Attachment XI. I have included a recent copy of my resume. It reflects my degree in Digital Security and the creation of our CISS Program (Attachment H). Explain how you arrived at the requested leave time. Most of my time in the spring will be spent working on updating our curriculum to meet their standards (Attachment D). I anticipate that over thirty courses will need to be modified as a result this includes course that are part of the program and their prerequisites. These curriculum changes will be easy to evaluate as anyone with access to SOCRATES can see them.
In addition, once the curriculum is ready I will need to work with student services, campus IT and others to ensure the college meets the necessary requirements for this program (see Attachment E). One of the others is Sacramento State as transferability of our program to a four-year institution is a requirement for CAE2Y designation. I anticipate doing all of this work during the spring. Finally, I will need to work on filling out the application and finish mapping all of the knowledge units. As mentioned earlier a site visit might also be necessary. Here is a breakdown of my projected hours: Work Hours Total Hours CAE2Y Research 150 150 Required Knowledge Unit Mapping 11 12 132 Optional Knowledge Unit Mapping 15 12 180 CISN & CISS Curriculum 24 6 144 Outreach 80 80 Application/Paperwork 120 120 Total 806 Sabbatical time requested 1 0 Naturally a lot of the times above are estimates, but because of my previous curriculum experience and experience building a program from the ground-up (twice) I believe everything to be fairly accurate if not less than the actual time it will take. XII. Explain why the project is outside of your normal duties. CAE2Y designation is not a requirement for the ISS program at Cosumnes River College. However, it will greatly benefit the college, students and employers if we can obtain it. According to Dr. Nicholes from Sacramento State, The benefits to a CAE2Y institution are significant: recognition of the quality of the program by industry, professional associations, and academe; seamless program articulation with CAE universities; better job placement and/or transfer opportunities for students; opportunities for collaboration with other CAE2Y and CAE institutions; improved institutional standing in the local, regional, and professional community; opportunities for institutional/program marketing; and monetary support.