Symposium Presentation Archive

Each year the CAE in Cybersecurity Community gathers to discuss updates in the community. On this archive page, you will find the member presentations, fastpitch, and general session presentations.  Below, you will find a complete list of presentations from this event.

If you have any problems accessing content or questions, please contact info@caecommunity.org.

2017 CAE in Cybersecurity Community Symposium Presentations

It is clear that in order to address the cybersecurity education and workforce crisis, the challenges are not just numerous but also inextricably linked. The least of which include a greater number of prepared faculty, effective curriculum, and infrastructure to host, use, and disseminate the curriculum. There is a demonstrated need for a cybersecurity digital library (DL) that will help address these challenges. The Cyber DL is similar to other curricular digital libraries in some respects (material quality, uptake, etc.) and unique in others (national security concerns, presence of damaging material – malware, material integrity issues, etc.). We have been working on the design and implementation of CLARK – The Cybersecurity Labs and Resource Knowledge-base. CLARK is a prototype curriculum management platform that hosts diverse cybersecurity learning objects. This submission introduces the system and highlights its capabilities as a tool that is much needed in the cybersecurity education community.

SIDD KARA

The purpose of this research is to glean insight into the taxonomy or differentiation methods used in cybersecurity employment. In addition, the research will identify the career paths have experienced professionals such as executives and senior managers taken to reach their current positions. Considering both top-down and bottom-up approaches, we can better identify what current KSAs and cybersecurity certifications are predominantly obtained by current cybersecurity professionals and what types of KSA are missing. More specifically, we expect that the results of this analysis provide several important outcomes such as current cybersecurity career paths, a cybersecurity certification and KSA map, and a cybersecurity knowledge units mapping. As a result, we can improve future workforce efficiency by identifying what experience, education and certifications are needed and encouraged to pursue. This study will provide insights of the practical utilization of the knowledge and skills in the cybersecurity industry that provide the greatest impact it contemporary employee needs. It explains the directions that successful employees have taken to reach their current positions. It also provides perspective into the priorities of industry leaders by outlining their backgrounds, and the industries and fields in which they were previously employed.

DAM KIM

The University of Arizona, to enhance the learning experience of online, hybrid, and face-to-face students in the Cyber Operations degree program, has designed, built, and implemented a Cyber Virtual Learning Environment (VLE). Built upon a hybrid cloud architecture, students can log in to their classes from anywhere there is internet access, and safely complete hands-on learning exercises in a synthesized environment with no fear of damaging or interfering with current, live, computer networks. This provides a cost-effective option for students wishing to pursue their degree, paired with the geographic flexibility students may need. The VLE is made up of several components which students will use throughout their courses. This vast array of components keeps students challenged and provides a depth of experience in the Cyber realm not readily available elsewhere. Our students, regardless of learning modality, leave the program with the knowledge, skills, and abilities to work immediately in the Cyber field upon graduation. Through the VLE, they will attack and defend the businesses, individuals, and governmental offices of CyberApolis, our virtual city. With 15,000 highly developed virtual citizens, CyberApolis is a thriving city with its own social media, hospital, bank, businesses, and organized crime. Our Internet of Things lab devices are being increasingly integrated into CyberApolis to allow students to interact with these everyday devices that may be watching, listening, or interfering with our homes and businesses. And the Malware Sandbox provides a safe environment in which to reverse engineer malware, with no threat to current computers or networks.

JASON DENNO

It this fast pitch, blockchain technology and its potential applications are presented. We will explore so called decentralized transparent immutable yet secured applications using the blockchain technology and will describe a novel approach of “proof of X” such as proof of identity, proof of college degree and proof of academic achievements. The project prototype of a personal archive service system (PASS) is demonstrated. Personal archive is defined as a collection of various artifacts that reflect personal portfolio as well as personal unique identifications. Personal portfolio is in addition to a simple statement of personal achievement. It is an evidentiary document designed to provide qualitative and quantitative chronically documentation and examples. The pitch moves on to focus on security concerns, risks and challenging. Blockchain technology has been bringing cryptography to individuals who are in turn as value investors in the internet with a clear time sequence, not just any information consumers. But, it is also coupled with various threats and concerns. We will discuss issues inherited from the current blockchain technology such as scalability, efficient and block sizes. We will also talk over a possibility of altering blocks even without over 50% mining power, low resource eclipse attacks and other forms of cheating. We will also present in the end a challenging case of cleaning poisoned blocks.

Z CHEN

Forecasters are predicting a catastrophic shortage in workers to fill open positions in cybersecurity by 2020. We are not developing enough qualified candidates for this field, but by the time students enroll in a higher education institution, it may already be too late as many students are unable to handle the complexity and continually changing environment in cybersecurity. We propose starting a discussion on a new pedagogical approach to cybersecurity education based on our past strength in innovation. America has long been considered a nation of innovators, but with rapidly changing technology, we have to up our game by making innovation a part of growing up. Innovation should start from elementary school and promote thinking outside of the textbook. by making an investment to educate teachers and parents to encourage and sustain innovation. This presentation will discuss some initial steps needed to create a culture of innovation by educating teachers and parents to encourage and sustain innovation early on.

MARK THOMPSON AND RAM DANTU

This proposal reports on the success and lessons learnt of an innovative and interdisciplinary project (funded by the NSA) with the objective of enhancing Cybersecurity education in western PA. This project implemented six different services that worked collaboratively to identify and address challenges facing Cybersecurity education. A focus of this funded project was to implement a novel program to enhance communications skills (soft skills) of Cybersecurity students and those aspiring to enter this promising field. Our ultimate objective was to propose an innovative and successful model that can be easily replicated in other schools and/or environments. These services and activities are briefly described below: 1. Designed and implemented quantitative and qualitative research studies to identify challenges facing Cybersecurity education. 2. Employed results from the above-mentioned research studies and from extant published research as the basis for designing a comprehensive program for delivering individualized instruction to Cybersecurity students. 3. Offered three weekend Cybersecurity skill enhancement workshops that provided very engaging sessions on various aspects of Cybersecurity. 4. Worked on building a Cybersecurity community that invited students, teachers, business owners, NGO’s, and government organizations to come together to increase Cybersecurity awareness, practice, and education by pooling resources, collaborating in teaching and learning, and creating an integrated network for cyber education. 5. Offered a successful and well attended Cybersecurity skill enhancement summer camp (modeled after GenCyber camps).

WALEED FARAG,

Within the past few decades, cybersecurity has grown from individual concerns to a national-level issue. With such an explosive growth, there has been a discrepancy between the increasing demand for a better cybersecurity knowledge base and cybersecurity workers who are struggling to keep up. Government, academia, and the private sector have taken initiatives in order to fulfill these discrepancies with varying methods and levels of success. Additionally, considerable amount of research for each sector spanning across multiple disciplines have been conducted. However, there is a lack of a holistic view on cybersecurity knowledge among these three sectors and the relationships that exist between them. This research paper aims to explore the current cybersecurity ecosystem in order to allow future researchers and practitioners to understand and broaden the full scope cybersecurity knowledge. In order to achieve our research goal, we use an ontological network and identify key relationships that exist within all three sectors.

DAN KIM

The information booklet for the 2017 CAE in Cybersecurity Community.

CAE in Cybersecurity Community

This content is behind our user login. Please go to https://www.caecommunity.org/forum/general/cae-cd-program-updates-cae-cy... to view this PDF. 

Lynne Clark

National Science Foundation programs of interest to the CAE in Cybersecurity Community.

Susanne Wetzel

Capitol will integrate a security operations experience into its Bachelor of Science in Cyber and Information Security and related degree Programs (Computer Science and Management of Cyber Information Technology). These unique operational experiences will better prepare our graduates to protect and defend networks by integrating required tools and technologies into a concept of operation (CONOPS). Students will be trained and mentored by vendors, faculty and alumni knowledgeable of SOC operating tools and techniques. Students will receive industry recognized certifications (forensics, malware analysis, scripting) where appropriate and focused experience with those tools.

William Butler

It is well-known that there is a tremendous need for cybersecurity talent in the industry and government agencies. According to a recent (ISC)2 report, there will be 1.8 million unfilled cybersecurity positions by 2022.  In this talk, we present our approach at RIT to help alleviate the cybersecurity workforce shortfall.  It includes our partnerships with industry to provide real-world scenarios for students to practice and our MicroMasters in Cybersecurity offering on edX to reach worldwide learners. The preliminary results in increasing diversity and career changing students are encouraging.

Bo Yuan

Capture-the-flag (CTF) competitions provide dynamic, real-time environments intended to engage and challenge the participants. However, they are often not designed to be educational. Rather, they simply provide a series of progressively more difficult challenges in which the participant must find the flag (answer). As these challenges are typically devoid of any direction, this can lead to participants being unable to progress any further in the CTF and therefore unable to achieve educational goals. This presentation will discuss the process of hosting a CTF, their limitations, and common workarounds. We will then discuss our successes and failures in utilizing existing CTF frameworks in the classroom. Finally, we will introduce a custom designed CTF framework that aspires to solve many of the difficulties inherent in the current CTF space. This framework introduces a novel hint system that allows for customizable help to be built for each challenge within a CTF event. The goal is to allow all to participate and progress through the challenges by providing varying levels of help throughout the competition.  This approach maximizes learning and student engagement, opening the utility of such frameworks to the classroom. The framework will be made publicly available upon conclusion of the presentation.

Josh Stroschein & Andrew Kramer

This Fast Pitch will highlight a library of adaptive, personalized, performance-based instructional modules designed by National CyberWatch to facilitate developing mastery of Information Security Fundamentals. These materials were created under a Core Curriculum Cybersecurity grant from the National Security Agency. The library will be presented and discussion will include an overview of the process of becoming a pilot implementation site for the Spring 2018 semester.

Casey O'Brien

This presentation summarizes the presentations and discussions at the Northeast Region CRRC workshop on virtual platforms and exercises design for cybersecurity competitions.

Jake Mihevc

This special interest group discussion focuses on the challenge of educating cyber security experts (multiple specialty domains), engineers (of all fields), and supporting personnel (managers, testers, analysts, etc.) to understand the cybersecurity and resiliency implications associated with the development and operation of complex cyber-physical systems. In contrast to conventional cybersecurity thinking (i.e., Confidentiality-Integrity-Availability), Cyber-physical systems are often operated in real-time with an emphasis on availability and safety over confidentiality. Moreover, the United States Department of Defense (DoD) is increasingly concerned with the successful operation and resiliency of defense focused cyber-physical systems such as aircraft, ships, missiles, command and control systems, navigation subsystems, and other combat-focused DoD Major Weapon Systems (MWS) of interest in highly contested cyberspace environments.

This special interest group is particularly interested in further understanding and studying principles of resiliency as they apply to complex cyber-physical systems such as DoD MWS. Discussion of supporting requirements and their corresponding metrics is also desirable. Emphasis is given to recently released NIST SP 800-160, Systems Security Engineering, available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf and recent work by the MITRE Corporation on Cyber Resiliency (available at https://www.mitre.org/publications/technical-papers/cyber-resiliency-eng... and https://www.mitre.org/publications/technical-papers/cyber-resiliency-des...).

Logan Mailloux and Robert Mills

Current cyber-threats are imminent for all organizations as it is evident from the reporting of weekly data breaches. However, the shortage of cybersecurity workforce has been well documented and remains a major concern for future sustainability and resilience of our cyber infrastructure. Since 2012, Dr. Levy has been working to establish relationships with federal agencies (FBI, DHS, NIST, NSA, & USSS) to have their Special Agents and key personnel come to an annual event where over 200 high-school students bused to the university campus for a day full of passion and excitement about cybersecurity education and career path. This presentation will start with an overview of a self-funded “Cybersecurity Day” event that has been successfully running yearly each October, the cybersecurity awareness month, and will also highlight the presentations provided by agency personnel along with feedback notes from the high-school students and teachers who attended the event.

Yair Levy

The Cyber Security Faculty at Sinclair prides themselves on hands-on learning.  This is no exception for our security classes.  The faculty at Sinclair have taken notes from such conferences as Defcon to get their students involved in the classroom.  Currently, the department uses everything thing from hardening blade servers as a part of our Securing a Windows Network Environment class to lockpicking and WiFi Pineapples in our Network Security course.  Recently Sinclair was awarded funds from the NSA to help improve their hands-on experience.  With these funds, Sinclair will be purchasing new blade servers that students will be hardening in teams.  Then it will be attacked by other teams in that same class. The funds will also cover Open-Air PC's where students will be creating a SCIF style environment in the classroom.  Mobile devices and tablets will also be purchased for the Cyber Forensics class so the students can learn hands on mobile forensics.  The Computer Infomation Systems Department at Sinclair College believes that if students get their hands on hardware for hacking and defending it will ignite a learning passion for Cyber Security.

Kyle Jones

This talk will describe an innovative approach to cybersecurity education that the Johns Hopkins University Information Security Institute (JHUISI) is developing under a grant from the CAE Cybersecurity Grant Program.  The goal of the project is to introduce the latest cybersecurity topics and materials to a broad audience of community college students.  This effort is centered on the development of a series of educational video modules and accompanying learning materials that target community-college-level students with an in-depth exposure to the forefront subjects of cybersecurity research.   These materials can be delivered in flexible modes, as a complete in-classroom course with reading materials, lectures, and exercises and assignments, as modular components in classes studying cybersecurity, or simply as online resources to improve the awareness and digital hygiene of the interested general public. 

To develop the course, JHUISI is leveraging its past experience with Hagerstown Community College (HCC) where for the past two academic years of 2015-2017, JHUISI has worked closely with HCC to provide an advanced course called Cybersecurity Select Topics, consisting of over 10 special topic lectures on various advanced research topics from JHUISI faculty, staff, and graduate students.

In this talk, I will describe how we are taking our HCC experience to the next step to develop a complete cybersecurity course kit that will be made available to any community college or other audience that requests it.

Anton Dahbura

PUPR hosts a competitive graduate IA security program under the Master of Science in Computer Science (MS CS) with a specialization in Information Technology Management and Information Assurance (ITMIA), a track in Cybersecurity under the BS CS and BS CpE programs, and two (2) graduate security certificates: 1). Graduate Certificate in Information Assurance and Security (GCIAS); 2). Graduate Certificate in Digital Forensics (GCDF). All these programs serve a large, mainly Hispanic, under-represented student population. The MS CS ITMIA covers most of the aspects of Computer Science, IT Management, and focuses on Information Assurance to protect data and information at large. Computer Engineering focuses on software and hardware security, software development, and internet engineering, with an emphasis on cybersecurity. The GCIAS covers both technical and managerial aspects of IA and Security while the GCDF covers the technical aspects of Digital Forensics including knowledge and skills to protect, detect, recover and mitigate data loss and theft. PUPR has offered more than 25 core courses in cybersecurity at both the undergraduate/graduate level such as: Software Assurance, Terrorism & Cybercrime, Mobile Applications Development Security, Reverse Engineering and Software Protection, E-Discovery and Digital Evidence, Ethical Hacking, Cryptography Application, Network Security, E-Discovery, Digital Forensics I and II, Computer Security, Penetration Testing, Social Engineering, Principles of Information Security, Contingency Planning, IT Auditing and Secure Operations, E-Commerce Security, Database Security and Auditing, Management of Information Systems, Social Media, Law Investigation and Ethics, Nuclear Forensics, among others.

Alfredo Cruz

Cyber threat hunting has emerged as a critical part of cybersecurity practice. However, there is a severe shortage of cybersecurity professionals with advanced analysis skills for cyber threat hunting. This presentation presents an effort to develop freely-available, hands-on teaching materials for cyber threat hunting suitable for use in two-year community college curriculum, 4-year universities curriculum, as well as for collegiate threat hunting competitions.  Our efforts will be focused on the following two areas.  (1) develop hands-on learning experiences that cover two important areas in threat hunting: threat analysis and security data analytics, and (2) build institutional capacity by integrating at least seven hands-on labs on threat hunting into existing curricula at two participating institutions: UNC Charlotte and Forsyth Tech.

Our hands-on labs focus on exercising a set of essential technical skills (called the threat hunting skill set) in an enterprise environment and they are modeled after real-world scenarios. Our lab environment contains real threats (e.g., malware) against real software (e.g., Operating Systems and applications), and real security datasets. These labs are designed to help a student learn how to detect active and dormant malware, analyze its activities, and assess its impact. These labs also teach a student how to search and probe for anomalies in a variety of datasets using multiple analytical skills, such as statistical analysis, machine learning, and data visualization. Our labs are designed at different difficulty levels suitable for use by two-year community college students, 4-year university students, as well as for collegiate threat hunting competitions.

Bei-Tseng "Bill" Chu & Deanne Wesley

This proposal describes an ongoing, interdisciplinary project (funded by NSA) to address persistent cybersecurity challenges identi ed in several national initiatives such as NICE and CNAP. The project proposes a set of activities and services designed with an interdisciplinary perspective to provide e ective solutions to such challenges. The proposed project is innovative for several reasons: 1) The project begins with a research component that will guide key steps of the project and add to the body of knowledge in cybersecurity education. 2) It includes collaboration between IUP’s Institute for Cybersecurity and the university’s Writing Center in order to deliver instruction to students from rural areas and help improve their soft skills. This collaboration puts to work the established expertise of a group of faculty from four di erent disciplines, see below. 3) It proposes the use of multiple approaches to solve persistent challenges in cybersecurity education including: peer-tutoring, weekend workshops, interactive learning experiences, exible delivery format, exible structural design, a summer camp, and the formation of a local cybersecurity consortium. 4) It is easily replicable for other institutions and rural areas. 5) It employs a set of assessment approaches throughout various project execution phases.

Waleed Farag