Symposium Presentation Archive

Symposium Presentation Archive

The CAE in Cybersecurity Symposium Presentation Archive contains materials submitted to the CAE in Cybersecurity Community for the annual Symposium. Symposium materials include fastpitch, presentations, and general session information. In 2019, the CAE in Cybersecurity Symposium included 2 tracks, CAE-CD and CAE-R. This change is reflected in the archive with content listed under its respective track. Certain materials may not be added to the archive. If you need to request the material from the community, a note is provided instead of the presentation with instructions on how to obtain a copy.

Symposium Presentation Archive

Ransomware is becoming more and more of a prominent attack in our present day. In essence, it is a type of malware that prevents one from accessing a device or information stored in that device. 75% of these attacks begin with either a phishing email or Remote Desktop Protocol (RDP), with 60% of ransomware cases ending up having malware directly installed on one’s desktop or sharing apps. With that in mind, it is important that organizations know about it and know what they can do to mitigate it. Although some organizations won’t be affected as much (take the San Francisco 49ers attack from last year for example), many can be affected majorly. Successful attacks can heavily damage an organization and could set them back years or make them go out of business. With some better knowledge, policies, tools, and equipment in place, organizations can be better prepared if a ransomware attack were to happen on their network. Having strategies for prevention, preparation, response, and recovery can also help aid in defense. Organizations need to start preparing for a ransomware attack as they quickly grow more and more popular. It doesn’t matter if an organization is big or small and it doesn’t matter if the chance for an attack is low. A successful attack can prove to be detrimental to an organization. It could not only hurt financially, but also tank an organization’s reputation with the public.

A brief description of vulnerability management, scanning, and solutions brought forward by Greenbone and their multiple solutions in the vulnerability sphere. They are the developers behind OpenVAS, as well as their Enterprise and Cloud offerings which specialize in Vulnerability Management. Greenbone's specialization enables them to offer services to both small and large businesses, with multiple offerings from the Greenbone Enterprise 35 to the 6500, all of which utilize their proprietary Greenbone Operating System (GOS).

Cain Bynum

In recent years, malicious binary programs have increased significantly. One way to analyze such programs is to decompile them into source code so that more scalable analyses can be performed using tools that require source code. However, most of the decompilers produce code with undefined types and other errors that prevent the programs to be recompiled correctly. We have developed a closed-loop GNN-based system to generate recompilable source code. Given a binary program, we use Ghidra to generate the initial source code and then we use a trained GNN to identify potential corrections to the errors. A novel component of the system is that we use the emulation of Ghidra to be able to automatically identify and fix compilation errors. We utilize Ghidra’s API to decompile methods that are present in a binary program to C code. Each decompiled method is then passed into Joern, to generate a Code-Property graph representation for each method. This type of graph is a union of the Abstract Syntax Tree, Control Flow Graph, and Program Dependence Graphof each method. We then remove features of this graph that are either redundant or not necessary for the overall goal of the framework. To apply Deep Learning on the decompiled program, we tokenize the entire program and then encode the generated tokens to produce their vector representations. For this purpose, we use Transformer based models, since they are expected to obtain higher-quality embeddings with contextual information. We do this using CodeBERT, which is based on the RoBERTa architecture, and is trained on both natural language and programming language bimodal samples. To leverage the graph representation of the decompiled program, we then use a Graph Convolutional Network, where a GCN layer takes the output embeddings from CodeBERT along with the edges between each node as its input.

Timothy Barao

The generation of random binary numbers for cryptographic use is often addressed using pseudorandom number-generating functions in compilers and specialized cryptographic packages. Using IBM’s Qiskit reset functionality, we were able to implement a straight-forward in-line Python function that returns a list of quantum-generated random numbers, by creating and executing the circuit on IBM quantum systems. We successfully created a list of 1000 1024-bit binary random numbers as well as a list of 40,000 25-bit binary random numbers for randomness testing, using the NIST Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. The quantum-generated random data we tested showed very strong randomness, according to the NIST suite. Previously, IBM’s quantum implementation required a single qubit for each bit of data generated in a circuit, making the generation of large random numbers impractical. IBM’s addition of the reset instruction eliminates this restriction and allows for the creation of functions that can generate a larger quantity of data-bit output, using only a small number of qubits.

Julie Germain

The vagueness and complexity of the traditional legal contracts have motivated the study and exploration of a better and advanced contract known as Blockchain-based Smart Contracts. A Smart Contract is a self-executable contract where the terms of the agreement between the involved parties are directly written into the lines of code that resides in the distributed ledger technology known as the Blockchain. In this poster, we present a brief overview of the key features of the paradigm shift from traditional paper contracts to smart contracts. We discuss on key enabling technologies that aid in converting the traditional natural language legal contract which is full of vague words, phrases, and sentences to Blockchain-based Smart Contract, including the evaluation of metrics during our conversion experiment.

Kritagya Upadhyay

Artificial Intelligence algorithms predict the future based on the trained models and datasets. However, a reliable prediction requires a tamper-resistant model with immutable data. Blockchain technology provides trusted output with consensus-based transactions and an immutable distributed ledger. Therefore, blockchain can help AI to produce immutable models for trustworthy prediction. But most smart contracts that define the language of blockchain applications do not support floating-point data type, limiting computations for classification, which affects the prediction accuracy. In this work, we propose a novel method to produce floating-point equivalent probability estimation to classify labels on-chain with a Naive Bayes algorithm. We derive a mathematical model with Taylor series expansion to compute the ratio of the posterior probability of classes to classify labels using integers. Our derived method is platform-agnostic to support various blockchain networks. Furthermore, our solution is reproducible for deep-learning algorithms. In the future, we plan to expand our work to support more AI algorithms. We will scale our solution for real-time and inexpensive object classification. Additionally, we plan to develop privacy-preserving AI models using blockchain smart contracts.

Syed Badruddoja

Playable Case Studies (PCSs) are interactive simulations that allow students to “play” through an authentic "case study" (i.e., scenario) as a member of a professional team. They include (a) an immersive, simulated online environment, and (b) accompanying in-class activities and discussions facilitated by a teacher to provide educational scaffolding and metacognition. PCSs are designed to be authentic and feel "real" by incorporating the "This is Not a Game" (TINAG) ethos from Alternate Reality Games. This poster will graphically highlight the core elements that make up a PCS. It will also include screenshots and explanations of the Bronze Falls PCS, where students work in teams of four to protect the city (Bronze Falls) by performing a cybersecurity risk analysis, responding to a live cyberattack, and completing an after-action attribution report. Contact information on how to use cybersecurity PCSs in classes will be included to facilitate collaborations and dissemination.

Object detection algorithms like You Only Look Once (YOLOv4) can face challenges when multiple objects overlap within the same grid cell. In this scenario, accurately detecting and classifying each object becomes difficult. Data augmentation techniques can address this issue and improve the accuracy of YOLOv4. More diverse training data can be created by artificially generating images with non-overlapping objects through random shifting, rotating, resizing, color jittering, and flipping. This improves the robustness of the model and helps it better handle real-world images with diverse object configurations. Data augmentation and post-processing can help address overlapping objects in YOLOv4, improving accuracy and performance in object detection tasks. The network was trained to recognize 80 object classes and achieved a 99% prediction rate and 54% confidence rate.

Idongesit Ruffin

With the increased use of machine learning models, there is a need to understand how machine learning models can be maliciously targeted. Understanding how these attacks are ‘enacted’ helps in being able to ‘harden’ models so that it is harder for attackers to evade detection. We want to better understand object detection, the underlying algorithms, different perturbation approaches that can be utilized to fool these models. To this end, we document our findings as a review of existing literature and open-source repositories related to Computer Vision and Object Detection. We also look at how Adversarial Patches impact object detection algorithms. Our objective was to replicate existing processes in order to reproduce results to further our research on adversarial patches.

Chutima Boonthum-Denecke

Memory leaks may cause a system to slow down or crash. If an attacker can intentionally trigger a memory leak, the attacker may be able to launch a denial-of-service attack or take advantage of other unexpected program behavior. JavaScript memory leaks are tricky and often time-consuming to identify and fix, as JavaScript is dynamically typed and leaks are fundamentally different from leaks in traditional C, C++, and Java programs. It is a daunting task even for experienced expert developers to effectively identify and fix memory leaks. Our team worked with Adobe to build NLeak, a memory detection tool to automate companies’ attempts to locate, diagnose, and rank JavaScript memory leaks in Node.js applications.

Cynthia Kuo

The reality of cyberterrorism has prompted the United States federal government to enact legislation and form initiatives to address the cybersecurity crisis. The threat of cyberattacks has been exacerbated by the shortage of skilled IT security professionals. Community colleges play a vital role in rapidly preparing the next generation of cyber experts. Community colleges are charged with transforming novice students into skilled cybersecurity professionals. This poster will examine the transformation process at Enterprise State Community College.

Rosalyn Warren

Debugging helps identify and address vulnerabilities in code. Programmers inefficiently debug their own code by using print statements and debuggers. The lost time can be significantly reduced if the programmers can see the impact of their code in real time. Our team worked with Staris Labs to deliver a proof of concept to show the impact with various techniques, such as fuzzing and static analysis. We were able to verify the presence of known vulnerabilities in code.

Cynthia Kuo

Large and small medical clinics have a unique responsibility of maintaining patient confidentiality since they collect a large amount of Personable Identifiable Information (PII) and Electronic Protected Health Information (ePHI) (Metzger, 2016). According to the Department of Homeland Security (DHS), PII is any information that can be used to reveal the identity of an individual, regardless of their citizenship status in the United States (U.S.)(DHS, 2021). Sensitive PII consists of personal information such as social security numbers, medical records, criminal records, and biometrics. Laws that govern the use of PII and ePHI include the Health Insurance Portability and Accountability Act (HIPPA) as well as The Privacy Act, ensuring that the right steps are taken to protect this information (Metzger, 2016). Network security plays a major role in digital data privacy and protection by examining the structure of the business through its day-to-day operations (CISA, 2022). Furthermore, the examination must understand how data is stored, protected, and transmitted to minimize exposure. Therefore, following an initial assessment of the network, this project will propose increased protection of patient and employee data through improved methods that will harden the network.

Dr. Yair Levy

Recently, machine learning (ML) has been used extensively for intrusion detection systems (IDS), which proved to be very effective in various environments such as the Cloud and IoT. However, due to their complexity, the decisions that are made by such ML-based IDS are very hard to analyze, understand and interpret. Even though ML-based IDS are very effective, they are becoming less transparent. In this paper, we provide an explanation and analysis for ML-based IDS using the SHapley additive exPlanations (SHAP) explainability technique. We applied SHAP to various ML models such as Decision Trees (DT), Random Forest (RF), Logistic Regression (LR), and Feed Forward Neural Networks (FFNN). Further, we conducted our analysis based on NetFlow data collected from the Cloud and IoT.

Kaushik Roy

As the world evolves, academic expansion has become an increasingly paramount factor for human development (King, 2011). As a result, studies have shown that educational institutions' population will increase by approximately 2-3% between the years 2016 - 2028 (National Center for Education Statistics, n.d.). With the increased effort in academic pursuit, there also arises a growing concern over the cybersecurity posture held by individuals, educational institutions and the education industry at large (Catota et al, 2019). Over the last few years, academia has experienced an upsurge in cyber-attacks, with ransomware attacks becoming more frequent. This new wave has been exacerbated through the migration of virtual learning during the Covid-19 pandemic (Koomson, 2021, para. 2). Due to more users accessing servers from external devices, this made ease of access during the pandemic more efficient than in yesteryears. However, this also introduced an increased development of new ransomware samples by 72% (Koomson, 2021, para. 4). Such an upsurge can not only cease operations within educational institutions, but also risk the unintended release of thousands of sensitive student, teacher, and faculty data (Koomson, 2021, para. 5). Therefore, with cyber threats becoming more prevalent in the educational system, the purpose of this proposed project will be to assess an early childhood development center, identify vulnerabilities and risks within the company, and make informed recommendations regarding the cybersecurity posture, ultimately aiding in the mitigation of present and potential cyber risks and threats.

Dr. Yair Levy

This poster will focus on the NCAE-C Cybersecurity Credit Transfer Agreement (CTA) Task, which is part of the NCAE-C Careers Preparation National Center. The task aims to address the challenge of meeting the growing demand for cybersecurity professionals by establishing a database of credit transfer agreements among NCAE-C designated CAE cybersecurity programs and K-12 schools. To achieve this goal, the CTA taskforce will compile a set of K12 cybersecurity credit transfer agreements between secondary education schools and NCAE-C designated higher education institutions and facilitate the development of new cybersecurity credit transfer agreements between CAE institutions and K-12 schools. The CTA taskforce, jointly led by Purdue University Northwest, Forsyth Tech Community College, and partnered with Dakota State University, has launched the CTA status data collection and development promotion initiative. The poster designed for the project will feature essential details, such as the major tasks of CTA, benefits for CAE programs, and the background information of CTA, along with the call for participation. Additionally, QR codes on the poster will provide direct links to the 10-minute CTA status survey and the new CTA development application form. The poster will also outline the necessary requirements for CTA submission—which include PDF cybersecurity course articulation agreements/URLs between 2-year and 4-year CAE schools, K12 cybersecurity course transfer agreements, and contact information. The poster session will aid us in fulfilling our call for action by promoting the task to the CAE community for CTA survey distribution and response, as well as new CTA development. This initiative is expected to make a significant contribution to the field of cybersecurity education and workforce development.

Michael Sbalchiero

Many Cybersecurity students get into the field without previous opportunity to work on different technologies and hands-on skills in building a secure network infrastructure. Students going into the Cybersecurity workforce need to know all the different network functions of a secure corporate network. This poster will provide attendees with different objectives of an end of the semester project with a rubric. The course provides students the needed networking experiences and the teamwork required to build, secure, monitor, and defend a corporate network.

Deep Ramanayake

The Internet of Things (IoT) has been involved in all parts of our life (e.g., healthcare, smart cars, smart home appliances, smart cities). It is expected that by 2025, the number is expected to be around 75 billion. However, security is one of the major problems in IoT and even the manufacturers have not considered security in their design for a very long time. Furthermore, IoT devices have limited computational power and they are mostly battery operated, so we cannot have heavy security controls running on them. Hence, many IoT devices are still vulnerable to cyberattacks. NIST SP 800-207, Zero Trust Architecture (ZTA), has been gaining high interest due to the "never trust, always verify" principle. However, ZTA implementation and compliance-check mechanisms are still immature, especially for IoT. As a solution, we need architectures to monitor IoT-based environments and check the IoT devices’ operation requirements and capabilities and apply the required security controls continuously according to their requirements and capabilities. Nevertheless, current techniques are mostly manual and tedious making them prone to errors. Therefore, we need to apply this solution in an autonomous manner to reduce the human intervention. Therefore, in this work, we will investigate creating an autonomous engine to check if a given cyberspace fulfills IoT devices' requirements, monitor the IoT operations, and investigate if these devices behave correctly based on their given capabilities list.

Cihan Tunc

PACE (Pathway to Advancement in Cybersecurity Education) is a guided Cybersecurity pathway that introduces dual enrollment College courses as early as 9th grade with multiple educational and employment exit points. PACE was funded for the last three years by a grant from the NSF-ATE. This poster summarizes PACE outcomes and best practices for establishing a strong pathway program.

Behzad Izadi

Information Security Awareness

Israel Emmanuel

Plaintext DNS reveals every website that a user visits regardless of other encryption (e.g. HTTPS) or anonymity (e.g. Virtual Private Networks) used. DoH (DNS over HTTPS) was introduced to encrypt the previously-plaintext DNS queries to improve web privacy. In this research, we show that even DoH queries still leak the website name. Our attack on DoH is similar to website fingerprinting attacks, where the URL visited by a user is predicted based on the size of network packets and the number of network packets transmitted. Even though padding is used in DoH, we show that the website name can still be guessed with a high accuracy using only the size of each network packet and the number of incoming/outgoing network packets.

Eric Chan-Tin

RING (Regions Investing in the Next Generation) is a free online high school cybersecurity course that offers interesting and engaging content specifically for rural students, homeschool students, and students attending schools without an existing cybersecurity program. RING is structured for high school students, grades 9-12. The curriculum has been developed through the National Security Agency’s RING program grant to The University of Alabama in Huntsville (UAH). University of Hawaii Maui College is part of a coalition of colleges across the US, supported by funds from the NSA, to teach RING to high school teachers and students. The objective of this presentation is to: 1. Provide a Course Overview of RING 2. Outline the Key Concepts of RING 3. Demonstrate a Sample Lesson - Establishing Trust, Caesar Cipher and Steganography The audience will learn about the core modules in RING, how it applies to students who are new to cybersecurity, and how RING can be an inclusive and friendly space for newcomers to learn about cybersecurity. The presentation will provide live examples from the RING curriculum using the Canvas learning module system. The audience will also benefit from a pathway that extends the learning from RING to more advanced topics in networking and computer security. The presentation will provide a sample lesson plan for teachers, that has been created by high school teachers in Hawaii, to demonstrate how RING can be taught to high school students. 

Debasis Bhattacharya

To aid organizations in finding relevant skills, organizations must first identify what skills they are really looking for. These needs must be conveyed in a format that job seekers can easily identify. A model exists to allow organizations to better identify what and why skills are needed from potential employees. Job seekers need to better categorize their skills based upon recognized components of cybersecurity not the general blanket term "cybersecurity". The Maconachy, Schou, and Ragsdale Information Assurance (IA) Model, though one of the oldest models, provides framework guidance for both job seekers and organizations. A modern breakout and explanation of the model allows both employer and job seeker to convey their skills and job requirements to facilitate filling of existing and future cybersecurity or component level security positions.

Dr. Ervin Frenzel

The CAE-CD Regional Outreach Competition Committee was established by the CAE- Community of Practice (CoP) – Cyber Defense (CD): 1) to encourage and promote cybersecurity awareness and online safety practices by taking advantage of the cybersecurity outreach CAEs do throughout the year; 2) to maximize the impacts of the CAEs on the community; and 3) to strengthen the collaborative relationships between CAE Regional Hubs and their member institutions. The initiative was originally motivated by the October cybersecurity awareness month and was extended to cover the efforts of the entire calendar for each cycle. The Committee has established a set of criteria and rules. Impact measures include number of groups and organizations that are being impacted, total number of attendees, durations and frequencies of the events, and effectiveness of outreach materials. Diversity measures include  the inclusion of minority and underrepresented groups and the spectrum of age groups in the cybersecurity profession. Effort measures include evidence of CAEs who promote and engage in outreach events and the total number of outreach events provided by the CAEs. The Competition started in 2021 with the first cycle results presented in the 2022 CAE Symposium and the second cycle presented this year.

Wei Li, Xiuwen Liu

The HBCU Artificial Intelligence and Cybersecurity (AI-CyS) Research Partnership consists of the following universities: Hampton, Florida A&M, Winston Salem State, University of District of Columbia, Mississippi Valley State, Norfolk State, and Howard universities working together to increase each of our individual institute’s research capacity and enhance our research collaboration. This Collaborative Research Project leverages the collaboration between HBCUs and national research laboratories (Lawrence Livermore and Brookhaven) to increase research capacity from corresponding Minority Serving Institutions by “capitalizing on the synergies from current HBCU collaborations” to investigate the use of Artificial Intelligence, specifically Machine Learning, to address cybersecurity challenges. Collaborations with national research laboratories support professional development through knowledge acquisition for enhancing the research capacity of the HBCU faculty. The project’s activities include (A) increasing institutional research capacity at HBCUs in AI and cybersecurity and fostering the collaboration among HBCU faculty as well as with the national research laboratory; (B) increasing the number of students, especially undergraduate students from underrepresented groups in conducting research; and (C) providing students with mentoring from their own HBCU, partnered HBCU, and mentors from the national research laboratory. We are engaging in the following research projects: (1) Reinforcement Learning Autonomous Cyber Security Agents, (2) Exploration of Ways to Disambiguate Traceroute Data for Improved Understanding of Computer Networks, (3) the Universal Adversarial Patch Attack, and (4) (Surveillance) Videos Authenticate in Near Real-time. With the low engagement of researchers from under-represented groups, this project aims to use this partnership of universities that predominantly serve African Americans, not only to increase research in AI and cybersecurity, but also to attract other computing students, and even other STEM disciplines. It is expected that each HBCU will be able to build on its initial research and obtain additional research funding support to continue and add-on to its research capacity.

Chutima Boonthum-Denecke, Idongesit Mkpong-Ruffin

The cybersecurity workforce suffers from an ongoing talent shortage and there is a lack of information correlating cybersecurity education programs to alumni employment outcomes. This exploratory, cross-sectional study will evaluate the post-graduation employment outcomes of alumni that attended two-year colleges designated by the National Security Agency as Centers of Academic Excellence in Cyber Defense. Stakeholders of this project are identified as faculty, employers, students, government agencies, the National Security Agency, and organizations that rely on cybersecurity talent to keep their systems secure from cyberattacks. This study will use the mixed methods approach to compare alumni employment outcomes to their cybersecurity Programs of Study using the work roles of the NICE Framework. Initially, a call for participation will be sent to the Points of Contact at two-year colleges designated as Centers of Academic Excellence in Cyber Defense. The first phase of the study will include a request for Points of Contact to provide academic program information via online survey and to contact cybersecurity program alumni with a link to an online survey about employment outcomes. The second phase of the study will include two rounds. In round one, an online survey will be sent to collect alumni employment data about work experience, degree name and year of graduation, industry-recognized certification achieved, and any additional higher education achievements since graduation from the two-year college. In round two, alumni that did not respond in round one will be contacted for a structured interview to complete the online survey. The resulting knowledge can be used to better understand the employment outcomes of two-year college alumni from CAE-CD cybersecurity programs.

Tobi West, Coastline College

Career and Technical Education (CTE) CyberNet seeks to increase the number of CTE teachers who can effectively prepare students for cybersecurity education and careers. CTE CyberNet is driven by a local academy approach to help teachers deliver more rigorous CTE cybersecurity programs of study aligned to industry standards and industry-valued certifications. The academies give educators strategies and tools to impart the knowledge, skills, and abilities outlined in the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. CTE CyberNet academies are designed to also align with the knowledge units of National Centers of Academic Excellence in Cybersecurity (NCAEs). CTE CyberNet was developed as a blueprint that could be adapted to the unique needs of local education ecosystems.

Kim Muschalek, Dr. Stephen Miller, Dr. John Sands, John Roberts

The CAE Community of Practice (CoP) for Cyber Defense (CD) ( was established in 2020 with the mission: “To collaborate with both the CAE Community and the NCAE-C Program Management Office (PMO) to build a Cybersecurity Excellence Community of Practice in Cyber Defense (CoP-CD) in order to gather and share input from the broader community as well as to provide continuous program improvement". This session will discuss the progress and key achievements that the CoP-CD had during the past academic year, including several initiatives such as: the monthly "Getting to Know Your Fellow CAE-CDs" event, the monthly "Meet Your Cyber Competition" event, the annual "CAE-CD Community Outreach Competition", the "New CAE-CD Point of Contact (POC) Onboarding Process" workshop, the ongoing efforts by the "CAE-CD Industry Relations and Shared Resources" and the "NCAE-C Student Code of Ethics and Professional Conduct" initiatives, and the annual “CAE Community Symposium - CAE-CD Planning Committee” work.

Yair Levy, Anne Kohnke

More than 60 percent of university students freely admit to cheating in some form, according to Dr. Donald McCabe of the International Center for Academic Integrity. The NCAE-C Student Code of Ethics and Professional Conduct sub-committee has drafted a Code of Ethics and Professional Conduct for faculty consideration. A Code of Ethics establishes core values, ethical principles and ethical standards that student professionals use to guide their academic and professional conduct. We will also suggest some guidance to faculty on how to implement it in their courses. We invite you to join us in a discussion on the draft and share your insights on effective strategies for addressing unethical behavior in a profession that holds a position of high trust within organizations, where they are expected to uphold the highest standards of integrity. Your perspectives and suggestions are invaluable in helping us develop a comprehensive approach to combating this issue.

Kelli Burgin, Anna Carlin

Funded by the NSA through the NCAE-C program, the mission of the National Cybersecurity Curriculum Task Force is to catalog and create high-quality and relevant curricula on emerging cybersecurity topics, mapping to curricular and workforce guidelines, and make them freely available. The mission is being accomplished with the following goals: (1) Conduct a comprehensive search of available curricula in cybersecurity repositories, directories, and among the community. (2) Perform gap analysis to identify high-need areas to create a cyber-ready workforce. (3) Develop high-impact, high-value curricula for the community. In its second year, this project has iterated through the three goals in one cycle already, and a second cycle is in progress. This lightning talk will share the results of the project so far, point the audience to where they can find vetted cybersecurity curriculum materials, and offer opportunities to contribute to the project.

Cara Tang

Miami Dade College has made strides in increasing the number of underrepresented minorities in the field of cybersecurity. MDC provides stackable programs, certifications, professional development, and other initiatives to help students come to our programs, graduate, and get a career. 

Diego Tibaquira

This research presentation explores the value of cybersecurity competitions in cyber defense education and its impact on the cybersecurity industry and workforce development. Competitions are considered active and challenge based learning that can be used as effective pedagogies to improve student interest, motivation, and problem solving in education. For cyber defense education quality assurance, student participation in cyber competitions is one of the criteria required for the National Centers of Academic Excellence in Cyber Defense designation by the National Security Agency. This presentation is based on the Challenge Based Learning (CBL) framework and explores the pedagogical benefits of cybersecurity competitions through the case study of the National Cyber League (NCL) competition. The case study focuses on mapping the features and knowledge and skill domains of the NCL competition to relevant NCAE-CD program criteria and knowledge units and presents sample data on students’ participation and performance from a NCAE-CD designated institution. This presentation also shares the results of quantitative data and qualitative observations as well as reflections on longitudinal student participation in the NCL competition and student performance in cyber defense educational programs.

Ping Wang

Community outreach is essential for building relationships between the community, potential students, and the college. Increasing visibility in the local area helps to attract more students, donors, and industry partnerships. A successful outreach program can help a college to connect with people from diverse backgrounds and promote a culture of inclusion. It can also help to create a more welcoming and supportive environment for all students and staff. A solid outreach program should provide education and training opportunities, foster mentorship and networking relationships, and raise awareness about the benefits of diversity in the industry. Cybersecurity Awareness Month, International Day of the Girl, and International Women's Day are great opportunities to host events to increase awareness and excitement for women in cybersecurity. This session will explore strategies and showcase successful events that provide opportunities and cybersecurity awareness for students in grades 6-12.

Sandra Leiterman

As more and more information technology workloads move to the cloud, it is imperative that students entering the workforce have the skills needed to implement cybersecurity practices. The concepts of identity and access management, least privilege access, compliance enforcement, and incident response are theoretical concepts that may take years to put into practice once students reach the workforce. By adopting a game based learning pedagogy, higher education institutions can take the lead and provide an engaging mix of theoretical concepts with game based learning labs that will encourage students to continue to pursue their online degrees.

Aleksei Wolff

This mini workshop will start with a short presentation to provide latest statistics on the cybersecurity workforce challenge, followed by a discussion about the nationwide demand and open positions for academically qualified cybersecurity faculty, both full-time and adjunct. Then, an interactive workshop will be provided where the audience will collaboratively share their own stories regarding the recruitment of academically qualified faculty members at their institution. The information gathered in this workshop will aid us in collecting additional information, to be collected in an anonymous process, in order to provide initial empirical evidence to further understand if this is one of the critical factors causing the bottleneck affecting the national cybersecurity workforce challenge. During the mini workshop part of this session, participants will be asked to answer anonymously relevant questions in a gamified process. Final results will be presented at the end of the mini workshop with the participants.

Dr. Anne Kohnke, Dr. Yair Levy

Advanced Persistent Threat (APT) is a class of network attacks when attackers utilize malware or stealthy tools to hide their actions in a network and systems over a prolonged period so that they can eventually achieve strategic goals such as causing substantial damage to the victim organization by data exfiltration. Although APT has long been a research subject, it continues to be a serious threat for many organizations. For cybersecurity education, APT is a good example for students to relate to the risk of organizational networks, the vulnerabilities of the systems and the skills needed to analyze and secure the networks. Recent research and development in APT detection are good educational resources. MITRE has released the ATT&CK knowledge base of adversary tactics and techniques based on real-world observations. Lockheed Martin’s Cyber Kill Chain identifies what adversaries must complete to achieve their goals. Both are good reference models to understand the techniques being used and how APT progresses. However, few education materials have been developed to teach cybersecurity students in understanding such serious threats and how to best protect their network to reduce the risk. The goal of this presentation is to bridge the gap by exploring educational materials that are suitable for a college level cybersecurity course by integrating state-of-the-art research results as well as industry practice. During this presentation, we will first explain the nature of APT, their characteristics, a comparison between APT and traditional attacks, and the different stages of APT planning. We will then discuss the knowledge and skills needed to conduct analyses on both a system and a network and map these skills to topics in network security courses. In addition, we will identify educational platforms and resources for this topic. Finally, we will discuss how such a knowledge domain fits into a cybersecurity curriculum. 

Li-Chiou Chen & Joseph Acampora

Incident response training is designed to test an organization's ability to respond to a cybersecurity attack. It involves developing a tabletop attack scenario and then running through the incident response plan to determine whether the plan is effective in detecting, containing, and remedying the attack. During the exercise, participants are required to make decisions and take actions as they would in a real cybersecurity attack. The exercise brings together various teams within the organization, including IT, security, legal, and public relations. The goal is to raise an organization’s cyber defense posture by identifying weaknesses or gaps in the incident response plan and to provide an opportunity for the organization to refine and improve its response capabilities. Critical infrastructure cybersecurity attacks have a greater potential to impact multiple organizations that would not typically engage in collaborative activities and incident response training requires participation from external partners such as law enforcement, regulators, and third-party vendors. Community outreach and leadership in education are key tenets of the National Centers of Academic Excellence in Cybersecurity (NCAE-C) mission. NCAE-C Colleges and Universities are uniquely positioned to serve in enhancing communication and collaboration by bringing together entities that would not normally engage with one another. In this presentation, NCAE-C institution representatives from the States of Montana and Colorado will discuss their experience in planning and hosting incident response training for critical infrastructure. We will examine the complexities of bringing together these disparate stakeholders. We will also present the benefits these events bring by enhancing the education of students and the research efforts of faculty.

Thomas Gallagher, Gretchen Bliss

Missoula College University of Montana has completed the inaugural year of a CAE-CD rapid training program. Our CAE-CD Program of Study (PoS) encompasses four classes covering networking, operating systems, basic cybersecurity, and ethics/legal issues in computer science. Recognizing the need for short term training programs (i.e., completed within six months), Missoula College has developed a 10-15 week course of study specifically designed for individuals to get a jump-start on transitioning to a career in cybersecurity. In addition to completing the CAE-CD PoS, students are prepared for the Network+ and Security+ Industry Recognized Credentials (IRCs). Two unique hallmarks of our program are 1) wrap-around student support services which include weekly meetings with rapid training coordinators and 2) integrated and supplemental materials aligned with the National Association of Colleges and Employers (NACE) Career Readiness competencies. Program participants are encouraged to work with Missoula College University of Montana career coaches to refine résumés and interviewing skills, and all of the NACE competencies are interwoven into PoS coursework. Students are further encouraged to participate in career fairs held each semester at Missoula College. Through partnerships with the Montana Department of Labor and Industry (MT DLI) and other entities, student tuition, fees, and books are often eligible for a full subsidy resulting in no cost to students.

Dianne Burke

Our program has a constant struggle to get our students placed in meaningful internship opportunities. We have all heard the response all too often: Are they in their junior or senior year in college? We only offer internships to 4 year institutions. Then there is the management of paperwork and tracking of which student is at what location and how many hours are they logging there. We had enough and we are building our own paid internship opportunities for Tier 1 SOC Analysts. We are calling it the GSOC. Gaucho Security Operation Center. We are collaborating with Boise State University in the development and implementation phase of this project with a targeted soft launch in Spring 23.

Martin Bencic

BYU has recently signed an MOU with a vendor. The vendor partners with institutions and offers to faculty, staff, and students of higher education institutions access to vital cybersecurity skills training and learning resources. It provides students with real-world experience in multiple fields of cyber security such as Cloud, Network, and endPoint. The program is free of charge as the vendor aims to provide vital cybersecurity skills and learning resources in order to close the field’s workforce gap. Secure Academy provides free content (course curriculum), software licenses, technical support, and deeply discounted certifications to their academic partners and their students     

Albert Tay

A brief outline of the student development research projects being conducted by University of Memphis students associated with CAE federally funded research grants.

Tony Pinson, University of Memphis

This presentation describes how the team of Strayer University student coders won 5th place out of over 400 participating schools in the 2022 NSA Codebreaker Challenge, a hyper-authentic learning experience in which teams from across the country compete to develop successful defenses to real-time cybersecurity threats. Lessons are drawn into how students from non-traditional and underserved communities can overcome key challenges to developing the coding, engineering, strategic planning, and problem-solving skillsets needed for today’s IT workplace. Topics of focus include Strayer’s practices for recruiting, coaching, and forging a strong esprit de corps for the codebreaker team, using real-world collaboration tools designed to build camaraderie and group ownership. Insights are also offered into how students mastered applying the advanced technical skills demanded by the high level of difficulty the Codebreaker Challenge entails, including complex techniques for reverse engineering, malicious code obfuscation, cryptography, and infrastructure penetration testing.

Carlos Sapijaszko & Darcel Ford

Contrary to the intuition of some administrators and teachers, holding students to high standards improves retention. Establishing expectations early improves the classroom atmosphere because students are much more willing to help other students who put in a serious effort, and because instructor time is not wasted on students who don’t. Students graduating from a rigorous program are much more likely to have a true understanding of the material. This gives them confidence and leaves them prepared for competitions. They are more likely to get and succeed at cybersecurity jobs, giving the program a solid reputation. Students may have been taught that they can pass anything with no effort. Teachers must hold themselves to a high standard and be willing to help these students learn how to learn. Those who are willing to put in the work will succeed, while those who are not will leave sooner, rather than waste lab and teaching resources from one course to another. It may seem that lowering standards will build self-esteem, but the result is the opposite. If you don’t need to learn anything to pass, your education has no value. How important would you feel in that case? Holding students to high standards helps build comradery among students who have struggled together to understand complex topics and who have competed together in competitions. This improves retention and lifetime networks and job success. Recommendations and answers to specific questions on how to improve enrollment are provided. How can you create an atmosphere of trust and respect between students and faculty? How do you make the whole class feel like one team? How can you challenge your students with assessments to establish expectations early in the semester? How can you convince students that learning is a good idea? Your questions are welcome as well.

Susan Frank

This presentation will share the conceptual framework for a new resource under development for the CAE Community: a competitions roadmap. The goal for the roadmap is to move beyond a traditional list and visually render everything CAE faculty and students need to know about the competitions available to enable selection of the most appropriate competition for them. This presentation will share a prototype and solicit ideas and input for the first production release.

Jake Mihevc

Professional organizations are defined as a group that furthers a particular profession, those engaged in that profession, and the public interest. As part of furthering the profession, many professional associations have created programs to perform outreach to colleges and universities. Faculty and student clubs can benefit from connecting with their local chapters of the major professional associations, such as ISACA, ISSA, and ISC2. This presentation will share the benefits of professional associations, programs available to higher education, and how to connect your student clubs to the professional association.

Anna Carlin

The need for cybersecurity workers is clear. With a documented current shortage of cybersecurity workers in the U.S. identified as over 300,000 openings, the need to attract, and retain more future cybersecurity workers could not be more clear. Many efforts have been created to address this need and have had clear positive results. These include the use of summer camps and competitions to increase interest in the field, reaching out to underrepresented populations to help fill the need, and providing scholarships and using shared curriculum to help students through their educational pathway. Davenport University, through the implementation of an NSF CyberCorps®: Scholarship for Service (SFS) grant, has implemented a systems based approach to identify and align these previous efforts that address the cybersecurity pathway. Through the development of a Community Based Life Cycle (CBLC) framework, this approach is centered around mentoring (using both professional mentoring and peer-mentoring) and the use of Cascade Advising, with the intention to both increase students in the cybersecurity pathway, but also to help retain students’ interest in cybersecurity. This presentation will report on our findings after four years of implementation.      

Lonnie Decker

The latest advancements in generative AI have created both beneficial and harmful opportunities. Novice attackers can now quickly develop multiple variations of malware to evade anti-malware detection tools and can even use advanced technology like ChatGPT to create harmful programs from scratch. Generative AI tools can easily produce human-like content, such as speech and text, to create phishing emails and social engineering attacks. This poses a significant challenge for existing phishing email detection systems, as generative AI can produce countless variations of phishing emails with almost no distinguishable features that are often used by detection engines. Furthermore, sophisticated social engineering attacks are now possible by mimicking the voice of a real human being to deceive people using AI models. This is particularly concerning for the creation of convincing deepfake videos, as well as the generation of fake news and social media posts. Accordingly, the cybersecurity community must adapt to the use of generative AI technology with great caution, using rigorous knowledge and countermeasures to prevent potential security breaches by adversaries. Generative AI has the potential to impact cybersecurity education in various ways, particularly in the creation of realistic training datasets for cybersecurity professionals that mimics real-world cyber threats, allowing cybersecurity professionals to practice identifying and responding to these threats in a secure and controlled environment. Furthermore, generative AI can be utilized to develop more engaging and interactive cybersecurity training materials such as virtual simulations and games to provide learners with an immersive and dynamic learning experience. Overall, generative AI has the potential to significantly enhance cybersecurity education by providing more realistic training datasets and more engaging learning experiences. The primary focus of this talk is on the impact of generative AI on cybersecu-
rity, as well as its influence on cybersecurity education.

Dulal Chandra Kar

Cybersecurity competency is essential for securing jobs in federal agencies and industries. To ensure students are prepared for the workforce, universities should emphasize work skill readiness. This research proposes using large language models (LLMs) like Chat-GPT to extract skills from course materials and job postings. The extracted skills can then be cross-referenced with grades received to select the perfect candidate for a given task. Compared to other LLMs, Chat-GPT meets several important requirements such as speed, low cost, frequent updates, and robust APIs. The algorithm for skill extraction has salient features like segmenting longer assignments into chunks, inputting relevant categories of skills to increase the quantity and relevance of extracted skills, managing verbosity, and instructing the LLM to expand or summarize the skills. The more times a document is segmented, the more skills will be listed in the final aggregate list. However, both assignments and job postings are susceptible to tunnel vision with excessive segmentation. Furthermore, supplying stop words to the LLM is possible and can prevent unnecessary NLP pipelines. The findings suggest that there is a valuable middle ground when it comes to segmentation, and if assignments and job postings are segmented by questions and job requirements, it may be possible to extract a high number of quality skills without becoming a victim of tunnel vision. With the release of GPT4 next month, it will be possible to extract skills from recorded lectures, graphs, figures, and audio recordings such as phone interviews with prospective candidates. Overall, the results are promising, with thousands of extracted skills across hundreds of assignments and job postings, averaging 21 extracted skills per job posting and 25 extracted skills per assignment. The method provides both flexibility and comprehensiveness. For instance, we can specify that we want soft skills as well as hard skills, and the LLM provides such a curated list. LLMs have the potential to transform traditional natural language pipelines, and we have an exciting opportunity to take advantage of this technology.

Dr. Ram Dantu (On Behalf of Thomas McCullough)

Audience engagement is a key challenge associated with Cybersecurity education. Gamification - where elements of competition, unpredictability, and active participation are leveraged to increase interest and motivate learner engagement - is a new frontier for academic research and investment. In this presentation, we demonstrate how a gamified “virtual escape room” challenge can be used to create an interesting, exciting, and memorable cybersecurity learning experience. 

Jonathan Kamyck

This presentation outlines how we use our Cyber Capstone Classes to access both the Program Learning Outcomes (PLO) and competencies of our graduating seniors. At USD, we found that local businesses were reluctant to allow students the opportunity to evaluate, and implement security on an operational system. We developed the USD Cyber Cloud (a private cloud using OpenStack) to have an isolated sandbox that can be quickly configured to give the student (Student Teams) a fully functional business network system. In this safe environment and in small teams (5 or less) they are immersed into a case study assuming the role of being a consultant, an analyst, and customer point of contact. The Teams perform all the required tasks to conduct a security engineering review of the client’s system, conduct Vulnerability Assessments, Penetration Testing, and based on findings, create and execute a hardening plan to make the system secure. The hardening plan is the “What”; execution of the hardening plan is the “How”. The development of an Information System Security Plan plus the other testing report builds a portfolio of achievements for the students.

Chuck Bane, University of San Diego

The NSF-ATE funded Cyberpreneurship project at Riverside City College is a cross-discipline effort to train cybersecurity entrepreneurs. The goal is to address the small to mid-sized businesses that make up over 40% of the breaches that occur but have no IT/Cybersecurity team or professional support. Students will gain knowledge, skills and abilities in cybersecurity and entrepreneurship. This will equip them to provide managed services, audits and other cyber/IT and automation services to those organizations. There is a lot of promotion and talk about the over 750,000 open jobs in the cybersecurity workforce. However, this does not account for the large number of small to mid-sized businesses that do not have anyone defending their systems that need to contract outside assistance to make them secure. 

Skip Berry

The proposed tool will provide users with a platform to access a side-by-side comparison of classroom assessment and job posting requirements. Using techniques and methodologies from NLP, machine learning, data analysis, and data mining, the employed algorithm analyzes job postings and classroom assessments, extracts and classifies skill units within, then compares sets of skills from different input volumes. This effectively provides a predicted alignment between academic and career sources, both federal and industrial. The compilation of tool results indicates an overall accuracy score of 82%, and an alignment score of only 75.5% between the input assessments and overall job postings. These results describe that the 50 UNT assessments and 5,000 industry and federal job postings examined, demonstrate a compatibility (alignment) of 75.5%; and, that this measure was calculated using a tool operating at an 82% precision rate.

Dr. Ram Dantu

This Lightning Talk will discuss how the Information Technology department at Johnson County Community College (JCCC) developed and maintains a K-12 pathway with a large local district, Blue Valley Schools. Now in its second year, the pathway provides students the opportunity to complete the JCCC Cybersecurity Certificate program tuition-free alongside their high school education. Successful students will receive both their diploma and the Cybersecurity Certificate upon graduation from high school. This session will discuss: • Building the pathway • Recruiting students into the program • Managing opportunities and challenges      

Andrew Lutz

The Cybersecurity Maturity Model Certification (CMMC) is becoming an integral part of the cybersecurity ecosystem, with its emphasis on supply chain security. Undergraduate students may benefit from being introduced to the CMMC model early in their cybersecurity training. This presentation will explore what CMMC is, the United States government foundation for this certification, and how best to present this to undergraduate students. The presentation will also explore what preparation an undergraduate student needs in cybersecurity to properly understand and implement the principles offered by CMMC. Presenting this information to graduate students may also prove beneficial; however, the emphasis and focus for this presentation will be undergraduate students.    

Matt Paulson

Cybersecurity student development programs are initiatives designed to help students in higher learning institutions develop the skills and competencies necessary to succeed academically, professionally, and personally. These programs aim to provide students with opportunities to engage in activities and experiences that foster growth and development inside and outside the classroom. The goal is to help students become well-rounded individuals with the knowledge and skills necessary to navigate the challenges of college and the world beyond. These programs typically involve various components, such as academic support, career development, leadership training, social engagement, and community service. The programs help students improve their study skills, time management, and academic performance. Career development programs assist students in identifying their interests, strengths, and career goals and provide guidance and resources to succeed in cybersecurity. Leadership training programs help students develop the skills and knowledge necessary to become influential leaders on campus and in the workforce. Social engagement programs allow students to connect with others and build relationships, while community service programs encourage students to give back to their communities. College student development programs have numerous benefits. Students who participate in these programs are more likely to graduate on time, find employment after graduation, and become active and engaged members of their communities. They are also more likely to have a positive college experience, with higher satisfaction, engagement, and retention levels. Finally, college student development programs are essential to career success, providing students with the knowledge, skills, and experiences necessary to succeed in college and beyond. Student development programs should be a priority for colleges and universities, with continued investment and expansion that ensures all students have access to these crucial resources. 

Israel Emmanuel

THIS PROJECT ADDRESSES the problem of securing autonomous underwater vehicle (AUV) swarm missions. GOALS: G1. Establish secure and resilient underwater communications channels for AUV by using underwater mobile ad hoc networks (uMANET). G2. Determine what formations or behaviors the swarm should adopt for a given mission, and design communication protocols that effectively maintain the swarm in the desired formation. G3. Explore alternative methods by which a swarm can know its location with respect to a global grid (localization) and operate in an environment populated with fixed or moving obstacles. Different types of AUV missions are considered, including mine countermeasures (MCM), intelligence, surveillance and reconnaissance (ISR), and localization (independent or in collaboration with GPS surface vehicles). This work builds on the PI?s background in information security and ad hoc networks (e.g.,, A secure and efficient conference key distribution system, 1994; Securing multipath communication in MANET, 2004; On the security of route discovery in MANET, 2009; Strengthening privacy protection in VANET, 2008; Challenges of securing and defending unmanned aerial vehicles, 2020). CNSSP-28 is a policy document for Unmanned Autonomous Systems that operate in all physical environments and support diverse and complex missions. For our protocols, security is reduced to CNSSP-28 compliance. UNDERWATER SWARM ROBOTICS is a complex field that combines a number of research areas, such as underwater propulsion/sensors/localization/communication, swarm control (centralized/decentralized) and swarm intelligence (based on the collective behavior of self-organized systems), to solve mission planning optimization algorithms. Swarm algorithms are often based on the behavior of animals (e.g., Particle Swarm Optimization (PSO) can be visualized as the behavior of a flock of birds) and minimize the required communication between interacting parties to achieve a specific objective. Whether, or to what extent, any of these algorithms may apply to the needs of Navy missions involving AUV swarms has yet to be determined. What is certain is that new algorithms need to be devised for AUV motion control and decision-making. In particular, AUV should implement self-organizing controllers that adapt to the environment (e.g., by using Neural Networks for learning and Self Organizing Maps for control). This is particularly challenging because of the security/resiliency requirements of Navy missions.

Xiuwen Liu & Mike Burmester

This presentation will share some of the approaches currently underway to explore evidencing competencies through cyber competitions. The presenters will share preliminary findings from research underway on how students perceive competency development as well as a model for evidencing competency within competitions for consideration and discussion.

Jake Mihevc, Dan Manson

In recent years, aviation security was designated as a national strategy, which further emphasized the increasing interest and growth for aviation cybersecurity. The growing digitization and greater connectivity of aviation infrastructure increases the vulnerabilities and risks associated with the aviation industry. In response, educational institutions must diversify their instruction to train a more robust cybersecurity workforce for increased cybersecurity protection. As leader in aviation and aerospace education, Embry-Riddle Aeronautical University (ERAU) has undertaken fundamental efforts to address the need for a high-skilled cybersecurity workforce through its established aviation and aerospace research agenda and is actively building on its research expertise in the aviation and aerospace cybersecurity domain to meet current and future workforce needs. ERAU has extensive capabilities in all computation and communication services related to flight operations. Among them: airborne hardware and software, avionics equipment, and network and communication data links among aircraft, ground stations, radar systems, and satellite systems. ERAU faculty have made substantial contributions to the body of knowledge of aviation cybersecurity through direct work with aviation industry stakeholders, publications in prestigious venues, and presentations at expert forums. To this end, ERAU faculty are consistently updating their courses with their innovative work, thus closing the loop between research and education, and helping with the preparation of well-rounded and high-skilled graduates. All these capabilities and expertise place ERAU students in a unique position to contribute to the cybersecurity of engineered systems specific for the aviation and aerospace industry.

Radu Babiceanu

Internet of Things (IoT) devices capture and process sensitive personally identifiable information such as camera feeds and health data from enterprises and households. These devices are becoming targets of prominent attacks such as Distributed- Denial-of-Service (DDoS) and Botnets, as well as sophisticated attacks (e.g., Zero Click) that are elusive by design. There is a need for cyber deception techniques that can automate attack impact mitigation at the scale that IoT networks demand. In this talk, we present a novel cloud-based active defense approach viz., “CICADA”, to detect and counter attacks that target vulnerable IoT networks. Specifically, we propose a multi- model detection engine featuring a pipeline of machine/deep learning classifiers to label inbound packet flows. In addition, we devised an edge-based defense engine that utilizes three simulated deception environments (Honeynet, Pseudocomb, and Honeyclone) with increasing pretense capabilities to deceive the attacker and lower the attack risk. Our deception environments are based on a CFO triad (cost, fidelity, observability) for designing system architectures to handle attacks with diverse detection characteristics. We evaluate the effectiveness of these architectures on an enterprise IoT network setting with a scale of thousands of devices. Our detection results show ≈73% accuracy for the low observability attack (Zero Click) corresponding to the BleedingTooth exploit that allows for unauthenticated remote attacks on vulnerable devices. Furthermore, we evaluate the different deception environments based on their risk mitigation potential and associated costs. Our simulation results show that the Honeyclone is able to reduce risk by ≈88% when compared to a network without any defenses. 

Prasad Calyam, University of Missouri-Columbia

In the realm of education, a revolutionary tool called ChatGPT and Generative AI is changing the way students learn. ChatGPT and generative AI are not just theoretical concepts; they are already being used by students. ChatGPT, trained on vast amounts of data, generates human-like text and assists students in various ways. It helps them generate papers, provides prompt and accurate answers to their questions, and aids in research by finding relevant sources. Teachers play a crucial role in integrating ChatGPT effectively. They should expand requirements beyond its capabilities to foster deeper conceptual learning. By building upon ChatGPT's support, students can focus on understanding concepts rather than memorizing facts. This approach nurtures critical thinking, problem-solving, and the practical application of knowledge. Expanding requirements offers several benefits. Students engage in deeper learning, explore creative solutions, and collaborate with peers. They become active participants in their education, develop critical thinking skills, and apply knowledge to real-world scenarios. In conclusion, ChatGPT is already enhancing students' educational journeys. With effective teacher integration and expanded requirements, students can concentrate on understanding concepts, fostering creativity, collaboration, and critical thinking. This empowers them for future success in an ever-changing world.

David Breeding

Secure boot is reliant on the Chain of Trust to guarantee the security of an individual device. Chain of trust refers to the transfer of trust such that the transfer of execution in a device from one component to another does not alter the quality of trust. The transfer of execution in a cyber-enabled structure is one of the most important decision points where the state of trust is altered. In this project, we identify the constructs of secure flash (programming of a device) to maintain trust within the secure boot for subsequent bootups. To enable such an architecture, we utilize the specialized hardware called Trusted Platform Module to guarantee the trustworthiness of critical security operations. In this project, we identify how different boot components are ranked and how transfer of trust occurs between them. The diagram below identifies the components of secure boot, secure flash, and different pathways to accomplish the trustworthiness of execution.

Vijay Anand

Surveys indicate a vast majority of employers require prior experience in their cybersecurity hiring efforts. This presents a majority of our current learner community with a quandary as they attempt to enter the workforce. Solid knowledge development (via degrees and certifications) is not enough. Simulation-based skill development (via ranges and CTF events) is not a replacement for the real-world experience needed by our employer partners. It is on the CAE community to lead the way in the creation of a "Ready for Work" workforce by making adjustments to how literal real-world experiential learning can be incorporated into our academic efforts. This talk will present multiple possibilities that have been incorporated into Boise State University’s Institute for Pervasive Cybersecurity for enabling competency development into our programs so that learners can show employers they are “Ready for Work.” We also hope, through this presentation, to begin further collaboration within the CAE community on expanding these efforts nationwide. 

Edward Vasko

The Public Infrastructure Security Cyber Education System (PISCES) is a platform which brings together industry, government, and education to deliver a job ready workforce, engage students with real-world experiences, and provide services to small local government entities which they would not otherwise be able to afford. PISCES places collectors on small governmental networks to collect netflow data. The data is stored on an ELK stack, and is monitored by students who perform anomaly analysis and threat hunting on the real data. Issues discovered are reviewed and reported. PISCES, which currently operates in four states, is working with CISA and PNNL to expand into other states and increase its presence. PISCES makes curriculum available to schools participating in the project, and in addition to the basic cybersecurity analyst course has developed a follow-on Security Operations Center (SOC) course.

Erik Fretheim, Western Washington University

This session will highlight the NCAE-C Cybersecurity Credit Transfer Agreement (CTA) Task, funded as part of the NCAE-C Careers Preparation National Center, to address the challenges in meeting the future cybersecurity workforce development. An overarching goal is to establish a database of credit transfer agreements among NCAE-C designated CAE cybersecurity programs and K12 schools. To achieve this goal, the CTA taskforce will compile the set of the K12 cybersecurity credit transfer agreements between secondary education schools and the NCAE-C designated higher education institutions, and facilitate the development of the cybersecurity credit transfer agreements between NCAE-C designated higher education institutions and secondary education schools. The CTA taskforce, jointly led by Purdue University Northwest and Forsyth Tech Community College, and partnered with Dakota State University, has launched the CTA status data collection and CTA development promotion. The taskforce has investigated the challenges and opportunities of K12 cybersecurity credit transfer mechanisms, examined the advantages and limitations of various CTAs, developed approaches and mechanisms to collect CTA status data and promote CTA development. Experiences and lessons learned will be shared through CTA development cases at Purdue University Northwest and Dakota State University. A call for action will be promoted to the CAE community for CTA survey distribution and response, and CTA development.

Dr. Michael Tu, Michael Sbalchiero, Thomas (Tony) Brown,

Engaging discussions between students in asynchronous online courses are an important part of learning yet many find it difficult to develop creative and effective discussion prompts in cybersecurity and other technical courses. Often these discussion prompts end up looking like short answer questions with each student posting very similar responses. It is hard to generate a meaningful conversation from this type of prompt and students often get stuck trying to think of something relevant to say. It doesn’t have to be this way! There are ways to not only engage students in stimulating and interesting conversations related to cybersecurity concepts but to also use these discussions to develop critical thinking skills, build awareness of how diversity, equity and inclusion are impacted by the topic at hand, learn from relevant current events and encourage creative thinking. It is equally important to provide guidance for when students are replying to each other’s posts. We want their discussions to build on what has been said and continue to be productive and informative throughout the thread. This presentation will review best practices for designing asynchronous discussions by sharing examples of good, bad and engaging discussion prompts in cybersecurity courses. Participants will take away ideas for creating asynchronous discussions that will appeal to students in cybersecurity courses and generate lively conversations.

Catherine Seaver, Excelsior University

Maintaining an engaged alumni community can be a challenging task. Many colleges and universities struggle to maintain relationships with alumni because they fail to foster a strong bond with the students before graduation. When students graduate, the student-institution relationship should not end; instead, it should continue progressing as needs and expectations change. Institutions should establish a robust student-institution relationship that grows throughout the student lifecycle and continues beyond graduation. A cordial relationship between alumni and institutions should begin well before graduation. To develop this bond, institutions should have early recruitment frameworks that enhance cohesive and engaging experiences for students and nurture them until after students transition into alumni. Building meaningful relationships with alumni is essential for the strategic advancement of higher education programs. Keeping in touch with alumni helps an institution build a global professional network. While institutions can partner with alumni to meet financial goals for campus developments, current students at institutions can benefit from the mentorship opportunities that engaged alumni bring. Graduates are influential campus ambassadors for their institution's brand. They are the backbone of a college or university. Whether alumni are seasoned professionals or new graduates, institution-alumni networking is essential to career development. As institutions explore new digital solutions to support students better, leaders can use the latest technology to build engaging experiences and maintain a relationship that transcends graduation. With smart technology, institutions can create engaging experiences that bring the campus to alumni by sharing personalized updates on campus events and developments.

Israel Emmanuel

The Jumpstart Program brings together a large local employer and the College of Southern Nevada (CSN) to enhance employment opportunities for both CSN and local high school students. It also assists the employer to meet the hiring needs in hard-to-find technical areas. Students that are part of the program that finish the required six (6) courses are guaranteed a job interview with the employer. This type of program has been successful with one program/employer and is now being expanded to additional programs and employers. The presentation will include the development and implementation techniques used to implement and expand this successful program.

Margaret Taylor

PACE (Pathway to Advancement in Cybersecurity Education) is a guided Cybersecurity pathway that introduces dual enrollment college courses as early as 9th grade with multiple educational and employment exit points. PACE was funded for the last three years by a grant from the NSF-ATE. In this presentation we will summarize PACE outcomes and identify best practices for establishing a strong pathway program.  

Behzad Izadi

In this talk, we will present an overview of three projects stemming from our NSF-funded effort on engaged pedagogy for advanced cybersecurity education (NSF-DGE #1947295), namely: (i) DISSAV: Dynamic Interactive Stack Smashing Attack Visualization, a program visualization tool for teaching stack smashing attacks. DISSAV is a web-based application built with ReactJS; DISSAV provides a simulated attack scenario that guides the user through a three-part stack smashing attack. Our tool allows the user to create a program, construct a payload for it, and execute the program to simulate an attack scenario. (ii) a suite of four guided-learning activities that help students with foundational concepts for learning stack smashing attacks and defenses, for e.g., command-line parameters in C, buffer overflows in C, process memory layout, stack canaries and address space layout randomization. The activities are written in the Process Oriented Guided Inquiry Learning (POGIL) style - students explore learning models that depict relevant information, then proceed to invent key concepts emerging from those models, and finally apply the concepts they invent to solve a given problem; and (iii) Criminal Investigations, a gamified, scalable web-based framework for teaching and assessing Internet-of-Things (IoT) security skills. Criminal Investigations is packaged as a series of stackable IoT security activities; the current version is a web application that uses React for the front-end development and Python for the back-end, and is deployed on a university server. Criminal Investigations promotes student engagement and learning by incorporating gamification concepts such as storytelling, experience points, just-in-time learning content delivery and checkpoints into activity design. All three projects have been deployed at undergraduate courses at UNC Charlotte, and we will briefly discuss our deployment and data analysis efforts.

Harini Ramaprasad

Artificial intelligence (AI) is rapidly changing the world, and education and cybersecurity are no exception. AI is used to develop new tools and techniques for securing networks, improving risk management, and addressing new threats, and it can be used to enhance classroom instruction and assessments. While AI can be intimidating, it has a valuable place where our students are headed when they transition to the workplace. This presentation will explore the impact of AI on education and begins with a question posed to two AI platforms, "is AI disrupting education?" Then, hear a summary of the findings of a study that examined student usage of AI tools such as ChatGPT and their ability to mimic student submissions. The attendees can also play along, guessing if the submission is AI or a student. The presenter will summarize the potential for AI integration into education and how cybersecurity instruction must incorporate AI tools and resources to prepare students for their careers better. Finally, the presenter will summarize strategies and ideas where educators must go by providing a mind-blowing suggestion that would make Darwin happy! The focus is on providing the students with a different and hopefully better educational experience.

Robert J. Loy

This presentation will unveil the technologies and moving pieces that power the NCAE National Competition. The NCAE National Competition team has open sourced this custom platform and is willing to share all of the details, but the infrastructure spans a number of complex technologies and will be daunting even to a veteran systems administrator. The NCAE National Competition team will offer possible pathways to using our infrastructure at your institution outside of the competition season. The competition team anticipates that offering the community a chance to see the infrastructure in action for a custom deployment will allow interested institutions the opportunity to digest the complexity of the platform and incorporate these technologies incrementally to serve local educational efforts.

James Rice

Students in multiple cohorts of our 3000 level Fundamentals of Information Systems Security course were given a discussion question where they had to either agree or disagree with the premise that given all the constant threats to our systems, we should dedicate more of our efforts to quickly repairing the damage of an attack rather than dedicate more of our time and energies to preventing such attacks. They were required to give their reasoning and provide sources to back up their analysis of his comment. This talk will describe and explain the concept of cyber resiliency. It will then evaluate the responses of the students and their sources to determine if they felt that emphasizing bringing systems back quickly over prevention is a cybersecurity practice that more organizations should consider, as well as give some recommendations about both cyber prevention and cyber resiliency methods.  

Frank H. Katz

Inspired by a Cloud Security Alliance write-up by the presenter, this session will bring about a fun and interactive Lightning Talk on the topic of introducing music that aligns with the varied work roles and tasks in cybersecurity activities. This Lightning Talk will utilize and play some minor snippets of music (as loud as possible) that correspond to the National Initiative for Cybersecurity Education (NICE) Workforce Framework. The session will be helpful in possibly inspiring participants to consider ways to better and further relate to those students who may be “on the fence” in considering the cybersecurity workforce. Music has the potential to inspire and generate energy that may not have been present previously. As we continue to work towards the challenge of recruiting and educating the next generation of cybersecurity professionals, perhaps it is time to think differently, and use such resources as music! Content for this presentation will be pulled from the article below, authored by the proposed speaker.

Stan Mierzwa

Call for proposals: Curriculum Development

Recon Survey Favorite Free Curriculum

Funded by the NSA through the NCAE-C program, the mission of the National Cybersecurity Curriculum Task Force is to catalog and create high-quality and relevant curricula on emerging cybersecurity topics, mapping to curricular and workforce guidelines, and make them freely available. The mission is being accomplished with the following goals: (1) Conduct a comprehensive search of available curricula in cybersecurity repositories, directories, and among the community. (2) Perform gap analysis to identify high-need areas to create a cyber-ready workforce. (3) Develop high-impact, high-value curricula for the community. Stop by this session to get more information on the project, and how you can help by filling out a survey or building curriculum in emerging areas. At this session you can complete a survey to share your favorite piece of free curriculum that you've developed. You can also discuss the call for proposals for funded curriculum development, or discuss your ideas for curriculum in emerging cybersecurity areas.     

Cara Tang, Portland Community College

Traditional programming courses have relied on students learning coding syntax from examples and other textbook sources. As students learn to write code, they become proficient in the syntax, logic, debugging and documenting their code. ChatGPT is a revolutionary method that allows students to generate new code, fix bugs and errors and assist in the writing and learning of programming languages and computational concepts.  This session provides an outline of the application of ChatGPT is a server-side programming class at the University of Hawaii Maui College in the Spring semester of 2023. This session will cover the following topics 

  1. Overview of ChatGPT  
  2. Introduction to Conversational Model in a Programming Course
  3. Techniques to learn programming using ChatGPT  

The session will provide the participants with an overview of how ChatGPT can be used as an assistive tool in the 
classroom, with examples of how it has been used in a programming course to help students learn to code. The session will provide examples of how the risks of plagiarism and cheating can be minimized using ChatGPT. Finally, the session will provide the participant with code samples and examples about how this new tool can be included in their own classroom. While this session focuses on the application of ChatGPT on a programming course, the lessons from this session can be applied to other courses in various disciplines unrelated to programming or technology.

Debasis Bhattacharya

The popularity of the CAE-CD Community of Practice “Meet your Competitions” events has led to a new collaborative space for faculty to contribute to CAE efforts related to competitions. All faculty and POCs are welcome to join us as we explore the future of evidencing competencies within competitions, mapping linkages between competitions, helping faculty prepare students for competitions, competition badging and credentialing, building competitions experiences into courses and programs, and other topics of interest. The CAE-CD CoP Competitions Subgroup will meet regularly beginning this Fall, and this session will serve as an organizing and kick-off meeting for this new CAE collaborative space.

Jake Mihevc, Dan Manson

Malicious programs are not new. Many approaches have been proposed from signature-based methods in most anti-virus products to machine learning approaches that try to classify samples based on extracted features. There are inherent challenges to carry out systematic in-depth malware analysis. Only recently have very large datasets become available. There are three families of techniques for malware analysis: static analysis, dynamic analysis, and symbolic execution. However, none of them are sufficient; static analysis potentially has good coverage but has limited precision and is difficult to scale. Dynamic analysis has perfect precision, and its coverage is practically limited especially when anti-analysis techniques are employed. Symbolic execution techniques have the advantages of both static and dynamic analysis techniques but do not scale. Clearly hybrid approaches of combining these techniques can overcome the limitations to some extent and they are not sufficient to perform in-depth malware analysis at scale. Machine learning techniques have been proposed to classify malware based on extracted features and their success on real malware samples is limited despite reported high accuracies. A shortcoming to all these methods is that the existing techniques do not utilize the knowledge from previous analyses. We adopt and are implementing the following framework: 1) Given a binary sample, we use counterfactual execution to execute all the branches. By using the call graph, we organize the system calls into overlapping short sequences hierarchically; 2) We use the knowledge base to check the family and other related samples in the base. Note that the sequences allow us to match functions without the need to check implementation details; 3) With the metadata from the knowledge base, we will perform family specific analyses. The advantage of the proposed approach is that it is scalable, achieves good coverage, and generalizes well to new malware samples. 

Xiuwen Liu

Due to the increasing threat to both government and industry information systems, it is necessary for cybersecurity programs to produce graduates that can react to the increasingly complex attempts by hostile actors to exploit computer networks. To respond to these growing threats, it is critical for graduates of cybersecurity undergraduate programs to have knowledge of the concepts, techniques, and tools to break down and analyze malicious software used by hostile actors, and understand evolving cyber-attack tactics, techniques, and procedures. Malware analysis is typically an advanced cybersecurity topic covered in cybersecurity graduate degree programs or specialized training; however, with the rapidly evolving threat, malware analysis must be incorporated into undergraduate cybersecurity degree programs in a significant level of detail. A curriculum is necessary that includes a survey of the socio-cultural aspects impacting the cyber threat landscape, fundamentals of traditional and cloud network architecture and services, and a detailed study into the fundamentals of both static and dynamic malware analysis.

Matthew A. Chapman, University of Hawaii West Oahu

This mini-workshop aims to introduce a series of hands-on labs designed and packaged in software containers, allowing instructors to deploy them quickly on the cloud or cyber range environment without extensive configuration. The hacking labs exploit application vulnerabilities to launch common attacks such as data races, buffer overruns, code injection, and other web-based attacks. The primary goal of these hands-on hacking labs is to raise awareness about software vulnerabilities and their potential consequences among students who will be future software developers. By exposing them to these vulnerabilities, students will learn how to apply secure programming techniques during the development process to mitigate the risk of potential attacks. We will demonstrate in this talk how instructors can "load-n-play" one of the labs to Azure cloud service. We will also provide suggestions to faculty on adapting and implementing these labs in their security courses.  

Phu Phung
Sanjay Goel, Brian Ricks, Bill Hayes, Tony Coulson

The landscape of cybersecurity is constantly changing. The Business and Industry Leadership Team (BILT) helps keep programs current on trends and helps schools keep programs current on what candidates will encounter in the field. This presentation highlights how Metropolitan Community College in Omaha uses the BILT.     

Gary Sparks, Metropolitan Community Colllege

Corporate Collaboration in Curriculum Design and Development. Background: The Cybersecurity Highschool Innovations collaboration with Blue Origin started with a tour for 40 high school teachers and academic faculty. This collaboration resulted in the development of an award-winning industry designed curriculum. In this 20-minute workshop, every participant completes a customized form to develop an outreach strategy with business(es) in their area to support employer outreach/workforce development activities. The interactive workshop, using the steps below, provides participants a workable plan to implement outreach or customize an existing industry developed curriculum, Phishing: Blue Origin in CLARK. This fast-paced workshop provides: Step 1: Develop a strategy to approach businesses. Step 2: Engage in education and business collaboration activities to enhance workforce development. Step 3: Access the Blue Origin “Phishing Curriculum” in CLARK, a 10-module curriculum which is the results of Step 1 and Step 2 activities associated with the NSA funded Cybersecurity Highschool Innovations (CHI) grant. Learn how one program customized this industry developed curriculum. Step 4: Create a timeline with actionable steps. Step 5: Send form to participant’s email with a reminder date to ensure items are executed on schedule. Workshop presenters recommend participants come to the workshop with names of two or three business contacts, a laptop, a Gmail account, and nimble fingers to access CLARK, and a collaborative mindset.

Morgan Zantua & Ahreum Ju

This session will discuss a large-scale, multi-million-dollar project that is funded by the DoD-NDEP, one of only five national cooperative agreements funded in September 2022. This project focuses on the establishment of a vibrant, collaborative consortium of six community colleges (CCs), led by a four-year institution, all working together to enhance STEM education across Pennsylvania with special emphasis on cybersecurity. The main objectives of the consortium are: increase certificate completion rates, increase transfer rates to 4-year institutions, and increase student interest in employment in the DoD and DIB workforce. The major factor that contributes to our ability to successfully establish a truly collaborative consortium is the experience gained by the Lead Organization (LO) over many years working with various community colleges, technical institutes, and K-12 schools across PA to enhance cybersecurity education. The project started with the identification of specific challenges that participating CCs face, particularly those that obstruct their abilities to achieve the projects’ three main objectives. Identified challenges include effective marketing/recruitment, retention, cost of obtaining certifications, community awareness of existing opportunities and career paths, among others. To address these challenges, our group proposed a set of innovative initiatives and is currently implementing them. Some of the proposed initiatives are managed centrally at the LO to maximize efficiency, minimize needed resources, and promote collaboration, while others are being implemented locally at each of the participating CCs to address local challenges and target specific audiences at each institution. Examples of central services include soft-skill tutoring, assessment, and faculty professional development programs. Examples of local services include mentorship, certificate training, tutoring, K-12 outreach, summer activities, and course alignments to support seamless transition from 2YIs to 4YIs. The session will acquaint the audience with the project and share lessons learnt and will be delivered using multi-modal learning approaches to promote audience engagement.

Waleed Farag, Indiana University of Pennsylvania

Playable Case Studies (PCSs) are interactive simulations that allow students to play through an authentic case study (i.e., scenario) as a member of a professional team. They include (a) an immersive, simulated online environment, and (b) accompanying in-class activities and discussions facilitated by a teacher to provide educational scaffolding and metacognition. PCSs are designed to be authentic and feel real by incorporating the "This is Not a Game" (TINAG) ethos from Alternate Reality Games. This workshop will introduce two cybersecurity focused PCSs: 1) Cybermatics, where students join a fictional company (Cybermatics) to perform a penetration test of, helping identify vulnerabilities and uncover a hacker who has burrowed into their site, while complying with ethical practices, and 2) Bronze Falls, where students work in teams of four to protect the city (Bronze Falls) by performing a cybersecurity risk analysis, responding to a live cyberattack, and completing an after-action attribution report. We will also briefly mention the "Playable Case Study Authoring and Simulation Platform" that allows collaborators to create their own PCSs without any coding.  

Derek Hansen, Brigham Young University

The purpose of this session is to share best practices for educators to utilize cyber competitions with their students to build technical skills and demonstrate job-readiness to employers. While demand for cybersecurity talent is only increasing, students may still encounter difficulty in obtaining entry-level jobs. Many cybersecurity roles require multiple years of experience, which has led to employers being inundated with candidates for true entry-level jobs. This daunting challenge of evaluating candidates results in recruiters and hiring managers spending limited time considering each candidate, making it vital for students to provide evidence of their capabilities that are easily understood by talent acquisition teams. During this presentation, we will be discussing how the design of cyber competitions can be tailored to allow students to apply concepts they have gained from academic learning to real-world problems to reinforce their learning and demonstrate capabilities to employers. The impact of these experiences are captured in performance reports that are mapped to the NICE Framework and the NICE work roles to help students identify possible career paths and provide evidence of job-readiness to hiring managers. We will provide a demo of the cyber competition platform and will walk through the reporting that is provided to students and share examples of how students have been utilizing these reports to help them during the job application process. 

Dr. Nelbert “Doc” St. Clair, College of Coastal Georgia

According to, there are currently 700,000+ cybersecurity position vacancies in the US. AccessCyber reports reviewing 10,584 cybersecurity job postings and states “Cybersecurity Hiring is Broken” and employers seeking “unicorn” candidates is identified as one cause of the problem. In reviewing position vacancies, half of the vacancies are within the NICE Oversee and Govern (OS&G) category. OS&G requires cybersecurity knowledge and skills, as well as strong business acumen. Many of the OS&G positions including cyber policy and strategy, curriculum developer, program manager, and legal advisor are in Governance, Risk and Compliance (GRC) departments. GRC executives job requirements include cybersecurity foundations, critical thinking and problem solving, risk management, compliance and legal, communications, and a passion for continuous learning. Universities designated as NSA Centers of Academic Excellence in Cyber Defense (CAE-CD) can provide remedies for the broken cybersecurity hiring process. First, utilizing an advisory board in developing cybersecurity course programs and job descriptions followed by an alignment of job descriptions to job skills could reduce vacancies and positions filled by CAE-CD students or alumni. In an interview with the Wall Street Journal, Dr. Sandra Blanke from the University of Dallas noted position descriptions typically list more job skills than are actually needed. Managers know the candidate they hire will have only some of the skills requested. Employers could consider candidates with many of the job skills and the passion for continuous learning. Hiring managers and school career services should be encouraged to work together to write job descriptions for the required knowledge areas only, not looking for “unicorn” candidates. Universities can use student and alumni “spotlights” to show hiring managers their students’ qualifications and successes. Finally, the inexperienced cybersecurity candidate should apply for positions if they meet a number of the skills listed on the job description.

Sandra Blanke
Karthika Subramani, Jordan Jueckstock, Roberto Perdisci, Alexandros Kaprevalos
Aaron Baker, Quentin Covert, Odin Bernstein, Dr. Josh Stroschein
Michael Du Mez, Riley Asp, Brock Holtschlag, Caleb Gullickson, Jacob Mahoney Chase Heim, Collin Shultz, Corner Shultz, Charles Carlson, Logan Koneczny
Maureen Van Devender, Dylan Johnson, Terry Foster, Tyler Jones, Blaine Galle
Madeline M. Moran, Anna Hart, Loretta Stalans, Eric Chan-Tin, Sheila Kennison
Mike Burmester, Dan Schwartz and William Goble, Ryan Sloan, Sophia Villalonga, Jordan Gethers, Laura Battle
Robert Hill, Loic Tchuenkou, Vinton Morris, Dr. Kevin Kornegay, Dr. Md Tanvir Arafin
Sajib Biswas, Timothy Barao, John Lazzari, Jeret McCoy, Xiuwen Liu, Alexander Kostandarithes

Western Governors University (WGU) never had a club until 2020. Our Club went from 0 to 3,500 students in the first year. Currently We have 5,500 in our student club and 2,500 in our Alumni Club. In ten minutes I can provide an overview of how to build a robust club that helps students learn, network and prosper in today’s educational landscape.

Mike Morris

In this fast-pitch presentation, we will argue that the cybersecurity curriculum should include fundamental knowledge units such as information theory, game theory, and war game stratagems

Bo Yuan

This presentation outlines how we built the Openstack infrastructure, automated the implementation of student projects, and work with students so they treat the Capstone Projects as real-life jobs. At USD, we found that local businesses were reluctant to allow students the opportunity to evaluate, and implement security on an operational system. We developed the USD Cyber Cloud (a private cloud using OpenStack) to have an isolated sandbox that can be quickly configured to give the student (Student Groups) a fully functional business network system. In this safe environment they can perform all the required tasks to conduct a security engineering review of the client’s system, conduct Vulnerability Assessments, Penetration Testing, and based on findings, create and execute a hardening plan to make the system secure. The hardening plan is the “What”; execution of the hardening plan is the “How”. The development of an Information System Security Plan plus the other testing report builds a portfolio of achievements for the students.

We, Cybersecurity educators, understand what knowledge is needed to be successful in Cybersecurity and to foster a culture of ethical behavior. Now, we need an environment and method to allow students to execute and implement this knowledge safely risk free.

Chuck Bane

Software reverse engineering skills are fundamental to producing a capable cyber security workforce. However, analyzing binaries is often difficult for computer science students and others in related areas due to the curriculum emphasis on efficient software development. At the same time, while artificial intelligence techniques, powered by machine learning and deep learning models, have shown promise to make software reverse engineering less labor intensive, there are a number of practical challenges software reverse engineers must overcome so that they are practically effective for program analysis and software reverse engineering. In this presentation, we will summarize our efforts in incorporating AI techniques to our software reverse engineering courses, where IDA Pro and Ghidra are used as the main tools. With proper setups, we show that the tools for control flow and data flow techniques along symbolic executions can be effective in malware analysis.

Xiuwen Liu, Mike Burmester

This talk will discuss the lessons learned from a project put in place by Nova Southeastern University (NSU), College of Computing and Engineering in collaboration with the Miami-Dade Public Schools (MDCPS) on a dual-enrollment program for high-school students from minority and underserved schools throughout the Miami-Dade district. The project allowed support for two entry-level Computer Science courses at the ABET CS program (under the Advanced Academics division at the school district) with additional extra-curricular activities (under the Career and Technology Education (CTE) division at the school district) focused on cybersecurity certificate using TestOut platform to prep the students outside the course for CompTIA Security+. The session will discuss the steps taken to address the course registration process, legal issues that the university faced and how we overcome those, along with coordination for advertising of the courses, student recruitment and continuous support for the enrolled students.

Dr. Yair Levy

In this Fast Pitch Session, I will share with other CAE institutes how CAE-CD designation has helped The Citadel take Cyber Programs and Activities to the next level. The Citadel started with an undergraduate minor in Cybersecurity in 2012, and became CAE-CD in 2016 with the academic path of BS in Computer Science with a minor in Cybersecurity. The Citadel was the second college in the State of South Carolina with CAE-CD designation. Students from The Citadel Students have been awarded DoD CySP Scholarship every year since 2017. The Citadel hosted the first GenCyber Camp in South Carolina in 2016. The Citadel hosted All-Girls GenCyber Camp in 2019.

The Citadel was awarded the first NSF SFS Grant in South Carolina in 2020. The Citadel has started to offer BS in Cyber Operations in Fall 2020. The program has been designed based NSA Center of Excellence in Cyber Operations. The Citadel is working with University of South Carolina (CAE-CD, CAE-R) on a NCAE-C Research Grant. The Citadel is working with University of Memphis, University of West Florida, North Carolina A&T University on a NCAE-C Grant for Cyber Education for Critical Infrastructure. The Citadel has established Citadel Department of Defense Cyber Institute (CDCI) in Fall 2020. This is a joint initiative with five other Senior Military Colleges - Texas A&M University, Norwich University, University of North Georgia, Virginia Tech, and Virginia Military Institute. Students at The Citadel have formed Cyber Club, WiCyS Chapter.

The Citadel Cyber Team actively participates in different Cyber Competitions - National Cyber Exercise (NCX), Southeast Collegiate Cyber Defense Contest (SECCDC), NSA Code Breaker Challenge, Cyber Red Zone CTF, Palmetto Cyber Defense Contest, and National Cyber League (NCL). The Citadel hosted a Cyber Bootcamp for South Carolina Army National Guard in Summer 2021. The Citadel worked with Army Cyber Institute on Jack Voltaic Project. The Citadel hosted Jack Voltaic Conference on Cyber Resiliency for Critical Infrastructure on Feb 24-25, 2022. The conference program included sessions on Cyber Workforce Development for Critical Infrastructure, Cyber Education for Critical Infrastructure, Cyber Risk Assessment for Critical Infrastructure, Federal and State Policies and Capabilities for Critical Infrastructure protection against Cyber Threats. The conference program also included a Cyber Table-top Exercise and Student Case Scenario Exercise. The Citadel faculty actively participates in CAE Community by working as a mentor and reviewer for CAE applications.

Shankar Banik

Fairleigh Dickinson University once again got designated as a National Center of Academic Excellence in Cyber Defense through the academic year 2026. During the process, NSA and a committee of academic peers has validated FDU’s BSCS with Cybersecurity Concentration offered at FDU’s Florham Campus through academic year 2026. At FDU, we have managed to achieve our goals after two years of extensive work on several Program of Study validation project activities involving planning, implementation and coordinating efforts that started in the year of 2019. The scope of the validation project consisted of four domains including program and curriculum enhancements, students’ enrichment, faculty, and support, in addition to the continuous improvement’s domain. Our success story in this program has been materialized in 2021 through securing four NSA Cybersecurity scholarships to our students. We shall continue to pursue continuous improvement and excel in the field of cybersecurity for the information security and safety of our nation. Hence, we are proposing to introduce our success story in obtaining this achievement and what has lead to reach our goals.

Furthermore, in April 2021, FDU was awarded the Expanding Access to Computer Science Education: Professional Learning Hubs grant from the NJ Department of Education to support the creation of a Computer Science Hub at FDU and to provide professional learning opportunities for New Jersey educators and to promote the growth of computer science. The services provided by the CS Hubs will help realize the strategic goals identified in the NJ Computer Science State Plan including Interactive Community Building to Support School Administrators, K-12 Teacher Professional Learning, Web Repository of Tools & Lesson Plans Accessible to All, and Culturally Responsive Teaching Practices.


Ihab Darwish

Cybersecurity Education for K-12 institutions and Universities across the USA is vital in the present time. In this presentation, I will be covering the best practices and approaches to enhance the partnership between K-12 institutions and Universities to enhance Cybersecurity education.

Deveeshree Nayak

Knowledge Units are “owned” by the schools, yet schools do not take advantage of updating and modernizing them. This presentation will present how schools can update KU’s to have better alignment with their curriculum and improve the ecosystem for all. This presentation will include audience participation as a means of evangelism and outreach. The objective is to get more people involved in making the KU’s work for their program.

Art Conklin, Seth Hamman

Funded by the NCAE-C Cybersecurity Education Diversity Initiative (CEDI), our presentation describes a two-year collaboration between a large urban Colorado HSI and a small rural Colorado HSI. The cybersecurity program at Colorado’s newest CAE designated university, MSU Denver, is growing rapidly with a new Cyber Range. In addition, MSU Denver also offers BS and MS degrees in CYB and is quickly becoming an established cybersecurity program with the Mountain West region. The satellite institution of Trinidad State College is in a very remote part of Colorado, Alamosa Valley and is just now establishing a brand-new cybersecurity program, spearheaded by Serena “Sully” Sullivan. Unlike Denver, Alamosa Valley is sparsely populated. The CEDI HSI collaborative between these two schools is an excellent example of how 4YR universities can work shoulder to shoulder with 2YR colleges throughout the KU-CLO mapping process.

By teaming up Colorado’s preeminent CAE mentor, Joe Murdock (University of Colorado-Denver), Nikolaus “Klaus” Streicher (MSU Denver’s Senior Cyber Range Instructor), and Serena “Sully” Sullivan (Director of Technology at Trinidad State College), Drs. London and Beaty were able to demonstrate the efficacy of simultaneously employing three different perspectives (i.e., student experience, instructor experience, and mentor experience) or three different levels of analysis to successfully negotiate and align KUs to TSC-Alamosa Valley CLOs. Drs. London and Beaty conclude that developing a new cybersecurity college curriculum should not take place in isolation. While a cybersecurity instructor often establishes a new cybersecurity program with a CAE mentor, Drs. London and Beaty recommend that adding an experienced cyber undergraduate student to the team can result in “added value” to the KU-CLO mapping process.

The undergraduate cybersecurity student has a valuable experiential knowledge base (as a learner) that informs the mapping process from the inside out. Students can often help instructors and mentors by adding a “third” perspective to the alignment process. As an important aside, the TSC CLO’s (used for alignment) were provided by Ms. Serena Sullivan. During the alignment process, an effort was made to reduce the total number of courses used to align with KUs. The intention is to mindfully create advantageous outcomes to be shared with other CEDI partner institutions. In doing so, the intention is to streamline the CAE application process for other participating CEDI institutions. As an additional note, the Colorado Community College System (CCCS) utilizes a shared “statewide” course numbering system (CNS). Due to the statewide shared CNS for all courses within Colorado’s publicly funded community college system, specific TSC CLOs used for this alignment will also work for the entire Colorado Community College System. In other words, the alignment of TSC CLOs holds promise for scaling up to statewide alignment with nationally recognized KUs.

Jeffrey London, Steve Beaty

In September 2020, the Critical Infrastructure Resilience Institute (CIRI) - a DHS Science & Technology (S&T) Center of Excellence at the University of Illinois Urbana-Champaign - led a Cybersecurity and Infrastructure Security Agency (CISA)-funded project and team of academic partners (Auburn University, Purdue University, University of Tulsa) in the creation of a comprehensive plan to develop a nationwide cybersecurity education and training hub & spoke network to address the nation’s chronic and urgent cybersecurity workforce shortage. The envisioned national network will develop and deliver Incident Response (IR) and Industrial Control Systems (ICS) curricula conformant with the NIST National Initiative for Cybersecurity Education (NICE) Framework.

This presentation discusses the research findings from this project related to the current state of IR curriculum (degrees, certificates, technical courses) in the CAE community and makes the case for an increase in the number of CAE schools focusing on this critical area.

Casey O’Brien, David Umphress

Aviation cybersecurity is an increasingly important problem for not only our nation but also the whole world. From vulnerabilities in avionics embedded system critical for flight operations in an aircraft to a wider network of international airports, cyber threats are more pervasive in aviation today. Airport and airlines face millions of cyberattack attempts annually and this trend will persist. A recent report from Europe in 2021, for example, shows cyberattacks on aviation increased by 530% in a year.

Embry-Riddle Aeronautical University—Prescott, AZ, is a NCAE-C leading aviation cybersecurity education and research. It is also a National Science Foundation (NSF) Scholarship for Service (SFS) institution for aviation and aerospace cybersecurity. The Aviation Information Sharing and Analysis Center (A-ISAC) is an international, non-profit organization that fosters information sharing and collaboration between different stakeholders in the community. They enable trusted sharing of vulnerabilities, threat intelligence, and best practices so that the aviation industry’s is better prepared to manage cyber risks and incidents.

In this presentation, we will talk about a recent collaboration between the NCAE-C at Embry-Riddle Aeronautical University—Prescott and the Aviation ISAC. The collaboration aimed at designing and developing an aviation-themed cybersecurity competition and offering the competition at DEF CON Aerospace Village and Aviation ISAC Annual Summit in 2020. The goal was to raise awareness both of aviation-specific challenges for the cybersecurity community and of cybersecurity issues to the aviation ecosystem, and foster talent in the subject areas.

This NCAE-C innovated and developed a novel aviation-themed Capture-The-Flag (CTF) competition. The story involved a group of hackers attacking and compromising a tier-1 airport with insider help, including ticketing kiosks, airline servers, flight information displays, transportation security, runway lights, aircraft, and more. The competition participants are the defenders, who are required to help regain control of compromised systems, prevent an aircraft from taking off, identify the insiders, and help bring normalcy back at the airport and its surrounding airspace. The CTF focused on knowledge, skills, and abilities in cybersecurity (e.g., password cracking, log analysis, computer forensics, and ethical hacking), intelligence (e.g., OSINT), and aviation (e.g., crew, avionics, air traffic control communications, airline operations, security screening, airport information systems, and aviation cyber-physical systems).

The presentation will overview the CTF project and discuss some challenges we faced in it. For example, following the pandemic outbreak, both DEF CON and Aviation ISAC Summit went into safe mode and all-virtual. The competitions were redeveloped and offered virtually, so that participants could register and participate in the competition from their remote locations. On the other hand, both competitions were free and open to anyone in the world. We had over 200 participants from many countries participate in our cyber competition. We will also talk about some of our future work in this area.

Jesse Chiu, Krishna Sampigethaya

The North Carolina Community College System’s Security Compliance course (SEC-258) introduces information security compliance and standards along with how they apply to corporate IT environments. Topics included in the catalog description of the course include ISO standards, government NIST frameworks, federal and state compliance requirements, security policies, incident response and business continuity planning. We have also added a CMMC module to the course. Unfortunately, many times the course content is dry and requires pure memorization. Join us, for this presentation to share and discover new ways to deliver a compliance course in a more “”handson”” format. In short, we intend to move students from remembering compliance regulations to understanding and applying security controls and governance.

Joseph Jeansonne

Western Governors University (WGU) never had a club until 2020. Our Club went from 0 to 3,500 students in the first year. Currently We have 5,500 in our student club and 2,500 in our Alumni Club. In ten minutes I can provide an overview of how to build a robust club that helps students learn, network and prosper in today’s educational landscape.

Mike Morris

While a Performance Based Education (PBE) conversion process was underway through an NSF grant at TSTC, the COVID-19 pandemic necessitated an accelerated and sharp turn in the Texas State Technical College hands-on technical model as courses were moved from an in-person to an online modality in the Cybersecurity program.

This brought multiple challenges and lessons learned including instructional content, access, hardware/equipment, software, and communication. This presentation will identify the challenges and solutions implemented for a successful PBE journey.

Norma Colunga-Hernandez, Amy Hertel

This fast pitch session will describe how the Information Technology—Networking and Cybersecurity department at Johnson County Community College (JCCC) established a K-12 pathway with a large local district, Blue Valley Schools. The pathway provides students the opportunity to complete the JCCC Cybersecurity Certificate program tuition-free alongside their high school education. Successful students will receive both their diploma and the Cybersecurity Certificate upon graduation from high school. The session will discuss:

  • Building the pathway
  • Strategies for recruiting students into the program
  • Working with the state department of education to increase opportunities
Andrew Lutz

Employers are citing a significant disconnect between the needs of their organizations and what higher education institutions are turning out in their cybersecurity-related education programs, with only 23 percent believing that college graduates are fully prepared to enter the cybersecurity industry with a certain knowledge set and applicable technical skills. One recent response from a major corporation to a request for information issued by NICE indicated that “the current [education] environment does not provide a common baseline set of skills from which to build the role-specific knowledge necessary to meet employer workforce requirements.

Problems in Matching to Internships: For a student without meaningful work experience, the only document is a university transcript that usually only contains the course information (i.e., name, number, credit hours) and accompanying letter grades along with the current and cumulative GPA, but they fail to provide specific information about the actual skills or rigor used to obtain that grade. The content and difficulty of each course can vary widely among institutions. Students cannot simply hope to stand out to employers based on their grades alone because universities lack normalized standards for the rigor of content in each course. Employers require a more work-skill specific transcript that matches the needs of the job specification.

The primary issue when hiring new graduates into the industry is correctly matching employer needs with student skills. For example, employers need web socket programming, or React API or Java Spring Boot but do not know how to measure the rigor of the skill. In this fast pitch, we present a workforce Readiness (WRT) transcript (we are building by crawling through the Canvas) tailored to the individual student with a quantifiable substantiation of preparedness for employment as a cybersecurity professional that includes a match percentage to an advertised internship and missing skills.

Ram Dantu, Mark Thompson

Most young people do not know what a cybersecurity professional is, the skills required to reach and excel at a high level or a pathway to pursue the goal of a cyber-based career. The joy and impact of learning cybersecurity through competitions is still in its infancy.

Using the NICE framework, we are starting to use metrics to measure competencies in competitions. The NSA/CAE Evidencing Competency grant team is measuring competency using NICE Framework Tasks and Work Roles in labs, ranges, and competitions. This includes an ABCDE approach to competency statements. A = Who, B = What, C = How, D = How much, and E = Why.

This presentation will focus on how we can measure these competencies in competitions. In the future we can learn to measure cyber performance as well as we do athletic performance. We will create cybersecurity competition measurements enabling a spectator sport similar to traditional sports. This is not just a dream, it is a reality today for e-sports. It is time we put our passion, creativity, effort, and money where our future is.

Dan Manson, Morgan Zantua

While the job market for cyber talent has hit record numbers, employers have found it quite difficult to recruit quality individuals to fill the ranks. There are intense efforts to identify and hire employees with related experience, yet with limited success.

Beginning in 2020, a team of 4 higher education institutions established an NSA funded consortium named Cybersecurity Workforce Certification Training initiative or CWCT with the support from N-CAE. CWCT leadership projects by September of 2023 when this round of funding concludes, 1,100 people will be trained.

By design, 75% of the trainees in CWCT come from those who have served our nation, state, or local communities – via the military, law enforcement, 1st responders, etc. To date, our records show that 71.2% of the trainees are from underrepresented populations, 29.3% are women, which fits well with the desired demographic most employers are looking for. We are proud to announce our potential completion rate is currently running over 80%, well beyond our expectations.

Our CWCT workforce development program has fully recognized the importance of workforce preparation through academic training and competency measurement through the industrygovernment recognized certifications. The CWCT program goes one step further to develop a Job Placement program through workshops on resume building and interview skills development, and more importantly, introducing job opportunities to our training participants through CWCT virtual job fairs and other unique efforts.

This Fast Pitch talk will provide a quick synopsis of the CWCT initiative, then address our unique and successful approach to bringing employers and trained employees together.

Mengjun Xie

The UAH Cyber Force Incubator (CFI) is a cybersecurity workforce development program which recruits students from UAH, partner colleges and universities, and some Alabama high schools. CFI students are enrolled in an extracurricular cybersecurity and work place behaviors training program. Select students who pass the aforementioned training are nominated for security clearance. Students are hired to work on UAH cybersecurity research and development projects and students are placed into internships at government and industry partner locations.

Tommy Morris

No matter how stressful the thought of an interview may be for you, there is an easy answer. Each person has a collection of responses that can be used to solve almost every question, and the best part is that there is no wrong answer! The answer that the interviewer is looking for is your personal story. It is a collection of events that shaped you as an individual and will ultimately be the deciding factor in your success in the role and within the company. Each of you has been on a project, worked on a team, failed, and succeeded. You all have experienced challenges and overcame them, or maybe not.

What we must do as interviewees is pull our experiences out and frame them so that it becomes a story with us as the main character. We need to us as a character who experiences conflict and then arrive at a resolution. The story will contain our experiences and are unique to use, which is essential when competing for roles.

In this fast pitch, the attendee will find examples relating their personal story to the most common interview questions. Finding the right mix of challenge and conflict in school projects, extra-curricular events, work, or class lessons is as easy as understanding what the interviewer is looking for in future team members. The storytelling takes some practice and polish, but it still is your story to tell.

Robert Loy

Manufacturing is not only the backbone of U.S. military-technical advantage, but also a major contributor to the U.S. economy. A healthy, innovative, and vibrant manufacturing sector is essential to the economic strength and national security of the United States. The Industrial IoT, coupled with 5G, security in IIoT, machine learning, and artificial intelligence, is impacting the future and growth of manufacturing. In this presentation, we will discuss and live demo how we use the zero trust model, machine learning, and 5G to design and implement a secure smart manufacturing testbed in a lab environment. The further discussion also includes how we collaborate with the manufacturing outreach center to engage local manufacturers and show business use cases that smart factories can drive value.

Loyce Pailen, Kimberly Mentzell

This is a presentation of research completed to compare higher education information security policies to the NIST risk management framework. A surprising event occurred when it was found that the higher ed institutions were using the NIST cybersecurity framework instead, which incorporates parts of the RMF. This workshop presents the results of this research along with a discussion.

Matt Paulson

Software Defined Network (SDN) is a programmable network that separates the network data plane from the control plane. However, lots of security threats and issues are concerned in software defined network. In this work, in order to reasonably complete the cyber attack situation evaluation in the SDNs, we proposed a cyber attack situation evaluating method based on multi-dimensional features analysis in SDNs. Cyber attack detection features were considered and improved their computation methods about four typical cyber attacks in SDN. Correlations vectors between any two different cyber attack features using variety of measures was considered.

Mininet was used to establish our experiment environment, in which we simulated four typical cyber attacks to verify and analyze our method in the experiment.

George Meghabghab, Roane State

The Computer Forensics Teaching Resources Workshop is designed to share our experience teaching CECS 7235 Computer Forensics and CECS 7237 Advanced Computer Forensics to Computer Science graduate students at Politechnic University of Puerto Rico over the last decade. We will begin with a brief overview discussing the relationship between Computer Forensics and Cyber Defense and our Computer Forensics Graduate Certificate Program. We will then describe the teaching resources that we are using in our courses with an emphasis on hands-on laboratory experience. This will include textbooks (Nelson-Phillips), lab manuals (Blitz) and internet resources such as NIST CFTT, CFREDS, Digital Corpora, and the DFRWS (Digital Forensics Research WorkShop Conference). We will also discuss our experience with Computer Forensics Software tools such as ProDiscover, Forensics Toolkit, OSForensics and Autopsy. In addition we will discuss the philosophy we used to decide what material to include in the advanced course and how we deal with operating system compatibility issues (Windows vs. MAC OSX).

Jeffrey Duffany, Alfredo Cruz

This submission will be a 15 minute overview of a post-GenCyber Teacher Camp activity that provided guidance to teachers for a focused Raspberry PI project for their high school students. The project included post-camp follow-on meetings for teachers to develop their skills and proficiency in using the Raspberry Pi to teach Linux concepts and cybersecurity tools.UMGC trained eight dedicated H.S. teachers who were committed to implementing the project in their schools. All teachers had varying successes and challenges.

We feel that discussing the project outcomes to the larger CAE community will support the success of similar endeavors and remove roadblocks teachers often encounter. This session is unique for a few reasons. First, this was a very focused post-camp activity. Also, the teachers involved had to implement the Raspberry Pi project despite it not being an established part of their curriculum for the academic year. The session will provide an overview of how we planned and managed the teacher training and tool support in a virtual environment. A brief review of the lesson plan will be discussed. The theme of Pi project for students included using Kali Linux; Linux intro / basic commands; Network basics with Wireshark; and Password cracking. Session attendees will receive the excellent Raspberry PI lesson plan developed by one of the teacher participants.

Loyce Pailen, Kimberly Mentzell

How do you ensure your CAE outcomes are consistently addressed from class section to class section? This workshop will provide some best practices to ensure student assessment and KU content is addressed in every section.

Brandy Harris

The Critical Infrastructure Protection (CIP) set of standards is developed by the North American Electric Reliability Corporation (NERC) to ensure the protection of assets used to operate North America’s Bulk Electric Systems (BES). Any entity that owns or operates any type of BES in the United States and Canada must be compliant with the requirements of the NERC-CIP Standards. This talk provides an overview of the NERC-CIP Standards to describe its relevance to the protection of one of our critical infrastructures: electric utility entities, to establish its harmonizing relation with the NIST Cyber Security Framework (NIST CSF), and to disseminate our workforce development program in this area of national need.

Guillermo Francia

Modern power grids, such as smart grid and micro-grid systems, have various intelligent and sophisticated controllers at all stages of generation, transmission, sub transmission, distribution, and customer ends. Moreover, renewable energy sources (wind generator, photovoltaic systems, etc.) are being connected to the grids through various power electronics components and energy storage systems (ESS). According to a recent report, solar and wind together represent roughly 10 percent of the world’s installed capacity. These power electronics devices as well as energy storage systems are also based on robust and intelligent controllers that may have internet-connectivity for their real-time operations.

However, there is a high possibility of cyber-attacks at those control and communication systems, which may be adversely effected and consequently major power disruptions or even blackouts may happen. ESS are important assets in power grids, capable of providing several essential services to systems dominated by intermittent renewable energy resources. Cybersecurity attacks exploit vulnerabilities in communications or control systems to disrupt system operations or execute malicious actions. With the advent of distributed energy resources (DER), which include consumer-owned small ESS often connected to public networks, the attack surface has greatly increased. This fast pitch will cover the basics of cybersecurity issues with the smart power grid, and also will discuss about the smart grid security workshop held at the University of Memphis on March 25, 2022, for a wide range of audiences.

Mohd Hasan Ali

This proposal discusses considerable benefits of a recent outreach project to strengthen relationships between Indiana University of Pennsylvania (IUP), an established CAE for over two decades, and several Community Colleges (CCs) and technical institutes across Pennsylvania. IUP has been working with several CCs for years to promote cybersecurity education and research in the western PA region. With support from a Capacity Building Project that focuses on outreach to technical and community colleges funded by the DoD and as a part of the Cyber Scholarship Program (CySP), IUP has built long-term relationships with several CCs throughout PA and provided engaging and highly rated professional development opportunities in cybersecurity to faculty and students at six institutions. The main goal of the project is to find additional ways to recruit qualified students into the cybersecurity field and DoD CySP to help protect the nation’s cyber infrastructure. This goal was achieved through increased faculty and student development (via a series of collaborative cybersecurity workshops), and a wider network/partnership with several CCs and minority institutions. Specifically, our workshops have been designed in such ways to ensure that all participants will develop the following skills, abilities, and knowledge:

  1. Faculty and students are able to self-organize their work, collaborate, and be successful in assessing and resolving vulnerabilities in digital space.
  2. Faculty learn new cybersecurity teaching methods that help increase knowledge retention and develop plans for continuing education and professional development.
  3. Students leave the workshops with a vast set of skills, including programming specialty computers and embedded systems.
  4. Faculty and students learn procedures for ensuring software integrity through hands-on activities such as hash generation and verification.
  5. Faculty and students develop interest in cybersecurity and are motivated to further their study of advanced techniques in cybersecurity to protect systems from vulnerabilities.

We have offered six workshops that each consist of two full days delivered over two successive Saturdays or during a semester break. Workshops were originally delivered face-to-face, but we shifted the delivery mechanism online due to the pandemic. We delivered workshops to the following CCs and technical institutes geographically distributed across PA: Westmoreland County CC, Pennsylvania Highlands CC, Laurel Business Institute, Laurel Technical Institute, Butler County CC, and Northampton CC. Below is a list of benefits and outcomes that resulted from this outreach project:

  1. We built excellent relationships with faculty and administrators at six institutions across PA.
  2. We were able to provide well-received, cybersecurity professional development to about 120 faculty and students at six different institutions.
  3. Our offerings continued to be engaging after the shift to online delivery, which has been shown in the participants’ high ratings of all sessions.
  4. Efforts in this project have facilitated ongoing collaboration work that involves about half of PA community colleges working with IUP to enhance cybersecurity and STEM education.
Waleed Farag

The healthcare ecosystem involves several interconnected stakeholders with different and sometimes conflicting security and privacy requirements. Sharing medical data, particularly remotely generated data, is a challenging task. Although there are several solutions in the literature that address the interoperability & scalability functional requirements of such services, as well as the security & privacy requirements, achieving a good balance between these is not a trivial task as off-the-shelf solutions do not exist. On one hand, centralized cloud based architectures provide interoperability & scalability, but make strong trust assumptions. On the other, decentralized blockchain platforms support independent trust management and data privacy, but typically do not allow dynamic changes of the underlying trust domains.

To address this challenge we propose a hierarchical multi-expressive blockchain architecture that addresses this challenge by providing: (a) dynamic trust management between different authorities, (b) flexible access control policy enforcement at the domain and cross-domain level and, (c) a global source of trust for all entities by an immutable forensics-by-design auditing mechanism. Fine-grain access is enabled by using an attribute based encryption scheme that provides a single access point that cannot be bypassed by users or authorities and that supports flexible shared multiowner encryption, when attribute keys from different authorities are combined to decrypt data. The effectiveness of the proposed approach is validated experimentally. The multi-blockchain has also been implemented using the Hyberledger Fabric.

This work based on the following publications of the presenter.

  1. JANUS: Efficient multi-authority & multi-domain attribute based access control in practice, submitted, 2022.
  2. A hierarchical multiblockchain for fine grained access to medical data, V Malamas, P. Kotzanikolaou, TK Dasaklis, M. Burmester, IEEE Access 8, 134393-134412, 2020
  3. A forensics by design management framework for medical devices based on blockchain, V Malamas, TK Dasaklis, P Kotzanikolaou, M Burmester, S Katsikas, IEEE World Congress on Services (SERVICES) 2642, 35-40, 2019


Mike Burmester, Xiuwen Liu

The need for cybersecurity workers is clear. With a documented current shortage of cybersecurity workers in the U.S. identified as over 300,000 openings, the need to attract, and retain more future cybersecurity workers could not be more clear. Many efforts have been created to address this need and have had clear positive results. These include the use of summer camps & competitions to increase interest in the field, reaching out to underrepresented populations to help fill the need, and providing scholarships and using shared curriculum to help students through their educational pathway.

This presentation will discuss the implementation of a Community Based Life Cycle (CBLC) approach to help address this need. With the development of a Cyber Education Task Force (CETF), the ability to use a systems development approach to identify and align the efforts that already have been developed to help retain students’ interest in cybersecurity as a career. Through the use of professional and peer mentoring in a Cascade Advising approach, the professional mentors (and members of the CETF) would identify communities (summer camps, competitions, etc.), where peer mentors can be effective in helping newer and future students be successful.

Lonnie Decker, Teha Emmons

As the capability to detect network intrusion has increased, so has attackers’ ability to avoid detection. Commonly, attackers use Secure Shell (SSH) to hide their identity. SSH securely connects two hosts together and encrypts their interactions. The first step to preventing Stepping-Stone Intrusion is to be able to detect if it occurs, in this regard, much research has been done to detect intrusion by looking at downstream network traffic, that is, the traffic flowing to the victim and back from them, but detection methods looking at upstream data, which is the traffic flowing from the attacker and back towards them from a sensor, are inadequate and underrepresented in the field.

To this end, a potential method for upstream detection has been devised. By observing the upstream connection, we can match a send packet with its respective echo packet, and as a result, determine the round trip time (RTT) of that packet. When looking at a series of these matches, we can find the average RTT of all the packets, and then the standard deviation of the RTTs among matches. We estimate that, as a result of the increasing routers, hops, and physical distance between them, transmission will vary more the further a sensor is from a victim. By observing the standard deviation of these RTTs at different places in a long connection chain, we may be able to discern a usable standard or pattern that can determine the length of a downstream connection, and with modification, estimate the length of an upstream connection.

Jianhua Yang

Critical Infrastructure training based on the current threat environment is at a high level throughout the nation and worldwide. A concerted effort by multiple professors, professional cybersecurity personnel, students and staff, a workshop has been developed based that provides training on current topics using in some cases actual examples of security incidents, demonstrations such as pen-testing and necessary remediation steps and methodologies. The current topics include the current state of cybersecurity, ransomware, threat level/surfaces, zero trust architecture, cyber risk assessment from a data-driven view and the work from home/remote office environment. The workshop/training provides not only research based initiatives but also insight and experience of cybersecurity practitioners.

Dipankar Dasgupta, Jim McGinnis

This presentation shares a best practice in teaching network defense based on recent research on network security. Computer networks as part of critical infrastructure facilities and assets for most organizations are facing increasing challenges in defending against various and sophisticated cyber threats, intrusions, and attacks. Knowledge discovery is a key factor in cyber defense, and honeypots could be an effective tool for gaining knowledge for cyber defense. The research for this presentation draws upon a cyber defense knowledge model based on the classic of The Art of War and focuses on the use of honeypots for network intrusion detection. The cyber defense model highlights the role of knowledge (and the lack of knowledge) discovery of strengths and vulnerabilities of yourself and your opponent in cyber defense. This presentation illustrates the dynamics of the knowledge and its network security benefits using honeypots in a simulation of detection of intrusions and distributed denial of service (DDoS) attacks on a virtual network.

Ping Wang

Concerns with cyber-attacks in the form of ransomware are on the mind of many executives and leadership staff in all industries. Inaction is not an option, and approaching the topic with real, honest, and hard discussions will be valuable ahead of such a possible devastating experience. This research note aims to bring thoughtfulness to the topics of ethics in the role of cybersecurity when dealing with ransomware events. Additionally, a proposed set of non-technical recovery preparation tasks are outlined to help organizations bring about cohesiveness and planning for dealing with the real potential of a ransomware event. Constraints from many factors come into focus during preparations for ransomware, and a method to categorize them is detailed. Finally, the use of Incident Command Systems is well known and documented in emergency management, and a proposed model for integrating this process for ransomware episodes is sketched.

Stanley Mierzwa

The Internet of Things (IoT) paradigm promises to make “things” include a more generic set of entities such as smart devices, sensors, human beings, and any other IoT objects to be accessible at any time and anywhere. IoT allows for the interconnectivity of devices or objects to collect, send, and receive information. IoT varies widely in its applications, but one of its most beneficial uses is in the medical field. Healthcare utilizes IoT and its emerging technologies to provide more efficient and quality care for patients while reducing the workload and burden on healthcare facilities. IoT provides a mainstream method for healthcare professionals to analyze patient data in real-time and make informed decisions regarding patient care. However, the large attack surface and vulnerabilities of IoT systems needs to be secured and protected.

This work investigates various applications of IoT in healthcare and focuses on the security aspects of the two internet of medical things (IoMT) devices: the LifeWatch Mobile Cardiac Telemetry 3 Lead (MCT3L), and the remote patient monitoring system of the telehealth provider Vivify Health, as well as their implementations. Our research explores the security issues with these IoMT devices and proposes efficient solutions to better protect them. Security is a requirement for IoT systems in the medical field where the Health Insurance Portability and Accountability Act (HIPAA) applies. While there is a risk that sensitive and protected health information may be compromised in the use of IoT systems, effective implementation of robust security measures and risk mitigation techniques can ensure that IoT can be an invaluable system of technologies that enhances the quality and efficiency of patient care.

Lixin Wang

Stepping-stone intrusion is a hacking strategy in which an attacker sends attacking commands through compromised hosts, called stepping-stones, in order to remotely access a target host. These stepping-stones form part of a connection chain that serves as an intermediary between the target and attacker hosts, providing the attacker with increased anonymity and detection avoidance capabilities. It is well-known that a long connection chain with three or more connections often indicates malicious activities. In a long connection chain, it is possible for the sender to transmit the next request packet before the sender receives the response for the previous request. In such a case, some request and response packets may cross each other somewhere along the chain, producing packet crossover. In prior work, it was demonstrated that the number of crossover packets in a given data stream should be proportional to the length of a connection chain. In this work, we develop an innovative detection method for stepping-stone intrusion based on crossover packets, referred to as Crossover-Packet Detection. Our network experiments demonstrate that our proposed Crossover-Packet detection method is resilient to hackers’ session manipulation such as chaff perturbation or time jittering.

Lixin Wang

As the cyber threat landscape continues to evolve, the critical shortage of cybersecurity professionals continues to expand, particularly in Critical Infrastructure Sectors. This session will highlight three innovative cybersecurity workforce development programs, funded by the NCAE-C Program to address that challenge. An overarching goal is to support other CAE-C designated institutions in developing similar upskilling and reskilling training programs to complement their academic degree programs and multiply the pathways toward cybersecurity jobs. The presenters will offer a call to action to the CAE-C Community and discuss how other CAE-C institutions can leverage the programs’ resources and platform to launch similar programs.

The National Cybersecurity Workforce Development Program is a nationally scalable program that focuses on recruiting, preparing, and placing over 1650 transitioning military, first responders, and veterans into cybersecurity roles across Critical Infrastructure Sectors. CyberSkills2Work is led by the University of West Florida and supported by a coalition of 10 NCAE-C designated institutions across the country, including CAE-CD, -R, -CO, 2Y, 4Y, and MSI institutions. The program offers 15 flexible training pathways that address 15 NICE Cybersecurity Framework work roles, help students develop hands-on skills via industry certifications, cutting-edge tools, and training courses, and document their competencies via digital badges and credentials. CyberSkills2Work includes a National Employers Network to connect students with employers and job opportunities, and a one-stop-shop web portal for students, employers, and institutions.

The University of Louisville-led Coalition (composed of 10 NCAE-C schools, including four HBCUs) Cybersecurity Workforce Development Program focuses on collaborating and leveraging resources and expertise to create cybersecurity curriculum addressing use cases in healthcare and logistics. The online asynchronous flexible cyber curriculum includes technology vendor credentials such as IBM, Microsoft, Google etc. matched with subject matter experts as well as participants partnered with success coaches networked within businesses. Three levels of progressive knowledge of cybersecurity (new/emerging cutting-edge technologies) are offered on topics, including blockchain, post quantum cryptography, artificial intelligence, and cognitive computing. A gaming app is available on the Google and App store free to anyone.

The CWCT, led by Purdue University Northwest and other three CAE institutions, has been launched to recruit and train over 1000 transitioning military, first responders, and other adult learners in the field of AI and Cybersecurity. Training participants have been engaged with educators and advisors at each phase of their CWCT journey including interest inspiration, pre-knowledge assessment, structured learning, certification preparation, career mentoring, and job placement. CWCT fully recognizes the importance of workforce preparation through online academic training and competency measurement through industry-government recognized certifications. CWCT goes one step further to develop a Job Placement Program through workshops on resume building and interview skill development, and more importantly, introducing job opportunities to training participants through virtual job fairs and other unique efforts.

Eman El-Sheikh

In this presentation Chris Simpson will discuss National University’s mapping of low cost and open source labs to the NICE Workforce Framework and course learning outcomes using the online database Airtable. He will also provide updates on some new free and low cost lab environments that might be of interest to the CAE community.

Chris Simpson

This presentation will review the development of a week-course for high school students. The course is designed to introduce students to the exciting science of Cybersecurity using an experiential gamification approach to learning Computer Science, with an emphasis on application and teamwork. The course includes practice using current Cybersecurity industry tools and technologies, development of cyber detective skills, and academic team competition. The course is offered during the Honors Summer Academy on the Oklahoma Christian University campus. Students attend 50-minute lectures and labs for 5 days. The last day students apply their acquired cyber sleuthing knowledge and skills to escape from the Sherlock Holmes Escape Room.

Curtis Coleman

Deepfake technologies, which allow malicious actors to produce fake images, videos, and audio clips, are reaching an unprecedented convergence of quality, scalability, and ease of use. It will soon be possible to mass-produce highly realistic synthetic content that may be generated and spread faster than fake media detectors can manage. The proliferation of these technologies poses clear threats to society and democracy (for example, consider the dangers of shared videos wherein politicians give fake speeches). It appears that the future of information channels which we rely on when forming our beliefs and opinions is on the shaky ground unless detection technology can gain the upper hand. Synthetic audio detection is one key element of managing this threat.

Chengzhe Sun, Ehab AlBadawy, Siwei Lyu, Timothy Davison, Sarah R Robinson, Nathaniel Kavaler

By combining technologies such as Network Function Virtualization and Service-Based Architecture with decentralized and cloud deployments, the fifth generation of cellular networks (5G) aims for unprecedented Quality of Service, and use-cases in smart industry, emergency operations, remote medicine, and more. The increased attack surface introduced by this transition as well as the critical nature of the 5G communications require, more than ever before, a rigorous analysis of 5G security. In this talk, we analyze the security implications introduced in the 5G Core, and the existing security solutions proposed in the 5G standard. We explore the model of Zero Trust Architecture (ZTA) and we discuss how it is supported by the 5G Core standard. With Virtualization and Cloud deployment being significant factors in the increase of the attack surface, we expand ZTA principles to include the software and hardware of the deployment stack. We leverage Trusted Execution Environments (TEEs) to ensure confidential computing on untrusted deployments and our analysis shows how our proposed model handles the increased attack surface and reinforces the ZTA principles in the 5G Core, without any changes to the 5G standard. Finally, we provide experimental results that demonstrate the overhead incurred by our model in terms of performance and monetary cost.

Norbert Ludant, Marinos Vomvas, Guevara Noubir

Presented here is an overview of CanarySat, which is an open, virtual model of a cube satellite (CubeSat) and a satellite ground station. The goal of this project was to produce a high-fidelity, extensible modeling framework that will allow cybersecurity researchers and satellite designers to investigate cybersecurity solutions targeted specifically at CubeSats and other small satellite platforms. Unlike the typical desktop and server computer systems, space-based systems have significant limitations in terms of their computational resources, the available energy resources, and communication bandwidth. CanarySat facilitates evaluation of competing cybersecurity solutions based upon the effectiveness of the technique, the computational overhead, and the energy consumption. To guide development of CanarySat, we have acquired the ISISpace CubeSat Development Platform, which is a flight-proven, cost-effective system which serves as the engineering model for training, development, and testing. Prior to selection of this cubesat platform, we performed a trade study which examined and compared the available commercial-off-the-shelf cubesat and ground station systems. The platform we selected includes the actual flight computer, electrical power system, communications system, and attitude control system as well as the ground station. Our student researchers have constructed both a Satellite Power Scheduling Application and the baseline CanarySat model. The Satellite Power Scheduling Application is an application that allows satellite designers to estimate the energy requirements of their missions and explore trade-offs between performance and power consumption for different on-board computer systems. The application includes a database of performance and power consumption data that was collected via a sequence of experiments performed on representative single-board computers (SBCs). The baseline CanarySat model includes an orbital physics model built within Simulink and the open-source COSMOS command and control software which serves as the satellite ground station. The orbital physics model is deployed on a representative single board computer, and the COSMOS ground station software executes on a desktop or laptop computer. Our student team demonstrated the ability to issue commands from the ground station and view the satellite attitude changing in the Simulink model. The students have also demonstrated successful operation of an image processing workload to simulate an earth observation mission. We are currently engaged in the development of proof-of-concept cyberattacks against the CanarySat model to demonstrate the utility of CanarySat for cybersecurity research.

David Coe, Aleksandar Milenkovic, Jeffrey Kulick and Letha Etzkorn

The growing adoption of zero-trust architectures brings the principle of complete mediation to the forefront of well-designed, secure systems. Despite the potential for zero-trust to improve the security and resilience of systems from cyberattack, practical adoption of these architectures is hindered by lack of sufficiently trustworthy origin authentication within untrusted networks such as the Internet. Notably, problems with authentication exist due to stolen credentials and mobile clients used by remote workers that are easier for threats to compromise than traditional workstations hiding behind boundary firewalls. The result is that access control for the protection of critical assets increasingly depends not just on user authentication but also on context-sensitive techniques, e.g., behavior and location, to monitor and isolate such threats. In this talk, we introduce path-aware risk scores for access control (PARSAC), a novel context-sensitive technique to enrich access requests with risk scoring of the path taken by those requests between the authenticated user and the resources they access. These path-aware risk scores enable another layer of security for traditional access control systems that addresses the need for fine-grained monitoring and enforcement within a zero-trust architecture. We define rules for general functions that can be used to determine risk and instantiate a specific approach to calculate path risk scores. We have evaluated our approach with realistic network graphs and discovered that PARSAC finds more paths with lower risk when compared with traditional routing algorithms that select the shortest path.

Philip Brown

Recent advances in the development of quantum computing hardware have accelerated the interest of preparing information systems for the post-quantum world. Grover’s unstructured search and Shor algorithm for period-finding have potential applications in security, cryptography, and communications in general. We present in this paper the evaluation and simulation of proofs of concepts, gates, and experiments for quantum circuits along with explanations of their potential applications to computing and security. The circuits explore several aspects of quantum computers such as superposition, parallel calculations, amplitude amplification and phase estimation. These circuits and gates were also tested on real quantum computers to assess their behavior.

Hugo Delgado

V8 is the open source interpreter developed by Google to enable JavaScript (JS) functionality in Chrome and power other software. Malicious threat actors abuse the usage of JS because most modern-day browsers implicitly trust script code to execute. To aid in incident response and memory forensics in such scenarios, our work introduces the first generalizable account of the memory forensics of the V8 JS engine and provides practitioners with a list of objects and their descriptors extracted from a memory image. These objects can be used to reveal key information about a user and their activity. We analyzed the V8 engine and its garbage collection process. We then developed and validated a Volatility plugin – V8MapScan – to reconstruct V8 objects from a memory image. The runtime of the V8 engine is housed within the V8 isolate which contains its own heap manager and garbage collector. Within the heap of the isolate exists a root object map known as the MetaMap. By using the MetaMap and a object-fitting technique, we were able to extract objects, object-maps, and object properties. The V8MapScan plugin scans process memory for the MetaMap data structure contained within the V8 isolate using its data structure, references to objects can be found and extracted. Our findings were verified with Chrome DevTool’s Heap Profiler. Our approach recovered the majority of objects indicated by the heap profiler with common types such as the ONE BYTE INTERNALIZED STR type returning more than 98.9%. Lastly, we provide a case study using our tools on the Monero Cryptocurrency Miner. This material is primarily based upon work supported by National Security Agency (NSA) and Department of Defense (DoD) under grant H98230-20-1-032.

Ibrahim Baggili, Samuel Bergami, and Enoch Wang

Currently, the INSuRE program is one of the main efforts of the Community of Practice in Research (CoP-R). As part of this panel, Technical Directors from four different government agencies and national laboratories will share information on their backgrounds, research interests, as well as their involvement and experience with the INSuRE program. A major focus of the panel is for the Technical Directors to not only discuss the benefits of the INSuRE program to the three stakeholders of the program (i.e., students, academic institutions, and to the government - represented by the agencies and labs) but also address the challenges that may arise as students, faculty, and Technical Directors jointly carry out the various projects. 

Susanne Wetzel, Timothy Davison, Roland Varriale, Edward Zieglar

In 2017, six universities (five NCAE-C and one candidate) joined together (“Power of 6”) to establish a pilot program to demonstrate their ability to develop cybersecurity talent pathways for women and underrepresented students for civilian and military positions in the Department of Defense (DoD). Norwich University, University of North Georgia, The Citadel, Texas A&M, Virginia Tech, and Virginia Military Institute share a common identity as senior military colleges but had never previously teamed to create and fund academic, experiential, and research opportunities for cybersecurity students.

In 2018, the “Power of 6” built bipartisan Federal support of Senators and Congresspersons to insert language in the 2019 National Defense Authorization Act to establish DoD Cyber Institutes. In 2019, the “Power of Six” gained federal appropriations support to fund this pilot effort to help fill the cybersecurity workforce gap. Using a common framework, the Cyber Leader Development Program, the “Power of Six” successfully completed their first pilot program year and are fully engaged in Phase II!

Panel focus: Now in Phase II (2022-2024), the DoD Cyber Institute team is excited to share their pilot program insights on outreach activities, collaboration with government and military organizations, student professional development and experiential opportunities, and strategies for other NCAE-Cs to develop similar cybersecurity opportunities for students and faculty.

The panel moderator, Dr. Sharon Hamilton, Colonel (Retired, US Army), Norwich University, has led the “Power of 6” team since its inception in 2017 and is the Principal Investigator and Program Director for this initiative and grant.

Panel members will consist of Dr. Hamilton and two cybersecurity leaders from NCAE-C universities partnered in this pilot program.

  • Dr. Bryson Payne, University of North Georgia, Professor, Cybersecurity
  • Colonel (SC Army National Guard) Linda Riedel, Citadel DoD Cyber Institute (CDCI) Deputy Director, Operations and Outreach
Sharon Hamilton, Colonel Linda Riedel, Dr. Bryson Payne

This presentation is about to identify conversational bots using blockchain technology, a first step to address trustworthy challenging when social media applications are mixed with human users and social bots. Internet persona or account user profile for social bots usually is hardly being used to distinguish conversational bots from other human users. PASS (Personal Archive Service System) using blockchain technology has built in the Proof of X mechanism. The usage of such built in feature into bot identification makes users aware of bot interaction which could mitigate the threat of disinformation by social bots. Moreover, in practice, we add feedback bot score, called syn points stored in the chain during the process of registration, verification and lifecycle monitoring.

Dr. Zhixiong Chen

Over the last decade, many public health research efforts have included information technologies such as Mobile Health (mHealth), Electronic Health (eHealth), Telehealth, and Digital Health to assist with unmet global development health needs. This presentation provides a background on the lack of documentation on cybersecurity risks or vulnerability assessments in global public health areas. This presentation suggests existing frameworks and policies be adopted for public health. We also propose to incorporate a simple assessment toolbox and a research paper section intended to help minimize cybersecurity and information security risks for public, nonprofit, and healthcare organizations. - Further slides will be provided prior to the event to be shared.

Stanley Mierzwa

As long as we have people, social engineering is a threat. Hacking the human element has only gotten worse with most people working, playing and communicating online. With its prominence, shouldn’t this be a part of all cyber defense and operations curriculum? In this session, you will learn techniques for teaching it either as its own class or within other classes. Everyone in security needs to understand human weaknesses and the best ways to protect and defend against human threats and vulnerabilities. Attendees will learn the importance of human factors, psychology, and leadership for security professionals. The session leaders will show how security controls may be bypassed by a person’s intentional or unintentional acts and methods for reducing the cyber risks associated with human error and social engineering. Attendees will leave with a firm grasp of social engineering techniques and how the laws of influence can be used to breach security controls. The techniques discussed here are taken from books such as, “Influence, The Art of Persuasion”, “How to Win Friends and Influence People,” and “Social Engineering, The Science of Human Hacking.” The objective isn’t to make attendees paranoid, but aware of their surroundings and how they may be vulnerable to the power of human hacking. Learn how social engineering and human hacking is incorporated into a cybersecurity curriculum as one of its most popular classes. All cyber instructors need to learn how to social engineer their students before they social engineer you.

Ronald Woerner, Karla Carter

Existing literature show that Escape The Room themed games have not been used much in cybersecurity education and outreach. In this fast pitch talk, we will present an original Escape The Room themed cybersecurity educational game, which consists of a set of nifty cybersecurity challenges in the form of beginner’s puzzles on a variety of introductory cybersecurity topics, including cryptographic ciphers, social engineeringbased phishing attacks, online fake web certificates, and ransomware attacks. We have specifically developed this cyber educational game as an experiential learning activity that is driven by realistic scenario-based cybersecurity challenges, and can be played in teams. We have successfully implemented this game as a team learning exercise that can be offered in a virtual learning setting. We will share our experience (including lessons learned and takeaways) of hosting this game as part of a virtual cybersecurity educational summer camp for a high school audience, where remote learners participated in this game in “Breakout Room” teams within a Zoom meeting session. Our presentation will include an overview of this novel “Escape The Breakout Room” game, and a discussion on hosting this game over Zoom as part of a virtual cybersecurity education camp, or a virtual introductory cybersecurity class. Under the current COVID-19 pandemic situation, when cybersecurity education is going virtual, this new instance of an Escape The Room themed cybersecurity educational game and its experiential team learning approach would be of interest & relevance to the CAE community, including all cybersecurity educators, who are particularly looking for engaging, competitive virtual learning activities at a beginner’s level.

Ankur Chattopadhyay, Meghyn Winslow

This Fastpitch covers Eastern New Mexico University-Ruidoso IS258 Cyber Ethics, Career Development, and Professional course curriculum developed and endorsed jointly by an advisory team from ExxonMobil, DOD U.S. Navy, Academia, New Mexico Workforce Development. The rationale for student taking this course was to provide students with the necessary understanding and abilities to apply ethics in the cyber world. This course prepares students to apply cyber ethics in the workplace and in furthering their careers.

Stephen Miller

UNT’s new B.S. in Cybersecurity was formally approved by the Texas Higher Education Coordinating Board (THECB) in March 2020 with an implementation date starting in the Fall 2020 semester. Given the rapidly changing and often unchartered environment that cybersecurity operates in, the B.S. in Cybersecurity was created to provide a high quality, academically challenging, and career-enriching educational program that is responsive to industry trends, changing standards, and employer needs. Approved only a few months before the program launch, we will discuss the lessons learned in the design and implementation of this new, high demand interdisciplinary degree program. In particular, we would like to share the technical, logistic, and marketing opportunities and challenges that we faced during this past year as we worked to get our new program off the ground, especially as we were met with further obstacles of social distancing and remote learning requirements due to COVID-19.

Mark Thompson, Ram Dantu

As we become a more digital society, it imperative that first responders, including EMS and law enforcement, become well-versed in the role that technology plays in their field and understand the security implications demanded in this changing environment. Most existing continuing education (CE) credits, however, are only offered specifically for technical job requirements, such as de-escalation techniques and airway management training for law enforcement and EMS certified personnel, respectively. We propose offering CE credits in cybersecurity and forensics for first responders, working with the applicable agencies such as the Texas Commission on Law Enforcement (TCOLE) and the National Registry of Emergency Medical Technicians (NREMT) for approval. The training modules for EMS personnel would, for example, include hands-on experiments focusing on securing first responder operations, devices, and privacy such as securing mobile applications and sharing emergency information via mobile devices and HIPAA-compliant confidentiality protection of patient data such as vital signs (e.g., blood pressure, heart rate, respiration rate, blood oxygen). We will discuss our novel interdisciplinary training approach and then review the process from creating our curriculum to getting approval from the appropriate agencies.

Ram Dantu, Mark Thompson

A brief summary of the educational, research, and community outreach activities conducted by The University of Memphis Center for Information Assurance.

Tony Pinson

With many “entry-level” positions in the cybersecurity industry requiring 3-5 years of experience, numerous students and recent graduates find themselves at a loss on how to launch their careers in this field with an ever-growing need for professionals. The question becomes, “How can students take their knowledge from curriculum to career?” The National Cyber League (NCL) does just that in a way that makes learning feel like playing. The NCL vision is to provide an ongoing virtual training ground for students to develop, practice, and validate their cybersecurity knowledge and skills using nextgeneration, high-fidelity simulation environments, based on industry-relevant learning objectives. This offensive and defensive cybersecurity capture-the-flag (CTF) game is based on the CompTIA Security+ and maps to the NIST NICE Framework and NSA CAE Knowledge Units so that the comprehensive, individualized Scouting Reports each player receives provides metrics that matter! Join this panel led by NCL Assistant Chief Player Ambassador, Kaitlyn “CryptoKait” Bestenheider, and supported by NCL Commissioner, Dan Manson, NCL Lead Player Ambassador and professional penetration tester, Meredith Kasper, and the NCL Game Maker from Cyber Skyline, Franz Payer. The panel will discuss the importance of creating on-ramps for students to launch their cybersecurity careers, the NCL integration with CAE Knowledge Units, and how NCL supports schools CAE accreditations

Dan Manson, Kaitlyn Bestenheider, Meredith Kasper, Franz Payer

The open-source cyber gym provides a hands-on Google cloud learning environment flexible for both instructors and students. Instructors have access to custom-built workouts mapped to skills in the NICE Framework and Security+ Standards or instructors can create their own workouts. When ready, an instructor initiates a system build for the number of students or teams in their class. From here students have access to independently control their workout both in the class and outside of the class. This session will explore the experience in deploying this technology to over 500 students in the state of Arkansas and show the cloud costs for various workouts. We will also walk participant through the setup and live build from the viewpoint of the instructor and demonstrate the automated assessment reported back to the instructor. This material is based upon work supported by the National Science Foundation under Grant No. 1623628. The project is available at emerginganalytics/ualr-cyber-gym.

Philip Huff, Sandra Leiterman

The first CAE National Competition will be held throughout the 2021-2022 academic year and is designed to increase student and faculty engagement with competitions throughout the CAE program. The competition is oriented towards students who are new to cybersecurity competitions, and will include an extensive training and practice environment, regional competitions, and the National Finals to be held at the 2022 CAE Executive Leadership Forum. The challenges within the competition will be CAE-sourced to allow each of the unique facets of cybersecurity education to be components of the competition. This presentation will provide an overview of the project as well as the challenge submission and compensation framework that encourages CAE faculty to collaborate and contribute to the project.

Jake Mihevc,Math Ron Sanders

The University of Maryland Global Campus (UMGC) is developing a robust graduate degree program in Cyber Operations (CO). The program was designed from the beginning to ultimately obtain an NSA/DHS CAE-CO designation. With this in mind, the subject matter experts and curriculum designers focused on the required knowledge units and built in the artifacts to meet other CAE criterion like explicit focus on CO, integration of CO into the foundational courses, and content currency. This session will also review the faculty and student involvement as well as research concerns required for the designation and how the institution approached these concerns. While the UMGC program has not yet been designated as a CAE-CO, this session is valuable to those who are considering a program and for those who may face re-designation hurdles.

James Robertson, Loyce Pailen

Covid-19 has created tremendous challenges for academia. Last spring, faculty across the U.S. moved suddenly and completely to virtual teaching. This fall, as many of us continue to teach primarily online, we are developing quality resources, including videos and other materials that facilitate learning in this new environment. As a result of the pandemic, the role of the CAE community is more important than ever. Cyber attacks have increased, as hackers are exploiting the new vulnerabilities posed by the massive migration to work-from-home across all industries. CLARK, funded by NSA (grant# H9830-17-1-0405), hosts over 750 free cybersecurity learning objects under the creative commons non-commercial license. CLARK’s Plan C is an opportunity to gather cybersecurity resources developed during these trying times and expedite publication on the CLARK ( platform. During this workshop, the CLARK team will work with faculty to upload their curriculum content to the Plan C collection, fine-tune their learning outcomes with the “Blooming Onion” app, and map to CAE knowledge units. By contributing curriculum, the CAE community can help faculty across the country teach cyber in their online classes. Participants will receive a small stipend for each contribution.

Blair Taylor, Sidd Kaza

The use of NICE Cybersecurity Workforce Framework (NCWF) is critically important to ensure consistency across cybersecurity jobs in government, industry, and academia. Nova Southeastern University (NSU) has been a leader in cybersecurity education for many years and was among the first in the state of Florida to receive CAE designation. NSU received the initial CAE designation in March 2005 and received CAE re-designation in 2009 and 2014. Over the past several months the faculty and staff of College of Computing and Engineering (CCE) at NSU has been working with the NSU Career Development Office (CDO) staff ( on the integration of the NCWF into the student advising process. The CAE 2020 Fastpitch presentation provides an overview of the collaboration model between the CCE and CDO at NSU that includes exposure of the framework to the career advisors, the relevant job roles for the NSA/DHS designated cybersecurity programs offered by the CCE, the creation of a Career Development Newsletter specifically for computer science and engineering students, as well as the development of sample student resumes specifically aligned with the NSA/DHS designated NSU cybersecurity programs.

Dr. Yair Levy

This proposal discusses the findings of an interesting research study with the objective of identifying writing and communication challenges faced by both cybersecurity students and professionals in the field and proposing effective solutions to address these challenges. This research study was part of a comprehensive project (funded by the NSA) intended to enhance cybersecurity education in western PA. To achieve the project’s objectives, we designed and conducted a QUAN-QUAL mixed-method study which collected survey data from students enrolled at two US-based institutions, and interview data from 27 professionals working in the cybersecurity field within the US and elsewhere. This proposal discusses results related to the quantitative component of our research while briefly commenting on the related findings of the qualitative component. To better understand the backgrounds and needs of the study participants, and attempt to capture various challenges they face in the area of communication skills, the employed quantitative instrument was designed to primarily address the following two research questions: • Which courses did aspiring cybersecurity professionals identify as valuable? Are there group differences? • How did undergraduate students describe their present attitudes and skill level in terms of writing and oral communication? This presentation will expound our research findings including an identified gap of high school courses that prepare students to succeed in the field, and differences in perception of the importance of writing and communication skills among various student groups. The presentation will also provide recommendations and lessons learned from implementing an effective educational service to address the identified challenges.

Waleed Farag

The ultimate goal of an educator is to build students towards a successful career outside the classroom. The top careers today focus on technology, from software development to IT management to cybersecurity, yet businesses often struggle to find qualified people to fill these positions. This session provides actionable solutions for teachers and school administrators for teaching critical computing, cybersecurity, and technical troubleshooting skills. The presenter will share tips, tools, and techniques for building our next generation of cyber experts in ways that build critical technology skills while remaining fun and accessible to all students. He will share ideas for getting technology into the classroom, finding mentors to help with instruction, and engaging students to learn through cyber clubs, camps, and competitions. One of the biggest challenges is influencing students to enter fields that lead to technology careers. He does this by hacking; not the evil kind, but the type defined in the Hacker Dictionary as “one who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.” The techniques discussed in this session allow students to use their native curiosity to better and more safely use the technology around them. This session also covers teaching cyber safety, security, and ethics. Successful careers all start in our schools. Join me in building the next generation of cyber employees to solve the technical problems of today and tomorrow. This session is based on the TED talk, “Hackers Wanted.”

Ron Woerner

We propose a designed growth path for emerging researchers that does not currently exist. When Ph.D.’s defend, it is expected that their directed training and research focus will provide clear direction for impactful future work, but that assumption has not been realized. We propose an entry path for graduate students to better understand and contribute to research and administration publication functions that should enhance their academic prospects and help them add to scientific solutions business desperately needs.

Dr. Derek Sedlack

There is a pervasive talent deficit in cybersecurity that prevents employers from being able to find qualified job applicants. In a recent survey of cybersecurity professionals, most report that their teams are at least somewhat understaffed with open positions remaining unfilled. Many tools are available to bridge the educational gap for the cybersecurity workforce, but these tools do not take a holistic approach to security by addressing both operational technology (OT) and information technology (IT). With the recent convergence of IT and OT systems, vulnerabilities that were previously limited to IT have been introduced into the industrial environment. Therefore, it is vital to integrate industrial security concepts into current and future cybersecurity curriculum offerings. During this workshop, participants will learn about the CYBER security – Competency Health and Maturity Progression (CYBER-CHAMP©) model. CYBER-CHAMP was initially created as a tool for organizations to understand the security competency gaps in their workforce, but the model can also be utilized to inform academia and cybersecurity training providers. The model offers a methodology to increase security across an organization, which includes all work roles within a company and the best practices employees are expected to perform. Once these target roles are identified, the roles can be mapped to education and training options by identifying the everyday tasks an individual performs. This same mapping method can be used to reverse-engineer the education and training offerings that can be provided for students, the current workforce, veterans, and individuals in other disciplines who are interested in growing their knowledge of cybersecurity.

Jade Hott, Dr. Shane D. Stailey, Donaven Haderlie, Gary M. Deckard

We propose a designed growth path for emerging researchers that does not currently exist. When Ph.D.’s defend, it is expected that their directed training and research focus will provide clear direction for impactful future work, but that assumption has not been realized. We propose an entry path for graduate students to better understand and contribute to research and administration publication functions that should enhance their academic prospects and help them add to scientific solutions business desperately needs.

Dr. Derek Sedlack, Associate Professor, Colorado Technical University

This presentation is intended to discuss the promotion of security tools in general, and Wireshark in particular, in security-related classes at Nova Southeastern University (NSU). As a pioneer in cybersecurity education, NSU was striving to introduce students with hands-on experience in classroom settings. Wireshark is one of the most widely used tools in computer networking for deep packet analysis and has been used widely in several courses. In this presentation, we will cover a brief Wireshark introduction, and demonstrate a step-by-step process on how to set up and deploy the tool, identify protocols and payload, and perform analysis on security protocols such as SSL. Through this presentation, we hope to raise awareness, foster new ideas, and share the best practices in teaching hands-on skills within the CAE community.

Wei Li, Professor, College of Computing and Engineering at Nova Southeastern University

Learn how a program management process and a single document can support your faculty and also your course/program reviews. Elevate the instructor’s workbook into a tool that not only provides situational awareness and pedagogical foundations, but also helps to connect remote faculty and capture ideas and experiences in a hectic and demanding environment. Presuming that all faculty are experts in a course’s subject matter, the workbook does not focus on substantive knowledge. Rather, it helps to blend practical resources, pedagogical foundations, and experiential tips from prior teachers and students. Since Spring 2019, faculty in UNH’s online M.S. Cybersecurity Policy & Risk Management courses have utilized our workbooks and related processes. Our faculty especially value the workbook’s support with pedagogy and the learning management system, as well as the workbook’s accessibility and inclusion features that encourage each instructor to add comments and suggestions for improvement. In this Fastpitch Session, Prof. Maeve Dion provides an exemplar workbook, highlights the core features, and shares how the workbooks are utilized as part of our collaborative curriculum development and course review processes. Whether full-time academics or full-time practitioners, our faculty’s lives are busy and complicated. The COVID-19 situation has increased the complexity: more learning is remote, and instructors are delving more deeply into the functionalities of our learning management systems/tools and the best practices for online learning and teaching. Raise your concept of a workbook to a new level and explore how you might want to adapt it for your course or program.

Maeve Dion, Assistant Professor, University of New Hampshire

Cybersecurity has become a prevalent topic in many colleges, but how it should fit into the overall educational process is still not fully understood. A cybersecurity project at the University of Hawaii Maui College (UHMC), funded by the NSF ATE program, spans multiple disciplines and targets women and minorities. The goal of this project is to ensure that a broad audience of faculty, students and practitioners get trained in the fundamentals of cybersecurity. This is especially challenging during a pandemic, when all education is online. This project also targets students in middle and high schools, who are drawn to cybersecurity by the mass media but are not educated in the field or aware of future careers in cybersecurity.

Debasis, Bhattacharya, Assistant Professor, University of Hawaii Maui College

As the majority of jobs in Computer Science are software development oriented, Computer Science curricula have shifted towards producing software more efficiently. As a result, low-level concepts such as computer instructions, assembly programming and calling conventions that are fundamental to cyber security are only covered marginally. Ultimately the security of cyberspace depends on the programs we use; increasing their robustness to vulnerabilities will enhance cyber security greatly. How to engage software developers in secure coding and other cyber security practices becomes a fundamental challenge. At the same time, in order to handle the everincreasing complexity of malware and other programs, cyber security analysts heavily depend on specialized tools. This makes it even more difficult for typical software developers to comprehend the cyber security impacts. Without an intuitive grasp of the impacts of software vulnerabilities, it is difficult for software developers to get interested in the inherent cyber security threats. To overcome the challenges, we have developed universally applicable small programs that illustrate the importance of cyber security mechanisms. The programs are designed so that they can be tried using only commonly available tools such as compliers to maximize their reach. These simple programs overcome the barriers to most cyber security issues that rely on specialized tools. By relating these programs to fundamental issues in cyber security, software developers gain first-hand experience of the potential impacts of cyber attacks and therefore increase the awareness of cyber security importance. To illustrate the effectiveness of the approach, we have developed several examples. We have used variations of the tools in intro-level computer organization and programming courses, that have raised curiosity and interests to cyber security substantially

Xiuwen Liu, Mike Burmester

The Army Cyber Institute (ACI) is a national resource for interdisciplinary research, advice and education in the cyber domain, engaging DoD, Army, Government, academic and industrial cyber communities in impactful partnerships to build intellectual capital and expand the knowledge base for the purpose of enabling effective army cyber defense and cyber operations. The ACI focuses on exploring the challenges facing the Army (and likewise the Nation) within the cyber domain in the next 3-10 years. Using our multi-disciplinary, mission focused team of professionals as well as leveraging the United States Military Academy faculty and our various partners, we expand the body of knowledge and advise senior military and government officials. Our vision is to develop intellectual capital and impactful partnerships that enable the nation to outmaneuver our adversaries in cyberspace.

Dr. Lubjana Beshaj, Assistant Professor in the Department of Mathematical Sciences at West Point

INSuRE (Information Security Research and Education) has been an important activity within the CAE-R community, yet it remains unknown to many institutions. In this talk, we will present the history of the program, its evolution and its current state. We will discuss the values and the challenges INSuRE faces and its future directions.

Agnes Chan, Suzanne Wetzel

The Army Cyber Institute (ACI) is a national resource for interdisciplinary research, advice and education in the cyber domain, engaging DoD, Army, Government, academic and industrial cyber communities in impactful partnerships to build intellectual capital and expand the knowledge base for the purpose of enabling effective army cyber defense and cyber operations. The ACI focuses on exploring the challenges facing the Army (and likewise the Nation) within the cyber domain in the next 3-10 years. Using our multi-disciplinary, mission focused team of professionals as well as leveraging the United States Military Academy faculty and our various partners, we expand the body of knowledge and advise senior military and government officials. Our vision is to develop intellectual capital and impactful partnerships that enable the nation to outmaneuver our adversaries in cyberspace.

Dr. Victor Piotrowski, James Joshi

Moraine Valley Community College and University of Alabama Huntsville
Dakota State University and University of Colorado Colorado Springs
Dakota State University and University of Colorado Colorado Springs

The 2019 CAE in Cybersecurity Symposium General Program slide deck contains general symposium information, updates on the CAE in Cybersecurity Community Website, and the CAE Virtual Career Fair, sponsored by NCyTE and NSF.

Tony Coulson, Anastacia Webster, Amy Hysell

This slide deck includes upcoming events, speaker photos and bios, as well as important resources available to you as a Center of Academic Excellence in Cybersecurity. 

Anastacia Webster

To meet the ever-growing demand for well-trained, ethically responsible cybersecurity professionals, we looked to programs and students at community colleges in the Dallas-Fort Worth area as input for our new degree in cybersecurity. Then we applied curricular guidelines from CAE, NICE, ABET, and ACM to develop high quality, academically challenging, and career-enriching ABET-accredited pathways for community college students to a degree in cybersecurity that is responsive to industry trends, changing standards, and employer needs.

Mark Thompson and Ram Dantu, University of North Texas

The global cybersecurity crisis has challenged academic institutions to build and grow cybersecurity programs to help produce a skilled and knowledgeable cyber workforce. The current state of cybersecurity education is faced with three intersectional challenges: 1) a dire shortage of faculty and teachers, 2) a rapidly evolving field, and 3) limited access to quality curricular materials. While addressing the shortage of faculty requires a long-term solution, it has been shown that high-quality curricula not only helps institutions build programs, but also improve student learning outcomes. Increasing access to better curricula is a relatively inexpensive, yet impactful intervention. To help meet these challenges, the National Security Agency funded the CLARK Cybersecurity Curriculum Library (www. CLARK hosts over 700 quality-assured learning objects from over 70 institutions organized as collections, including the NSA National Cybersecurity Curriculum Program (NCCP) and the National Science Foundation C5 ( collections. This fastpitch will introduce the highlights of CLARK and provide examples of high-quality cyberlearning objects that can be immediately deployed in the classroom.

Sidd Kaza, Towson University, and Mark Loepker, National Cryptologic Museum

In 2017 the ACM (the world's largest educational and scientific computing society), with the Joint Task Force on Cybersecurity Education, published Cybersecurity Curricula 2017 (CSEC2017), guidelines for baccalaureate programs in Cybersecurity.

The ACM CCECC (Committee for Computing Education in Community Colleges) is developing curriculum guidelines for associate degree programs, based on CSEC2017, with expected publication in early 2020. These guidelines, code-named Cyber2yr, map to the CAE knowledge units for two-year programs.

Note also that the ACM CSEC2017 and Cyber2yr guidelines, respectively, are the basis for the ABET program criteria for Cybersecurity four-year programs, and the currently-under-development ABET program criteria for Cybersecurity two-year programs. This fastpitch session will present an overview of the ACM Cybersecurity curriculum guidelines with a focus on the forthcoming Cyber2yr guidelines for two-year programs, and how they map to the CAE knowledge units for two-year programs. The Cyber2yr guidelines can be used to develop or update a two-year Cybersecurity program that includes the CAE foundational and technical core knowledge units.

Cara Tang, Portland Community College

In 2018, NSF awarded a group of community colleges funding to establish a standalone CyberCorps®: Scholarship for Service program. These community colleges received funding for student scholarships, tuition, and related costs. The session will briefly review the recruiting and selection process, the different curriculum pathways and describe the target audience to receive these scholarships. The fastpitch will also discuss how the institutions have collaborated to establish a cohort of students across multiple institutions.


Kyle Jones, Sinclair College

This presentation will cover international opportunities for cybersecurity faculty to expand their technical and cultural vision of the discipline. Its purpose is to share experiences gained and to entice other academic or professional experts in cybersecurity to conduct research, pursue professional development, assist in curriculum development, and/or assess cyber best practices at international institutions through the Fulbright program. The Fulbright award, administered by the Council for the International Exchange of Scholars for the US State Department, provides a generous stipend to cover travel, food and lodging, and other personal expenses incurred during the duration of the award which ranges from 3 to 6 months. Depending on the selected program, dependents may also be supported with modest allowances to enable them to join the award recipient during the entire duration. It is indeed a rewarding experience towards understanding cultural and technical diversity!

Guillermo Francia, University of West Florida

The lack of soft skills such as communication, diversity, leadership, and work ethics being taught in programs reduces the effectiveness of cybersecurity experts as organizations across all industry sectors become targets of increasingly complex and debilitating attacks. We propose a program to improve the career-readiness of future workforce by increasing soft skill competencies, encouraging engagement through experiential learning, and providing opportunities for learning and networking through professional development using mixed reality tools and other novel activities.

Mark Thompson and Ram Dantu, University of North Texas

This presentation is intended to cover the promotion of cybersecurity competitions by the Center of Academic Excellence (CAE) at Nova Southeastern University (NSU). NSU first received its CAE designation in March 2005 amongst the first in the State of Florida and was redesignated in October 2014. The promotion of cybersecurity competition has long been in our agenda but was challenging, primarily due to the nature of students as many of them are working professional students. In this presentation, we will cover the recent practices at NSU with a focus on the engagement of working professionals and online students in cybersecurity competition.

  • National cybersecurity competitions currently being promoted • Faculty support of cyber competitions
  • Programs/Courses promotions of cyber competitions
  • Outcomes/Benefits of cyber competitions
  • Future steps Through this presentation, we hope to raise awareness, foster new ideas, and share the best practices in promoting cybersecurity competitions within the CAE community.
Wei Li, Nova Southeastern University

A team of educators has been working on a cybersecurity curriculum framework (CCF). The purpose of the framework is to express a set of standards that stakeholders can use to develop a dedicated cybersecurity course for high schools. While computer science ideas and work are present in the framework, the CCF clearly delineates cybersecurity as its own topic. In the next phase of this project, the team hopes to develop methods for dual-credit and/or advanced placement so that students who take the course in high school can earn college credit for it. This session at the CAE community meeting would be focused on sharing the framework and investigating the pros and cons of dual-credit or advanced placement from the perspective of CAE principals.

Melissa Dark, Dark Enterprises, Inc., and Mark Loepker, National Cryptologic Museum

Cyber threat hunting has emerged as a critical part of cybersecurity practice. However, there is a severe shortage of cybersecurity professionals with advanced analysis skills for cyber threat hunting.

Sponsored by NSA, the University of North Carolina at Charlotte (UNC Charlotte) and Forsyth Technical Community College (Forsyth Tech) have been developing hands-on teaching materials for cyber threat hunting that will expand our current strong educational programs in cybersecurity. UNC Charlotte is designated as a Center of Academic Excellence in Information Assurance Education-Cyber Defense, and a Center of Academic Excellence in Information Assurance Research by NSA and DHS, and has an NSF funded IUCRC in Configuration Analytics and Automation. Since 2001, UNC Charlotte has run the Carolina Cyber Defender Scholarship Program, one of the largest such programs in the United States, with funding from NSF and NSA. Forsyth Tech has been re-designated as a Center of Academic Excellence in Cyber Defense Education in May 2019. It has established the Davis ITEC Cybersecurity Center and with the support of a grant from the Department of Education, it has been building a Security Operation Center Student Lab since December 2018, to strengthen the future workforce in cybersecurity through hands-on learning.

We have developed freely-available, hands-on teaching materials for cyber threat hunting suitable for use in two-year community college curriculum, 4-year university curriculum, as well as for collegiate threat hunting competitions. To the best of our knowledge, there are not such open-source material online for educational purposes.

Our project fits into the theme of “Innovations in Cybersecurity Education, Training, and Workforce Development,” with a focus on “Accelerate Learning and Skills Development” defined by the NICE Strategic Plan.

The objectives of our project are twofold: (1) develop hands-on learning experiences that cover two important areas in threat hunting: threat analysis and security data analytics, and (2) build institutional capacity by integrating at least seven hands-on labs on threat hunting into existing curricula at two participating institutions: UNC Charlotte and Forsyth Tech.

Our hands-on labs focus on exercising a set of essential technical skills (called the threat hunting skillset) in an enterprise environment and they are modeled after real-world scenarios. Our lab environment contains real threats (e.g., malware) against real software (e.g., Operating Systems and applications), and real security datasets. These labs are designed to help a student learn how to detect active and dormant malware, analyze its activities, and assess its impact. These labs also teach a student how to search and probe for anomalies in a variety of datasets using multiple analytical skills, such as statistical analysis. Our labs are designed at different difficulty levels suitable for use by two-year community college students, 4-year university students, as well as for collegiate threat hunting competitions.

We plan to present the design and implementation of our hands-on labs, and we will offer an interactive learning session in which we will walk the participants through some of our labs on their computers.

Jinpeng Wei and Bei-Tseng "Bill" Chu, University of North Carolina at Charlotte, and Deanne Cranford-Wesley, Forsyth Technical Community College

We present a novel way to help match employers’ cybersecurity skill requirements with students’ knowledge using a blockchain to assure students’ credentials and records. This approach applies micro-accreditation of topics and rigor scores to students’ courses and associated tasks, making it easier for employers to explore students’ records to verify their success in specific skills. In turn, this allows employers to make better hiring decisions, conferring a solid way for students to prove the quality of their skills. Future work includes mapping courses from CAE to NICE framework, fine-tuning transaction times, and developing a better consensus model for peer-reviewed rigor.

Zachary Zaccagni and Ram Dantu, University of North Texas

There is a capacity issue in the educational system preparing cybersecurity experts in this high-demand area: students cannot readily be added to the education system, especially at the Community Colleges level, because trained faculty to accommodate expanded sections are scarce. The weak link in the cybersecurity workforce supply chain is often the inability to find faculty who can be effective and can provide proper encouragement to the students to join the cyber workforce.

GW has developed one way to address this capacity issue by preparing a way to tap cybersecurity experts, with an initial emphasis on graduates of the NSF-sponsored CyberCorps program, as adjunct faculty. Such cybersecurity experts in the workforce have the potential to fill the need for part-time cybersecurity faculty at the Community College level. By tapping into the pool of working cybersecurity experts and retired individuals whose background fits the typical qualifications, a viable long-term strategy can be developed. The challenge is to outfit these technology-savvy individuals with pedagogical insights and skills, usually not present in this chosen population.

The Reach to Teach project, funded by the Department of Defense, was developed over the last two years with input from educators at both 2-year and 4-year institutions to explore this potential. The research effort engaged current faculty, as well as education experts, and resulted in a pilot Reach To Teach online course that was piloted in several workshops including the 2018 3CS Conference in Portland, OR. Reach to Teach includes six brief video sessions that can be viewed by prospective adjunct faculty, each of which includes the following content: introduction to community colleges, ethics, and pedagogy. The pedagogic content includes the general structure of a course, crafting goals and objectives, techniques for moving explanations from the concrete to the abstract, using group work using case studies, and using discussions in classes.

Reach to Teach is now ready to be used by the academic community. The program can be found at reachtoteach/ . There is no fee or cost associated with program adoption. For more information contact Principal Investigator Shelly Heller ( or co-Principal Investigator Costis Toregas ( ).

Shelly Heller, George Washington University

Hands-on cybersecurity labs are an excellent way to teach cybersecurity and for students to demonstrate knowledge. There is a large body of research on cybersecurity labs that provide examples of excellent lab environments. Due to the use of proprietary software and other factors like significant hardware requirements and large file sizes, it can be difficult to replicate these lab environments. The emergence of low-cost cloud computing resources and the automated deployment of infrastructure using DevOps tools make it easier to share and deploy lab resources. There are several open-source projects that provide excellent lab environments that can be easily deployed in cloud computing environments.

This presentation will provide a short overview and demonstration of using DevOps tools to automate the deployment of open source cybersecurity labs into cloud computing environments. The talk will highlight some of the possible tools and how they can be used across cloud computing platforms. During the demonstration, an open-source lab environment will be deployed in Amazon Web Services.

This presentation is based on a paper from the presenter that was presented at the AMCIS 2019 conference. The presentation at the CAE conference will focus on the practical aspects if using DevOps tools to deploy cybersecurity labs.

Chris Simpson, National University

Careers in cybersecurity and information technology (IT) require professional certifications along with academic degrees. The challenge most students are faced with is that some cybersecurity certifications require significant knowledge, skills, and abilities (KSAs) and personal recommendations for years of industry experience. However, there are several great opportunities for students to obtain entry-level cybersecurity certifications that are well accepted by the industry as part of their academic degree program. Moreover, such cybersecurity certificates are required by thousands of cybersecurity entry-level jobs and can greatly help students even to finance their education immediately after completing such professional certifications.

This presentation will discuss the integration of such entry-level cybersecurity professional certification preparation as part of the virtual lab component that of Fundamental of Cybersecurity course at the graduate program that is mainly focused on career changers. The presentation will provide the background for the selection of the specific platform (LabSim) along with the experience our college had over the past two years in using it. Moreover, the discussions will cover some of the linking of the Fundamental Knowledge Units (KUs) to the course and the specific assignments to assess the relevant KU objectives.

The presentation will also include cases of the success stories of students who completed the course, went to pursue the professional cybersecurity certification (Security+), and the impressive impact it had on their cybersecurity career path. The presentation will conclude with an open discussion and Q&A session.

Yair Levy, Nova Southeastern University, and Eric G. Berkowitz, Roosevelt University

We would like to highlight the success and vision of our Cyber Program. In May 2018, the University of Arizona (UA) received it's National Security Agency (NSA) Center of Academic Excellence in Cyber Operations (CAE-CO) designation. Reverse engineered not only to meet NSA requirements but also for the delivery as a completely online program, the UA’s Cyber Operations program offers a one-of-a-kind Bachelor of Applied Science degree. While maintaining the high standards of NSA designated schools, we shape our cyber warriors during their Junior and Senior years. We have articulated pathways from universities and community colleges to ensure a successful transfer into our program. Additionally, this program provides a breadth of knowledge to all students, ensures students are exposed to all facets of cyber operations, and ultimately equips students to leverage and apply their computer science skills across various industries.

The UA delivers its Cyber Operations program through an engineered Virtual Learning Environment (VLE). This platform consistently delivers course content and a hands-on learning environment for all students globally. Unlike other learning management systems, the VLE is connected to a virtual city, driven by powerful Artificial Intelligence. To create a realistic training environment, the virtual city CyberApolis consists of 15,000 virtual residents enhanced with Personally Identifiable Information (PII), Personal Health Information (PHI), financial data, and a variety of other attributes. These personas have fully developed patterns of life and conduct financial transactions, web browsing, emailing, social media posts, and entity and data relational linkages. Additionally, full web and network infrastructure supports CyberApolis’ infrastructure, utility companies, news agencies, banks, hospitals, and large and small retailers. Furthermore, CyberApolis hosts unique social media platforms that enable students to research, analyze, and complete program learning objectives.

Besides its CAE-CO designation, the University of Arizona Cyber Operations program also is distinguishable due to its varied career tracks which support a diverse population of students. Complementing its Cyber Engineering emphasis, the University of Arizona Cyber Operations program offers a Defense & Forensics career track and a Cyber Law & Policy career track. Both tracks are designed to fill critical roles within the government and industry. Defense & Forensics students are able to specialize within their degree by taking advanced courses in penetration testing, cyber intelligence, forensics, wireless and mobile networking, or coding through python. Law & Policy students have a direct pathway to enter the University of Arizona’s School of Law should they choose.

In addition to the above features, there are many other unique characteristics that contribute to the success of the University of Arizona Cyber Operations program. We are one of only two cyber operations undergraduate operations degree programs in the nation. With the University of Arizona’s designation as an Intelligence Community Center of Academic Excellence (ICCAE) we bridge our cyber program with our intelligence and information operations program to evolve the skills of our students to better address the changing operational environment. The most impressive characteristic is the program’s explosive growth; doubling our student population ever semester since its inception in 2016.

Paul Wagner and Jason Denno, University of Arizona

The purpose of this research is to glean insight into the taxonomy or differentiation methods used in cybersecurity employment. In addition, the research will identify the career paths have experienced professionals such as executives and senior managers taken to reach their current positions. Considering both top-down and bottom-up approaches, we can better identify what current KSAs and cybersecurity certifications are predominantly obtained by current cybersecurity professionals and what types of KSA are missing. More specifically, we expect that the results of this analysis provide several important outcomes such as current cybersecurity career paths, a cybersecurity certification and KSA map, and a cybersecurity knowledge units mapping. As a result, we can improve future workforce efficiency by identifying what experience, education and certifications are needed and encouraged to pursue. This study will provide insights of the practical utilization of the knowledge and skills in the cybersecurity industry that provide the greatest impact it contemporary employee needs. It explains the directions that successful employees have taken to reach their current positions. It also provides perspective into the priorities of industry leaders by outlining their backgrounds, and the industries and fields in which they were previously employed.


It is clear that in order to address the cybersecurity education and workforce crisis, the challenges are not just numerous but also inextricably linked. The least of which include a greater number of prepared faculty, effective curriculum, and infrastructure to host, use, and disseminate the curriculum. There is a demonstrated need for a cybersecurity digital library (DL) that will help address these challenges. The Cyber DL is similar to other curricular digital libraries in some respects (material quality, uptake, etc.) and unique in others (national security concerns, presence of damaging material – malware, material integrity issues, etc.). We have been working on the design and implementation of CLARK – The Cybersecurity Labs and Resource Knowledge-base. CLARK is a prototype curriculum management platform that hosts diverse cybersecurity learning objects. This submission introduces the system and highlights its capabilities as a tool that is much needed in the cybersecurity education community.


In this talk, we will present the Society of Women in Cybersecurity (SWiCS), a less than one-year-old club. SWiCS is energized and ran by CSUSB students of The Jack H. Brown College of Business. The main aim of the club is to attract women to the technical field and especially to cybersecurity. SWiCS is a community of students (all genders) supporting each other through every step of their career, from school duties to job hunting. The aim of the club is to supplement classroom curricula through study groups, workshops, mentoring, networking, and internship/job placement assistance.

Though one year old, the club members have doubled in number, attracting not only females but also males.

Essia Hamouda

Within the past few decades, cybersecurity has grown from individual concerns to a national-level issue. With such an explosive growth, there has been a discrepancy between the increasing demand for a better cybersecurity knowledge base and cybersecurity workers who are struggling to keep up. Government, academia, and the private sector have taken initiatives in order to fulfill these discrepancies with varying methods and levels of success. Additionally, considerable amount of research for each sector spanning across multiple disciplines have been conducted. However, there is a lack of a holistic view on cybersecurity knowledge among these three sectors and the relationships that exist between them. This research paper aims to explore the current cybersecurity ecosystem in order to allow future researchers and practitioners to understand and broaden the full scope cybersecurity knowledge. In order to achieve our research goal, we use an ontological network and identify key relationships that exist within all three sectors.


This proposal reports on the success and lessons learnt of an innovative and interdisciplinary project (funded by the NSA) with the objective of enhancing Cybersecurity education in western PA. This project implemented six different services that worked collaboratively to identify and address challenges facing Cybersecurity education. A focus of this funded project was to implement a novel program to enhance communications skills (soft skills) of Cybersecurity students and those aspiring to enter this promising field. Our ultimate objective was to propose an innovative and successful model that can be easily replicated in other schools and/or environments. These services and activities are briefly described below: 1. Designed and implemented quantitative and qualitative research studies to identify challenges facing Cybersecurity education. 2. Employed results from the above-mentioned research studies and from extant published research as the basis for designing a comprehensive program for delivering individualized instruction to Cybersecurity students. 3. Offered three weekend Cybersecurity skill enhancement workshops that provided very engaging sessions on various aspects of Cybersecurity. 4. Worked on building a Cybersecurity community that invited students, teachers, business owners, NGO’s, and government organizations to come together to increase Cybersecurity awareness, practice, and education by pooling resources, collaborating in teaching and learning, and creating an integrated network for cyber education. 5. Offered a successful and well attended Cybersecurity skill enhancement summer camp (modeled after GenCyber camps).


Forecasters are predicting a catastrophic shortage in workers to fill open positions in cybersecurity by 2020. We are not developing enough qualified candidates for this field, but by the time students enroll in a higher education institution, it may already be too late as many students are unable to handle the complexity and continually changing environment in cybersecurity. We propose starting a discussion on a new pedagogical approach to cybersecurity education based on our past strength in innovation. America has long been considered a nation of innovators, but with rapidly changing technology, we have to up our game by making innovation a part of growing up. Innovation should start from elementary school and promote thinking outside of the textbook. by making an investment to educate teachers and parents to encourage and sustain innovation. This presentation will discuss some initial steps needed to create a culture of innovation by educating teachers and parents to encourage and sustain innovation early on.


It this fast pitch, blockchain technology and its potential applications are presented. We will explore so called decentralized transparent immutable yet secured applications using the blockchain technology and will describe a novel approach of “proof of X” such as proof of identity, proof of college degree and proof of academic achievements. The project prototype of a personal archive service system (PASS) is demonstrated. Personal archive is defined as a collection of various artifacts that reflect personal portfolio as well as personal unique identifications. Personal portfolio is in addition to a simple statement of personal achievement. It is an evidentiary document designed to provide qualitative and quantitative chronically documentation and examples. The pitch moves on to focus on security concerns, risks and challenging. Blockchain technology has been bringing cryptography to individuals who are in turn as value investors in the internet with a clear time sequence, not just any information consumers. But, it is also coupled with various threats and concerns. We will discuss issues inherited from the current blockchain technology such as scalability, efficient and block sizes. We will also talk over a possibility of altering blocks even without over 50% mining power, low resource eclipse attacks and other forms of cheating. We will also present in the end a challenging case of cleaning poisoned blocks.


The University of Arizona, to enhance the learning experience of online, hybrid, and face-to-face students in the Cyber Operations degree program, has designed, built, and implemented a Cyber Virtual Learning Environment (VLE). Built upon a hybrid cloud architecture, students can log in to their classes from anywhere there is internet access, and safely complete hands-on learning exercises in a synthesized environment with no fear of damaging or interfering with current, live, computer networks. This provides a cost-effective option for students wishing to pursue their degree, paired with the geographic flexibility students may need. The VLE is made up of several components which students will use throughout their courses. This vast array of components keeps students challenged and provides a depth of experience in the Cyber realm not readily available elsewhere. Our students, regardless of learning modality, leave the program with the knowledge, skills, and abilities to work immediately in the Cyber field upon graduation. Through the VLE, they will attack and defend the businesses, individuals, and governmental offices of CyberApolis, our virtual city. With 15,000 highly developed virtual citizens, CyberApolis is a thriving city with its own social media, hospital, bank, businesses, and organized crime. Our Internet of Things lab devices are being increasingly integrated into CyberApolis to allow students to interact with these everyday devices that may be watching, listening, or interfering with our homes and businesses. And the Malware Sandbox provides a safe environment in which to reverse engineer malware, with no threat to current computers or networks.


Each year, the community highlights one CAE designated institution that exceeded expectations providing resources, programs,  or workshops to the community. This year, the community is recognizing  Dakota State University (DSU).  DSU has long been a leader in the community acting as a CAE Regional Resource Center for the  North Central Region. However, DSU also provided all CAE designated institutions with the opportunity to participate in faculty professional development workshops.

Wayne Pauli

The Joint Task Force (JTF) on Cybersecurity Education ( was launched in September, 2015 as a collaboration between major international computing societies: ACM, IEEE Computer Society, AIS’s Special Interest Group on Security (SIGSEC), and IFIP. The purpose of the JTF on Cybersecurity Education was to develop comprehensive model curricular recommendations for undergraduate program in cybersecurity education that will support future program development, and associated educational efforts. Prior ACM-lead JTFs that have worked to produce model curricula recommendations ( for undergraduate degree programs, included:

  • The ACM/IEEE CE2004 for Computer Engineering
  • The ACM/AIS IS2010 for Information Systems
  • The ACM/IEEE CS2013 for Computer Science
  • The ACM/IEEE SE2014 for Software Engineering
  • The ACM/IEEE IT2017 for Information Technology (under development)


Similarly, this JTF has been working to achieving the proposed curricular guidelines for undergraduate degree programs in cybersecurity (CSEC 2017). This presentation will start with an overview of JTF, the work that the JTF conducted, and Working Groups activities, including the thought model using the cross-cutting ideas, the knowledge areas, knowledge units, and topics outlined. Following, a discussion will be provided about the final report itself, the recommendation usage of the CSEC 2017 curricular guideline, issues related to the scope of the field of cybersecurity, along with challenges of defining the program outcomes. Discussion about the opportunities to engage in the Exemplary Programs will be provided, and its role in ABET accreditation for cybersecurity programs.

Yair Levy, Diana Burley, and Herbert Mattord

The field of cybersecurity is predicated on the existence of humans who deliberately attack computer systems. In other words, without cyber adversaries, there is no cybersecurity. Therefore, adversarial thinking, which is the study of cyber adversaries, is central to a cybersecurity education.  However, the learning outcomes associated with adversarial thinking are not well-defined, making it difficult for cybersecurity educators to confidently instruct students in this crucial area.  This presentation aims to advance cybersecurity education by rigorously defining what it means to “think like a hacker.” The proposed definition highlights the primary learning outcomes associated with adversarial thinking, and it will help educators see more clearly the big picture of a cybersecurity education.  This presentation will also promote the CLARK curriculum repository where cybersecurity educators can find materials to help develop the adversarial thinking abilities of their students. 

Seth Hamman

Cybersecurity has become a prevalent topic in many colleges, but how it should fit into the overall educational process is still not fully understood. A cybersecurity project at the University of Hawaii Maui College (UHMC), funded by the NSF SFS program, spans multiple disciplines and targets women and minorities. The goal of this project is to ensure that a broad audience of faculty, students and practitioners get trained in the fundamentals of cybersecurity.

Debasis Bhattachary

Hands-on labs are a critical component of any cybersecurity program. Schools can develop labs internally, outsource labs to a provider, or utilize free grant resourced labs, or use free and open source labs.  Many externally provided labs aren’t mapped to CAE Knowledge Units or the NICE Framework, especially the open source labs. This makes it challenging for schools to identify the right labs for their program and requires extensive efforts to map the labs to meet these different requirements. There is duplicated effort as different institutions map the same labs and in many cases will map them to the same knowledge units and NICE KSA’s. This presentation will discuss National University’s efforts to map labs from external providers and open source labs to knowledge units and to the NICE Framework.  A proof of concept portal that will allow schools to share their mappings will be demonstrated.

Chris Simpson

This presentation first discusses the introduction of cyber labs into existing graduate embedded systems and undergraduate microcontroller system design courses. A Raspberry-PI based platform was used to develop a set of six labs for the graduate embedded systems course required to be taken by all MS in Electrical Engineering and MS in Computer Engineering students. Additionally, Python as the programming language, Linux as the operating system, and concepts of security are introduced in the graduate course.

 A mapping of existing courses in the engineering programs showed that an Embedded Systems specialization is feasible by adding a few topics into existing graduate courses and developing a new course module on wireless sensor networks. On the other hand, the undergraduate course needs a more simplistic platform where pin level programming is feasible. As such, Micropython based Pyboard was chosen as the platform. The undergraduate microcontroller system design course is taken by electrical engineering, electrical engineering technology, mechanical engineering and mechanical engineering technology majors. Changes to the existing C based undergraduate course requires introducing Python as another programming language in the undergraduate engineering program. 

A proposed sequence of such undergraduate curriculum changes will allow introducing cyber and data science concepts into existing undergraduate engineering programs.

Kalyan Mondal

Cybersecurity education often feels fragmented because of its broad spectrum which includes theoretical principles, cyber hygiene, board-level decision-making, and highly specialized technical skills.  Workforce and academic training will benefit from cybersecurity instructors who position multi-faceted topics through the single lens of risk management. Effective programs do not seek to eliminate cyber risk, but to manage it appropriately. Helping students approach cybersecurity challenges from a risk management perspective will provide direction and confidence instead of fear and information overload. The National Centers of Academic Excellence (CAE) program seeks to reduce vulnerability in our national information infrastructure by promoting the development of professionals with appropriate expertise. Technical cyber professionals need help in communicating more effectively with decision makers. Non-cyber professionals need greater awareness of the importance of applying cybersecurity principles to non-IT-based roles. Introducing cybersecurity from a risk management perspective accomplishes both of these needs.

Barbara Fox

Cyber threat hunting has emerged as a critical part of cybersecurity practice. However, there is a severe shortage of cybersecurity professionals with advanced analysis skills for cyber threat hunting. Sponsored by NSA, the University of North Carolina at Charlotte (UNC Charlotte) and Forsyth Technical Community College (Forsyth Tech) have been developing hands-on teaching materials for cyber threat hunting that will expand our current strong educational programs in cybersecurity. UNC Charlotte is designated as a Center of Academic Excellence in Information Assurance Education-Cyber Defense, and a Center of Academic Excellence in Information Assurance Research by NSA and DHS, and has an NSF funded IUCRC in Configuration Analytics and Automation.

Since 2001, UNC Charlotte has run the Carolina Cyber Defender Scholarship Program, one of the largest such programs in the United States, with funding from NSF and NSA. Forsyth Tech was awarded the Center of Academic Excellence (CAE 2Y) Cyber Defense designation in June 2015. In this effort, Forsyth Technical Community College has established the Davis ITEC Cyber Center. We are developing freely-available, hands-on teaching materials for cyber threat hunting suitable for use in two-year community college curriculum, 4-year universities curriculum, as well as for collegiate threat hunting competitions. Our project fits nicely into the NICE 2018 theme of “Innovations in Cybersecurity Education, Training, and Workforce Development,” with a focus on “Accelerate Learning and Skills Development” defined by the NICE Strategic Plan.

Deanne Cranford-Wesley, Jinpeng Wei, Bei-tseng Chu, and James Brown

To increase national security for the U.S. and meet its workforce needs, cybersecurity education must develop new knowledge and skills. To address this need, the Cyber Up! Digital Forensics and Incident Response (DFIR) project at Coastline Community College in California will research, create, adapt, adopt, and implement a suite of course content that supports a Certificate of Achievement and an Associate of Science degree. The three-year project will run 10/2018-09/2021 (NSF ATE Award #1800999). 

The project will focus on the development of curricula that will teach students and professionals the cybersecurity knowledge and skills of digital forensics and incident response, which need to be deployed in real-time and are dynamic to changing situations during, and in response to, cyberattacks. Through the DFIR program, the project intends to create adoptable educational resources; form academic, government, and industry partnerships; and prepare qualified cybersecurity technicians and professionals for entry into, or advancement within, the U.S. workforce.

The DFIR distance education modalities will be designed for a national reach and assist in preparing students for successful employment. The project will also develop virtual labs and faculty resources. Because of the adoptable, modular content, other institutions can benefit through adoption into their programs, creating pathways to greater skills and knowledge for students and professionals. Increasing skills and knowledge in diverse and underrepresented populations in cybersecurity will help to assure increased participation of women, minorities, and special populations in science, technology, engineering, and mathematics (STEM) education.

Tobi West

Based on the growing number of security and data breaches that are occurring on a daily basis, as well as the impact they are having on our lives, security is no longer working, so as a community of users, we must take charge and reestablish control of our own security and privacy. Unfortunately, due to these frequent occurrences, people now bear a mindset that security is too complex and seem resigned to the fact that security breaches are just a part of their daily lives as they know it. For the most part, they are correct! If security professionals, who have been trained and certified to work on these systems, cannot fully secure them, then how can an average person with little or no computer experience be expected to do so? Rather than attempting to change the behavior of potential attackers, this discussion takes the approach that everyone is responsible for security and what we must do to develop an environment where everyone’s own personal background and experience can be used in sharing the responsibility for security, just as a Neighborhood Watch program does for a local community.

Mark Thompson and Ram Dantu

The purpose of this presentation is to compare existing online course designs and propose new pedagogical approaches to improve cybersecurity education. For this purpose, we chose three institutes that deliver online courses - one in WA and two in IL. The institute in WA delivers online MS in Cybersecurity (CSEC). The institutes in IL provides both online and on-campus courses for BS in Information Technology (IT) and Master of Business Administration (MBA). Campus visits and interviews were conducted for data collection purposes. The three institutes use different Learning Management Systems (LMS), yet all of them have distance learnings to support and maintain online course development initiatives.  

The following criteria were compared during the study: ownership of the course contents in a LMS, openness of the courses to future students, involvement of instructional technology experts, support from media production experts, use of learning analytics for retention and prediction, use of active learning methods for student engagement such as Just-in-Time Teaching (JiTT) and Flipped Classroom (FC), and diverse learning models such as social learning, competency-based learning, and project-based learning. Data revealed that one of the institutes has significant growth in enrollment with highly qualified students. Recommendations for future studies are provided.

Sam Chung and Simon Cleveland

It is a well-published concern that in order for the United States to maintain and expand its capabilities in the world of cybersecurity. Currently, there is a capacity issue: students cannot readily be added to the education system, especially at the community college level, because trained faculty are scarce. The weak link in the cybersecurity workforce supply chain is often finding faculty who can be effective and provide the proper encouragement to students to join the cyber workforce. Our answer: Tapping into cybersecurity experts as adjunct faculty.  Cybersecurity experts in the workforce have the potential to fill the need for part-time cybersecurity faculty at the community college level.  By tapping into the pool of working cybersecurity experts and retired individuals from government positions whose background fits the typical qualifications listed above, a viable long-term strategy can be developed. Currently, the Reach To Teach project is exploring these possibilities through a research effort and a pilot “REACH TO Teach” online course (See Figure 1) funded by the U. S. Defense Department.  

Introduction to Community Colleges, Ethics and general structure of a course 

The typical Community College student, Faculty codes, Crafting  goals and objectives 

Teaching concepts – moving from concrete to abstract  

Teaching concepts – using group work in your class 

Teaching concepts – using case studies in your class 

Teaching concepts – using discussions during a class 

Figure 1:  Cybersecurity Teaching Corps Course Content

The Cyber Security Faculty at Sinclair prides themselves on hands-on learning.  This is no exception for our security classes.  The faculty at Sinclair have taken notes from such conferences as Defcon to get their students involved in the classroom.  Currently, the department uses everything thing from hardening blade servers as a part of our Securing a Windows Network Environment class to lockpicking and WiFi Pineapples in our Network Security course.  Recently Sinclair was awarded funds from the NSA to help improve their hands-on experience.  With these funds, Sinclair will be purchasing new blade servers that students will be hardening in teams.  Then it will be attacked by other teams in that same class. The funds will also cover Open-Air PC's where students will be creating a SCIF style environment in the classroom.  Mobile devices and tablets will also be purchased for the Cyber Forensics class so the students can learn hands on mobile forensics.  The Computer Infomation Systems Department at Sinclair College believes that if students get their hands on hardware for hacking and defending it will ignite a learning passion for Cyber Security.

Kyle Jones

Current cyber-threats are imminent for all organizations as it is evident from the reporting of weekly data breaches. However, the shortage of cybersecurity workforce has been well documented and remains a major concern for future sustainability and resilience of our cyber infrastructure. Since 2012, Dr. Levy has been working to establish relationships with federal agencies (FBI, DHS, NIST, NSA, & USSS) to have their Special Agents and key personnel come to an annual event where over 200 high-school students bused to the university campus for a day full of passion and excitement about cybersecurity education and career path. This presentation will start with an overview of a self-funded “Cybersecurity Day” event that has been successfully running yearly each October, the cybersecurity awareness month, and will also highlight the presentations provided by agency personnel along with feedback notes from the high-school students and teachers who attended the event.

Yair Levy

This special interest group discussion focuses on the challenge of educating cyber security experts (multiple specialty domains), engineers (of all fields), and supporting personnel (managers, testers, analysts, etc.) to understand the cybersecurity and resiliency implications associated with the development and operation of complex cyber-physical systems. In contrast to conventional cybersecurity thinking (i.e., Confidentiality-Integrity-Availability), Cyber-physical systems are often operated in real-time with an emphasis on availability and safety over confidentiality. Moreover, the United States Department of Defense (DoD) is increasingly concerned with the successful operation and resiliency of defense focused cyber-physical systems such as aircraft, ships, missiles, command and control systems, navigation subsystems, and other combat-focused DoD Major Weapon Systems (MWS) of interest in highly contested cyberspace environments.

This special interest group is particularly interested in further understanding and studying principles of resiliency as they apply to complex cyber-physical systems such as DoD MWS. Discussion of supporting requirements and their corresponding metrics is also desirable. Emphasis is given to recently released NIST SP 800-160, Systems Security Engineering, available at and recent work by the MITRE Corporation on Cyber Resiliency (available at and

Logan Mailloux and Robert Mills

This presentation summarizes the presentations and discussions at the Northeast Region CRRC workshop on virtual platforms and exercises design for cybersecurity competitions.

Jake Mihevc

This Fast Pitch will highlight a library of adaptive, personalized, performance-based instructional modules designed by National CyberWatch to facilitate developing mastery of Information Security Fundamentals. These materials were created under a Core Curriculum Cybersecurity grant from the National Security Agency. The library will be presented and discussion will include an overview of the process of becoming a pilot implementation site for the Spring 2018 semester.

Casey O'Brien

Capture-the-flag (CTF) competitions provide dynamic, real-time environments intended to engage and challenge the participants. However, they are often not designed to be educational. Rather, they simply provide a series of progressively more difficult challenges in which the participant must find the flag (answer). As these challenges are typically devoid of any direction, this can lead to participants being unable to progress any further in the CTF and therefore unable to achieve educational goals. This presentation will discuss the process of hosting a CTF, their limitations, and common workarounds. We will then discuss our successes and failures in utilizing existing CTF frameworks in the classroom. Finally, we will introduce a custom designed CTF framework that aspires to solve many of the difficulties inherent in the current CTF space. This framework introduces a novel hint system that allows for customizable help to be built for each challenge within a CTF event. The goal is to allow all to participate and progress through the challenges by providing varying levels of help throughout the competition.  This approach maximizes learning and student engagement, opening the utility of such frameworks to the classroom. The framework will be made publicly available upon conclusion of the presentation.

Josh Stroschein & Andrew Kramer

It is well-known that there is a tremendous need for cybersecurity talent in the industry and government agencies. According to a recent (ISC)2 report, there will be 1.8 million unfilled cybersecurity positions by 2022.  In this talk, we present our approach at RIT to help alleviate the cybersecurity workforce shortfall.  It includes our partnerships with industry to provide real-world scenarios for students to practice and our MicroMasters in Cybersecurity offering on edX to reach worldwide learners. The preliminary results in increasing diversity and career changing students are encouraging.

Bo Yuan

Capitol will integrate a security operations experience into its Bachelor of Science in Cyber and Information Security and related degree Programs (Computer Science and Management of Cyber Information Technology). These unique operational experiences will better prepare our graduates to protect and defend networks by integrating required tools and technologies into a concept of operation (CONOPS). Students will be trained and mentored by vendors, faculty and alumni knowledgeable of SOC operating tools and techniques. Students will receive industry recognized certifications (forensics, malware analysis, scripting) where appropriate and focused experience with those tools.

William Butler

National Science Foundation programs of interest to the CAE in Cybersecurity Community.

Susanne Wetzel

This content is behind our user login. Please go to to view this PDF. 

Lynne Clark

The information booklet for the 2017 CAE in Cybersecurity Community.

CAE in Cybersecurity Community

This proposal describes an ongoing, interdisciplinary project (funded by NSA) to address persistent cybersecurity challenges identi ed in several national initiatives such as NICE and CNAP. The project proposes a set of activities and services designed with an interdisciplinary perspective to provide e ective solutions to such challenges. The proposed project is innovative for several reasons: 1) The project begins with a research component that will guide key steps of the project and add to the body of knowledge in cybersecurity education. 2) It includes collaboration between IUP’s Institute for Cybersecurity and the university’s Writing Center in order to deliver instruction to students from rural areas and help improve their soft skills. This collaboration puts to work the established expertise of a group of faculty from four di erent disciplines, see below. 3) It proposes the use of multiple approaches to solve persistent challenges in cybersecurity education including: peer-tutoring, weekend workshops, interactive learning experiences, exible delivery format, exible structural design, a summer camp, and the formation of a local cybersecurity consortium. 4) It is easily replicable for other institutions and rural areas. 5) It employs a set of assessment approaches throughout various project execution phases.

Waleed Farag

Cyber threat hunting has emerged as a critical part of cybersecurity practice. However, there is a severe shortage of cybersecurity professionals with advanced analysis skills for cyber threat hunting. This presentation presents an effort to develop freely-available, hands-on teaching materials for cyber threat hunting suitable for use in two-year community college curriculum, 4-year universities curriculum, as well as for collegiate threat hunting competitions.  Our efforts will be focused on the following two areas.  (1) develop hands-on learning experiences that cover two important areas in threat hunting: threat analysis and security data analytics, and (2) build institutional capacity by integrating at least seven hands-on labs on threat hunting into existing curricula at two participating institutions: UNC Charlotte and Forsyth Tech.

Our hands-on labs focus on exercising a set of essential technical skills (called the threat hunting skill set) in an enterprise environment and they are modeled after real-world scenarios. Our lab environment contains real threats (e.g., malware) against real software (e.g., Operating Systems and applications), and real security datasets. These labs are designed to help a student learn how to detect active and dormant malware, analyze its activities, and assess its impact. These labs also teach a student how to search and probe for anomalies in a variety of datasets using multiple analytical skills, such as statistical analysis, machine learning, and data visualization. Our labs are designed at different difficulty levels suitable for use by two-year community college students, 4-year university students, as well as for collegiate threat hunting competitions.

Bei-Tseng "Bill" Chu & Deanne Wesley

PUPR hosts a competitive graduate IA security program under the Master of Science in Computer Science (MS CS) with a specialization in Information Technology Management and Information Assurance (ITMIA), a track in Cybersecurity under the BS CS and BS CpE programs, and two (2) graduate security certificates: 1). Graduate Certificate in Information Assurance and Security (GCIAS); 2). Graduate Certificate in Digital Forensics (GCDF). All these programs serve a large, mainly Hispanic, under-represented student population. The MS CS ITMIA covers most of the aspects of Computer Science, IT Management, and focuses on Information Assurance to protect data and information at large. Computer Engineering focuses on software and hardware security, software development, and internet engineering, with an emphasis on cybersecurity. The GCIAS covers both technical and managerial aspects of IA and Security while the GCDF covers the technical aspects of Digital Forensics including knowledge and skills to protect, detect, recover and mitigate data loss and theft. PUPR has offered more than 25 core courses in cybersecurity at both the undergraduate/graduate level such as: Software Assurance, Terrorism & Cybercrime, Mobile Applications Development Security, Reverse Engineering and Software Protection, E-Discovery and Digital Evidence, Ethical Hacking, Cryptography Application, Network Security, E-Discovery, Digital Forensics I and II, Computer Security, Penetration Testing, Social Engineering, Principles of Information Security, Contingency Planning, IT Auditing and Secure Operations, E-Commerce Security, Database Security and Auditing, Management of Information Systems, Social Media, Law Investigation and Ethics, Nuclear Forensics, among others.

Alfredo Cruz

This talk will describe an innovative approach to cybersecurity education that the Johns Hopkins University Information Security Institute (JHUISI) is developing under a grant from the CAE Cybersecurity Grant Program.  The goal of the project is to introduce the latest cybersecurity topics and materials to a broad audience of community college students.  This effort is centered on the development of a series of educational video modules and accompanying learning materials that target community-college-level students with an in-depth exposure to the forefront subjects of cybersecurity research.   These materials can be delivered in flexible modes, as a complete in-classroom course with reading materials, lectures, and exercises and assignments, as modular components in classes studying cybersecurity, or simply as online resources to improve the awareness and digital hygiene of the interested general public. 

To develop the course, JHUISI is leveraging its past experience with Hagerstown Community College (HCC) where for the past two academic years of 2015-2017, JHUISI has worked closely with HCC to provide an advanced course called Cybersecurity Select Topics, consisting of over 10 special topic lectures on various advanced research topics from JHUISI faculty, staff, and graduate students.

In this talk, I will describe how we are taking our HCC experience to the next step to develop a complete cybersecurity course kit that will be made available to any community college or other audience that requests it.

Anton Dahbura

If you have any problems accessing content or questions, please contact