ABSTRACT
Because of the increase in cyberattacks in the Internet era, cybersecurity is a crucial area that still requires many more human resources. Security handson training plays an important role in educating a skilled workforce. However, delivering hands-on training with a large number of participants during the COVID-19 pandemic was a big challenge. In this paper, we discuss differences between onsite and online penetration testing hands-on training, during the COVID-19 pandemic in 2020 and 2021. We share our teaching experiences and lessons learned and provide recommendations for preparing and delivering online hands-on training efficiently. © 2022 IEEE.
ABSTRACT
As societies rely increasingly on computers for critical functions, the importance of cybersecurity becomes ever more paramount. Even in recent months there have been attacks that halted oil production, disrupted online learning at the height of COVID, and put medical records at risk at prominent hospitals. This constant threat of privacy leaks and infrastructure disruption has led to an increase in the adoption of artificial intelligence (AI) techniques, mainly machine learning (ML), in state-of-the-art cybersecurity approaches. Oftentimes, these techniques are borrowed from other disciplines without context and devoid of the depth of understanding as to why such techniques are best suited to solve the problem at hand. This is largely due to the fact that in many ways cybersecurity curricula have failed to keep up with advances in cybersecurity research and integrating AI and ML into cybersecurity curricula is extremely difficult. To address this gap, we propose a new methodology to integrate AI and ML techniques into cybersecurity education curricula. Our methodology consists of four components: i) Analysis of Literature which aims to understand the prevalence of AI and ML in cybersecurity research, ii) Analysis of Cybersecurity Curriculum that intends to determine the materials already present in the curriculum and the possible intersection points in the curricula for the new AI material, iii) Design of Adaptable Modules that aims to design highly adaptable modules that can be directly used by cybersecurity educators where new AI material can naturally supplement/substitute for concepts or material already present in the cybersecurity curriculum, and iv) Curriculum Level Evaluation that aims to evaluate the effectiveness of the proposed methodology from both student and instructor perspectives. In this paper, we focus on the first component of our methodology - Analysis of Literature and systematically analyze over 5000 papers that were published in the top cybersecurity conferences during the last five years. Our results clearly indicate that more than 78% of the cybersecurity papers mention AI terminology. To determine the prevalence of the use of AI, we randomly selected 300 papers and performed a thorough analysis. Our results show that more than 19% of the papers implement ML techniques. These findings suggest that AI and ML techniques should be considered for future integration into cybersecurity curriculum to better align with advancements in the field. © American Society for Engineering Education, 2022
ABSTRACT
Cyber-attacks are on the rise, and the advent of COVID-19 has changed work styles, leading to an increase in cyber-attacks targeting remote workers. This situation is the same in the world and in Japan, and the development of cyber security personnel and their training to face the attackers who can respond to the social situation is desired all over the world. The National Institute of Technology (KOSEN) is known not only in Japan but also in the world as the only institution of higher learning in the world where students can freely study engineering for five years from the age of 15. The technical framework of cybersecurity and the KOSEN education, which is based on the acquisition of practical skills, go hand in hand, and KOSEN is an important higher education institution that plays a part in the cybersecurity human resource development strategy in Japan. In 2015, KOSEN launched the KOSEN Security Educational Community (K-SEC) to initiate cybersecurity education for KOSEN students. This project has two objectives: one is to develop excellent cyber security personnel for qualitative improvement. The second is to develop a large number of KOSEN students who have systematically acquired security knowledge for the purpose of quantitative expansion. In 2019, a new project, Highly Advanced Cybersecurity for KOSEN (HACK), was launched within K-SEC to accelerate the achievement of the two objectives of K-SEC. HACK is a project based on a simple idea: to strengthen KOSEN faculty in order to develop strong students with practical cybersecurity skills. Participating faculty members will develop cyber range materials. The development of the cyber range will contribute to the understanding of both attacker and defender scenarios and the acquisition of advanced security knowledge and skills. In the previous paper, we reported on the results of the first year of HACK (2019). The faculty development plan, which mainly focused on cyber range development, contributed to the motivation and skill development of the faculty. The cyber range as a deliverable was also obtained. This paper reports on the outcomes of the second year (2020) of HACK activities. Within the faculty development plan, which mainly focused on cyber range development as in the first year, we used the deliverables of the first year to give lectures to KOSEN students to measure the educational effects. During the cyber range development, there were some knowledge and skills that the faculty intended to have the KOSEN students improve their skills. Therefore, the focus of the study was to see if the faculty members' intended skills would be improved when they gave lectures to the KOSEN students using the teaching materials. As it turned out, we were able to achieve this goal, and we were able to improve the skills of the KOSEN students as intended by the faculty. Furthermore, it was not only possible to control the skills to be improved by the content of the teaching materials, but also by the way the lectures were delivered. In addition, by selecting the theme of the cyber range development, we were able to achieve the intended skill improvement for the faculty. Through the implementation of HACK until the second year, we were able to identify many factors for skill improvement. In the third and fourth years of the program, we will continue to look for factors that can be used to further improve specific skills, and at the same time, we will explore the relationship with motivation, which is expected to contribute greatly to educational effectiveness. © 2022 IEEE.
ABSTRACT
This paper shares our three years of experience in conducting collaborative-based cybersecurity teaching involving industrial-expertise sharing and an authentic-learning environment. Penetration testing (pen-testing) is widely adopted in the cybersecurity industry. It requires a wide range of skillsets, including non-technical aspects, which are not easy to be acquired in a standard lecture-style setting. While the fundamentals of the skillsets could be taught separately in different modules, an integrated pen-testing module using real-world target applications will provide students with a bird’s-eye view of security assessment in an authentic learning setting. There exist, however, challenges in providing a sustainable structured pen-testing module. These include the evolving industrial best practices and availability of authentic target environments. In this paper, we share our experience as well as best practices in designing and teaching a pen-testing module in our Bachelor of Computing degree program. The module unconventionally adopts a fruitful win-win collaborative paradigm. The students, guided along by professional pen-testers from the industry and academic instructors, pen-test our University’s operational applications selected by the University IT Department. With the completed six semesters to date, our students have tested various applications, including our University’s learning management system, student registration system, and student-hall dining system, which all manage sensitive data. We have received very positive feedback from the parties involved. This paper describes our module’s rationale, involved parties and roles, class arrangements and activities, as well as grading considerations. The paper also discusses encountered issues and our adopted solutions related to University application selection, student contribution assessment, and activity arrangements during the COVID-19 outbreak. Some notes are additionally given for others who are keen to offer similar modules using the same teaching pedagogy. Our experience thus demonstrates that, while provisioning industrial collaboration and authentic learning in education needs to address several technical and administrative issues, a collaborative based teaching paradigm can work well in a sustainable manner. © 2022 Copyright held by the owner/author(s).
ABSTRACT
Computer science, cybersecurity education, and microcredentials are becoming more pervasive in all levels of the educational system. The purpose of this study was partnering with precollegiate teachers: (1) to investigate the self-efficacy of 30 precollegiate teacher participants towards computer science before, during, and after three iterations of a cybersecurity microcredential, and (2) to make changes to the cybersecurity microcredential to improve its effectiveness. The authors explored what teachers need in a microcredential. The first Cohort (n = 5) took the microcredential sequence over 28 days in the summer of 2020, the second Cohort (n = 16) took it over 42 days in the fall of 2020, and the third Cohort (n = 9) took it over 49 days in the summer of 2021. The authors investigated three research questions and used a systems thinking approach while developing, evaluating, and implementing the research study. The researchers used quantitative methods in the collection of a self-efficacy subscale survey to assess whether the precollegiate teachers’ beliefs about computer science changed, and then used qualitative methods when conducting semi-structured teacher participant interviews to address the research questions. The findings show that the precollegiate teachers’ self-efficacy scores towards computer science increased, and that there are areas in need of attention, such as resources and implementation, when creating microcredentials. The implications of this research include the importance of purposefully crafting microcredentials and professional developments, including aspects of creating effective partnerships.