Each year the CAE in Cybersecurity Community gathers to discuss updates in the community. This year the CAE in Cybersecurity Community met in Dayton, Ohio at the Dayton Crowne Plaza a day after the NICE Conference. On this archive page, you will find the member presentations, fastpitch, and general session presentations. ***Note: The presentation from the program office is located in the forums behind the user login. Below, you will find a complete list of presentations from this event.
If you have any problems accessing content or questions, please contact email@example.com.
The information booklet for the 2017 CAE in Cybersecurity Community.
This content is behind our user login. Please go to https://www.caecommunity.org/forum/general/cae-cd-program-updates-cae-cy... to view this PDF.
National Science Foundation programs of interest to the CAE in Cybersecurity Community.
Capitol will integrate a security operations experience into its Bachelor of Science in Cyber and Information Security and related degree Programs (Computer Science and Management of Cyber Information Technology). These unique operational experiences will better prepare our graduates to protect and defend networks by integrating required tools and technologies into a concept of operation (CONOPS). Students will be trained and mentored by vendors, faculty and alumni knowledgeable of SOC operating tools and techniques. Students will receive industry recognized certifications (forensics, malware analysis, scripting) where appropriate and focused experience with those tools.
It is well-known that there is a tremendous need for cybersecurity talent in the industry and government agencies. According to a recent (ISC)2 report, there will be 1.8 million unfilled cybersecurity positions by 2022. In this talk, we present our approach at RIT to help alleviate the cybersecurity workforce shortfall. It includes our partnerships with industry to provide real-world scenarios for students to practice and our MicroMasters in Cybersecurity offering on edX to reach worldwide learners. The preliminary results in increasing diversity and career changing students are encouraging.
Capture-the-flag (CTF) competitions provide dynamic, real-time environments intended to engage and challenge the participants. However, they are often not designed to be educational. Rather, they simply provide a series of progressively more difficult challenges in which the participant must find the flag (answer). As these challenges are typically devoid of any direction, this can lead to participants being unable to progress any further in the CTF and therefore unable to achieve educational goals. This presentation will discuss the process of hosting a CTF, their limitations, and common workarounds. We will then discuss our successes and failures in utilizing existing CTF frameworks in the classroom. Finally, we will introduce a custom designed CTF framework that aspires to solve many of the difficulties inherent in the current CTF space. This framework introduces a novel hint system that allows for customizable help to be built for each challenge within a CTF event. The goal is to allow all to participate and progress through the challenges by providing varying levels of help throughout the competition. This approach maximizes learning and student engagement, opening the utility of such frameworks to the classroom. The framework will be made publicly available upon conclusion of the presentation.
This Fast Pitch will highlight a library of adaptive, personalized, performance-based instructional modules designed by National CyberWatch to facilitate developing mastery of Information Security Fundamentals. These materials were created under a Core Curriculum Cybersecurity grant from the National Security Agency. The library will be presented and discussion will include an overview of the process of becoming a pilot implementation site for the Spring 2018 semester.
This presentation summarizes the presentations and discussions at the Northeast Region CRRC workshop on virtual platforms and exercises design for cybersecurity competitions.
This special interest group discussion focuses on the challenge of educating cyber security experts (multiple specialty domains), engineers (of all fields), and supporting personnel (managers, testers, analysts, etc.) to understand the cybersecurity and resiliency implications associated with the development and operation of complex cyber-physical systems. In contrast to conventional cybersecurity thinking (i.e., Confidentiality-Integrity-Availability), Cyber-physical systems are often operated in real-time with an emphasis on availability and safety over confidentiality. Moreover, the United States Department of Defense (DoD) is increasingly concerned with the successful operation and resiliency of defense focused cyber-physical systems such as aircraft, ships, missiles, command and control systems, navigation subsystems, and other combat-focused DoD Major Weapon Systems (MWS) of interest in highly contested cyberspace environments.
This special interest group is particularly interested in further understanding and studying principles of resiliency as they apply to complex cyber-physical systems such as DoD MWS. Discussion of supporting requirements and their corresponding metrics is also desirable. Emphasis is given to recently released NIST SP 800-160, Systems Security Engineering, available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf and recent work by the MITRE Corporation on Cyber Resiliency (available at https://www.mitre.org/publications/technical-papers/cyber-resiliency-eng... and https://www.mitre.org/publications/technical-papers/cyber-resiliency-des...).
Current cyber-threats are imminent for all organizations as it is evident from the reporting of weekly data breaches. However, the shortage of cybersecurity workforce has been well documented and remains a major concern for future sustainability and resilience of our cyber infrastructure. Since 2012, Dr. Levy has been working to establish relationships with federal agencies (FBI, DHS, NIST, NSA, & USSS) to have their Special Agents and key personnel come to an annual event where over 200 high-school students bused to the university campus for a day full of passion and excitement about cybersecurity education and career path. This presentation will start with an overview of a self-funded “Cybersecurity Day” event that has been successfully running yearly each October, the cybersecurity awareness month, and will also highlight the presentations provided by agency personnel along with feedback notes from the high-school students and teachers who attended the event.
The Cyber Security Faculty at Sinclair prides themselves on hands-on learning. This is no exception for our security classes. The faculty at Sinclair have taken notes from such conferences as Defcon to get their students involved in the classroom. Currently, the department uses everything thing from hardening blade servers as a part of our Securing a Windows Network Environment class to lockpicking and WiFi Pineapples in our Network Security course. Recently Sinclair was awarded funds from the NSA to help improve their hands-on experience. With these funds, Sinclair will be purchasing new blade servers that students will be hardening in teams. Then it will be attacked by other teams in that same class. The funds will also cover Open-Air PC's where students will be creating a SCIF style environment in the classroom. Mobile devices and tablets will also be purchased for the Cyber Forensics class so the students can learn hands on mobile forensics. The Computer Infomation Systems Department at Sinclair College believes that if students get their hands on hardware for hacking and defending it will ignite a learning passion for Cyber Security.
This talk will describe an innovative approach to cybersecurity education that the Johns Hopkins University Information Security Institute (JHUISI) is developing under a grant from the CAE Cybersecurity Grant Program. The goal of the project is to introduce the latest cybersecurity topics and materials to a broad audience of community college students. This effort is centered on the development of a series of educational video modules and accompanying learning materials that target community-college-level students with an in-depth exposure to the forefront subjects of cybersecurity research. These materials can be delivered in flexible modes, as a complete in-classroom course with reading materials, lectures, and exercises and assignments, as modular components in classes studying cybersecurity, or simply as online resources to improve the awareness and digital hygiene of the interested general public.
To develop the course, JHUISI is leveraging its past experience with Hagerstown Community College (HCC) where for the past two academic years of 2015-2017, JHUISI has worked closely with HCC to provide an advanced course called Cybersecurity Select Topics, consisting of over 10 special topic lectures on various advanced research topics from JHUISI faculty, staff, and graduate students.
In this talk, I will describe how we are taking our HCC experience to the next step to develop a complete cybersecurity course kit that will be made available to any community college or other audience that requests it.
PUPR hosts a competitive graduate IA security program under the Master of Science in Computer Science (MS CS) with a specialization in Information Technology Management and Information Assurance (ITMIA), a track in Cybersecurity under the BS CS and BS CpE programs, and two (2) graduate security certificates: 1). Graduate Certificate in Information Assurance and Security (GCIAS); 2). Graduate Certificate in Digital Forensics (GCDF). All these programs serve a large, mainly Hispanic, under-represented student population. The MS CS ITMIA covers most of the aspects of Computer Science, IT Management, and focuses on Information Assurance to protect data and information at large. Computer Engineering focuses on software and hardware security, software development, and internet engineering, with an emphasis on cybersecurity. The GCIAS covers both technical and managerial aspects of IA and Security while the GCDF covers the technical aspects of Digital Forensics including knowledge and skills to protect, detect, recover and mitigate data loss and theft. PUPR has offered more than 25 core courses in cybersecurity at both the undergraduate/graduate level such as: Software Assurance, Terrorism & Cybercrime, Mobile Applications Development Security, Reverse Engineering and Software Protection, E-Discovery and Digital Evidence, Ethical Hacking, Cryptography Application, Network Security, E-Discovery, Digital Forensics I and II, Computer Security, Penetration Testing, Social Engineering, Principles of Information Security, Contingency Planning, IT Auditing and Secure Operations, E-Commerce Security, Database Security and Auditing, Management of Information Systems, Social Media, Law Investigation and Ethics, Nuclear Forensics, among others.
Cyber threat hunting has emerged as a critical part of cybersecurity practice. However, there is a severe shortage of cybersecurity professionals with advanced analysis skills for cyber threat hunting. This presentation presents an effort to develop freely-available, hands-on teaching materials for cyber threat hunting suitable for use in two-year community college curriculum, 4-year universities curriculum, as well as for collegiate threat hunting competitions. Our efforts will be focused on the following two areas. (1) develop hands-on learning experiences that cover two important areas in threat hunting: threat analysis and security data analytics, and (2) build institutional capacity by integrating at least seven hands-on labs on threat hunting into existing curricula at two participating institutions: UNC Charlotte and Forsyth Tech.
Our hands-on labs focus on exercising a set of essential technical skills (called the threat hunting skill set) in an enterprise environment and they are modeled after real-world scenarios. Our lab environment contains real threats (e.g., malware) against real software (e.g., Operating Systems and applications), and real security datasets. These labs are designed to help a student learn how to detect active and dormant malware, analyze its activities, and assess its impact. These labs also teach a student how to search and probe for anomalies in a variety of datasets using multiple analytical skills, such as statistical analysis, machine learning, and data visualization. Our labs are designed at different difficulty levels suitable for use by two-year community college students, 4-year university students, as well as for collegiate threat hunting competitions.
This proposal describes an ongoing, interdisciplinary project (funded by NSA) to address persistent cybersecurity challenges identi ed in several national initiatives such as NICE and CNAP. The project proposes a set of activities and services designed with an interdisciplinary perspective to provide e ective solutions to such challenges. The proposed project is innovative for several reasons: 1) The project begins with a research component that will guide key steps of the project and add to the body of knowledge in cybersecurity education. 2) It includes collaboration between IUP’s Institute for Cybersecurity and the university’s Writing Center in order to deliver instruction to students from rural areas and help improve their soft skills. This collaboration puts to work the established expertise of a group of faculty from four di erent disciplines, see below. 3) It proposes the use of multiple approaches to solve persistent challenges in cybersecurity education including: peer-tutoring, weekend workshops, interactive learning experiences, exible delivery format, exible structural design, a summer camp, and the formation of a local cybersecurity consortium. 4) It is easily replicable for other institutions and rural areas. 5) It employs a set of assessment approaches throughout various project execution phases.