Symposium Presentation Archive

Symposium Presentation Archive

The CAE in Cybersecurity Symposium Presentation Archive contains materials submitted to the CAE in Cybersecurity Community for the annual Symposium. Symposium materials include fastpitch, presentations, and general session information. In 2019, the CAE in Cybersecurity Symposium included 2 tracks, CAE-CD and CAE-R. This change is reflected in the archive with content listed under its respective track. Certain materials may not be added to the archive. If you need to request the material from the community, a note is provided instead of the presentation with instructions on how to obtain a copy.

Karthika Subramani, Jordan Jueckstock, Roberto Perdisci, Alexandros Kaprevalos
Aaron Baker, Quentin Covert, Odin Bernstein, Dr. Josh Stroschein
Michael Du Mez, Riley Asp, Brock Holtschlag, Caleb Gullickson, Jacob Mahoney Chase Heim, Collin Shultz, Corner Shultz, Charles Carlson, Logan Koneczny
Maureen Van Devender, Dylan Johnson, Terry Foster, Tyler Jones, Blaine Galle
Madeline M. Moran, Anna Hart, Loretta Stalans, Eric Chan-Tin, Sheila Kennison
Mike Burmester, Dan Schwartz and William Goble, Ryan Sloan, Sophia Villalonga, Jordan Gethers, Laura Battle
Robert Hill, Loic Tchuenkou, Vinton Morris, Dr. Kevin Kornegay, Dr. Md Tanvir Arafin
Sajib Biswas, Timothy Barao, John Lazzari, Jeret McCoy, Xiuwen Liu, Alexander Kostandarithes

Western Governors University (WGU) never had a club until 2020. Our Club went from 0 to 3,500 students in the first year. Currently We have 5,500 in our student club and 2,500 in our Alumni Club. In ten minutes I can provide an overview of how to build a robust club that helps students learn, network and prosper in today’s educational landscape.

Mike Morris

In this fast-pitch presentation, we will argue that the cybersecurity curriculum should include fundamental knowledge units such as information theory, game theory, and war game stratagems

Bo Yuan

This presentation outlines how we built the Openstack infrastructure, automated the implementation of student projects, and work with students so they treat the Capstone Projects as real-life jobs. At USD, we found that local businesses were reluctant to allow students the opportunity to evaluate, and implement security on an operational system. We developed the USD Cyber Cloud (a private cloud using OpenStack) to have an isolated sandbox that can be quickly configured to give the student (Student Groups) a fully functional business network system. In this safe environment they can perform all the required tasks to conduct a security engineering review of the client’s system, conduct Vulnerability Assessments, Penetration Testing, and based on findings, create and execute a hardening plan to make the system secure. The hardening plan is the “What”; execution of the hardening plan is the “How”. The development of an Information System Security Plan plus the other testing report builds a portfolio of achievements for the students.

We, Cybersecurity educators, understand what knowledge is needed to be successful in Cybersecurity and to foster a culture of ethical behavior. Now, we need an environment and method to allow students to execute and implement this knowledge safely risk free.

Chuck Bane

Software reverse engineering skills are fundamental to producing a capable cyber security workforce. However, analyzing binaries is often difficult for computer science students and others in related areas due to the curriculum emphasis on efficient software development. At the same time, while artificial intelligence techniques, powered by machine learning and deep learning models, have shown promise to make software reverse engineering less labor intensive, there are a number of practical challenges software reverse engineers must overcome so that they are practically effective for program analysis and software reverse engineering. In this presentation, we will summarize our efforts in incorporating AI techniques to our software reverse engineering courses, where IDA Pro and Ghidra are used as the main tools. With proper setups, we show that the tools for control flow and data flow techniques along symbolic executions can be effective in malware analysis.

Xiuwen Liu, Mike Burmester

This talk will discuss the lessons learned from a project put in place by Nova Southeastern University (NSU), College of Computing and Engineering in collaboration with the Miami-Dade Public Schools (MDCPS) on a dual-enrollment program for high-school students from minority and underserved schools throughout the Miami-Dade district. The project allowed support for two entry-level Computer Science courses at the ABET CS program (under the Advanced Academics division at the school district) with additional extra-curricular activities (under the Career and Technology Education (CTE) division at the school district) focused on cybersecurity certificate using TestOut platform to prep the students outside the course for CompTIA Security+. The session will discuss the steps taken to address the course registration process, legal issues that the university faced and how we overcome those, along with coordination for advertising of the courses, student recruitment and continuous support for the enrolled students.

Dr. Yair Levy

In this Fast Pitch Session, I will share with other CAE institutes how CAE-CD designation has helped The Citadel take Cyber Programs and Activities to the next level. The Citadel started with an undergraduate minor in Cybersecurity in 2012, and became CAE-CD in 2016 with the academic path of BS in Computer Science with a minor in Cybersecurity. The Citadel was the second college in the State of South Carolina with CAE-CD designation. Students from The Citadel Students have been awarded DoD CySP Scholarship every year since 2017. The Citadel hosted the first GenCyber Camp in South Carolina in 2016. The Citadel hosted All-Girls GenCyber Camp in 2019.

The Citadel was awarded the first NSF SFS Grant in South Carolina in 2020. The Citadel has started to offer BS in Cyber Operations in Fall 2020. The program has been designed based NSA Center of Excellence in Cyber Operations. The Citadel is working with University of South Carolina (CAE-CD, CAE-R) on a NCAE-C Research Grant. The Citadel is working with University of Memphis, University of West Florida, North Carolina A&T University on a NCAE-C Grant for Cyber Education for Critical Infrastructure. The Citadel has established Citadel Department of Defense Cyber Institute (CDCI) in Fall 2020. This is a joint initiative with five other Senior Military Colleges - Texas A&M University, Norwich University, University of North Georgia, Virginia Tech, and Virginia Military Institute. Students at The Citadel have formed Cyber Club, WiCyS Chapter.

The Citadel Cyber Team actively participates in different Cyber Competitions - National Cyber Exercise (NCX), Southeast Collegiate Cyber Defense Contest (SECCDC), NSA Code Breaker Challenge, Cyber Red Zone CTF, Palmetto Cyber Defense Contest, and National Cyber League (NCL). The Citadel hosted a Cyber Bootcamp for South Carolina Army National Guard in Summer 2021. The Citadel worked with Army Cyber Institute on Jack Voltaic Project. The Citadel hosted Jack Voltaic Conference on Cyber Resiliency for Critical Infrastructure on Feb 24-25, 2022. The conference program included sessions on Cyber Workforce Development for Critical Infrastructure, Cyber Education for Critical Infrastructure, Cyber Risk Assessment for Critical Infrastructure, Federal and State Policies and Capabilities for Critical Infrastructure protection against Cyber Threats. The conference program also included a Cyber Table-top Exercise and Student Case Scenario Exercise. The Citadel faculty actively participates in CAE Community by working as a mentor and reviewer for CAE applications.

Shankar Banik

Fairleigh Dickinson University once again got designated as a National Center of Academic Excellence in Cyber Defense through the academic year 2026. During the process, NSA and a committee of academic peers has validated FDU’s BSCS with Cybersecurity Concentration offered at FDU’s Florham Campus through academic year 2026. At FDU, we have managed to achieve our goals after two years of extensive work on several Program of Study validation project activities involving planning, implementation and coordinating efforts that started in the year of 2019. The scope of the validation project consisted of four domains including program and curriculum enhancements, students’ enrichment, faculty, and support, in addition to the continuous improvement’s domain. Our success story in this program has been materialized in 2021 through securing four NSA Cybersecurity scholarships to our students. We shall continue to pursue continuous improvement and excel in the field of cybersecurity for the information security and safety of our nation. Hence, we are proposing to introduce our success story in obtaining this achievement and what has lead to reach our goals.

Furthermore, in April 2021, FDU was awarded the Expanding Access to Computer Science Education: Professional Learning Hubs grant from the NJ Department of Education to support the creation of a Computer Science Hub at FDU and to provide professional learning opportunities for New Jersey educators and to promote the growth of computer science. The services provided by the CS Hubs will help realize the strategic goals identified in the NJ Computer Science State Plan including Interactive Community Building to Support School Administrators, K-12 Teacher Professional Learning, Web Repository of Tools & Lesson Plans Accessible to All, and Culturally Responsive Teaching Practices.


Ihab Darwish

Cybersecurity Education for K-12 institutions and Universities across the USA is vital in the present time. In this presentation, I will be covering the best practices and approaches to enhance the partnership between K-12 institutions and Universities to enhance Cybersecurity education.

Deveeshree Nayak

Knowledge Units are “owned” by the schools, yet schools do not take advantage of updating and modernizing them. This presentation will present how schools can update KU’s to have better alignment with their curriculum and improve the ecosystem for all. This presentation will include audience participation as a means of evangelism and outreach. The objective is to get more people involved in making the KU’s work for their program.

Art Conklin, Seth Hamman

Funded by the NCAE-C Cybersecurity Education Diversity Initiative (CEDI), our presentation describes a two-year collaboration between a large urban Colorado HSI and a small rural Colorado HSI. The cybersecurity program at Colorado’s newest CAE designated university, MSU Denver, is growing rapidly with a new Cyber Range. In addition, MSU Denver also offers BS and MS degrees in CYB and is quickly becoming an established cybersecurity program with the Mountain West region. The satellite institution of Trinidad State College is in a very remote part of Colorado, Alamosa Valley and is just now establishing a brand-new cybersecurity program, spearheaded by Serena “Sully” Sullivan. Unlike Denver, Alamosa Valley is sparsely populated. The CEDI HSI collaborative between these two schools is an excellent example of how 4YR universities can work shoulder to shoulder with 2YR colleges throughout the KU-CLO mapping process.

By teaming up Colorado’s preeminent CAE mentor, Joe Murdock (University of Colorado-Denver), Nikolaus “Klaus” Streicher (MSU Denver’s Senior Cyber Range Instructor), and Serena “Sully” Sullivan (Director of Technology at Trinidad State College), Drs. London and Beaty were able to demonstrate the efficacy of simultaneously employing three different perspectives (i.e., student experience, instructor experience, and mentor experience) or three different levels of analysis to successfully negotiate and align KUs to TSC-Alamosa Valley CLOs. Drs. London and Beaty conclude that developing a new cybersecurity college curriculum should not take place in isolation. While a cybersecurity instructor often establishes a new cybersecurity program with a CAE mentor, Drs. London and Beaty recommend that adding an experienced cyber undergraduate student to the team can result in “added value” to the KU-CLO mapping process.

The undergraduate cybersecurity student has a valuable experiential knowledge base (as a learner) that informs the mapping process from the inside out. Students can often help instructors and mentors by adding a “third” perspective to the alignment process. As an important aside, the TSC CLO’s (used for alignment) were provided by Ms. Serena Sullivan. During the alignment process, an effort was made to reduce the total number of courses used to align with KUs. The intention is to mindfully create advantageous outcomes to be shared with other CEDI partner institutions. In doing so, the intention is to streamline the CAE application process for other participating CEDI institutions. As an additional note, the Colorado Community College System (CCCS) utilizes a shared “statewide” course numbering system (CNS). Due to the statewide shared CNS for all courses within Colorado’s publicly funded community college system, specific TSC CLOs used for this alignment will also work for the entire Colorado Community College System. In other words, the alignment of TSC CLOs holds promise for scaling up to statewide alignment with nationally recognized KUs.

Jeffrey London, Steve Beaty

In September 2020, the Critical Infrastructure Resilience Institute (CIRI) - a DHS Science & Technology (S&T) Center of Excellence at the University of Illinois Urbana-Champaign - led a Cybersecurity and Infrastructure Security Agency (CISA)-funded project and team of academic partners (Auburn University, Purdue University, University of Tulsa) in the creation of a comprehensive plan to develop a nationwide cybersecurity education and training hub & spoke network to address the nation’s chronic and urgent cybersecurity workforce shortage. The envisioned national network will develop and deliver Incident Response (IR) and Industrial Control Systems (ICS) curricula conformant with the NIST National Initiative for Cybersecurity Education (NICE) Framework.

This presentation discusses the research findings from this project related to the current state of IR curriculum (degrees, certificates, technical courses) in the CAE community and makes the case for an increase in the number of CAE schools focusing on this critical area.

Casey O’Brien, David Umphress

Aviation cybersecurity is an increasingly important problem for not only our nation but also the whole world. From vulnerabilities in avionics embedded system critical for flight operations in an aircraft to a wider network of international airports, cyber threats are more pervasive in aviation today. Airport and airlines face millions of cyberattack attempts annually and this trend will persist. A recent report from Europe in 2021, for example, shows cyberattacks on aviation increased by 530% in a year.

Embry-Riddle Aeronautical University—Prescott, AZ, is a NCAE-C leading aviation cybersecurity education and research. It is also a National Science Foundation (NSF) Scholarship for Service (SFS) institution for aviation and aerospace cybersecurity. The Aviation Information Sharing and Analysis Center (A-ISAC) is an international, non-profit organization that fosters information sharing and collaboration between different stakeholders in the community. They enable trusted sharing of vulnerabilities, threat intelligence, and best practices so that the aviation industry’s is better prepared to manage cyber risks and incidents.

In this presentation, we will talk about a recent collaboration between the NCAE-C at Embry-Riddle Aeronautical University—Prescott and the Aviation ISAC. The collaboration aimed at designing and developing an aviation-themed cybersecurity competition and offering the competition at DEF CON Aerospace Village and Aviation ISAC Annual Summit in 2020. The goal was to raise awareness both of aviation-specific challenges for the cybersecurity community and of cybersecurity issues to the aviation ecosystem, and foster talent in the subject areas.

This NCAE-C innovated and developed a novel aviation-themed Capture-The-Flag (CTF) competition. The story involved a group of hackers attacking and compromising a tier-1 airport with insider help, including ticketing kiosks, airline servers, flight information displays, transportation security, runway lights, aircraft, and more. The competition participants are the defenders, who are required to help regain control of compromised systems, prevent an aircraft from taking off, identify the insiders, and help bring normalcy back at the airport and its surrounding airspace. The CTF focused on knowledge, skills, and abilities in cybersecurity (e.g., password cracking, log analysis, computer forensics, and ethical hacking), intelligence (e.g., OSINT), and aviation (e.g., crew, avionics, air traffic control communications, airline operations, security screening, airport information systems, and aviation cyber-physical systems).

The presentation will overview the CTF project and discuss some challenges we faced in it. For example, following the pandemic outbreak, both DEF CON and Aviation ISAC Summit went into safe mode and all-virtual. The competitions were redeveloped and offered virtually, so that participants could register and participate in the competition from their remote locations. On the other hand, both competitions were free and open to anyone in the world. We had over 200 participants from many countries participate in our cyber competition. We will also talk about some of our future work in this area.

Jesse Chiu, Krishna Sampigethaya

The North Carolina Community College System’s Security Compliance course (SEC-258) introduces information security compliance and standards along with how they apply to corporate IT environments. Topics included in the catalog description of the course include ISO standards, government NIST frameworks, federal and state compliance requirements, security policies, incident response and business continuity planning. We have also added a CMMC module to the course. Unfortunately, many times the course content is dry and requires pure memorization. Join us, for this presentation to share and discover new ways to deliver a compliance course in a more “”handson”” format. In short, we intend to move students from remembering compliance regulations to understanding and applying security controls and governance.

Joseph Jeansonne

Western Governors University (WGU) never had a club until 2020. Our Club went from 0 to 3,500 students in the first year. Currently We have 5,500 in our student club and 2,500 in our Alumni Club. In ten minutes I can provide an overview of how to build a robust club that helps students learn, network and prosper in today’s educational landscape.

Mike Morris

While a Performance Based Education (PBE) conversion process was underway through an NSF grant at TSTC, the COVID-19 pandemic necessitated an accelerated and sharp turn in the Texas State Technical College hands-on technical model as courses were moved from an in-person to an online modality in the Cybersecurity program.

This brought multiple challenges and lessons learned including instructional content, access, hardware/equipment, software, and communication. This presentation will identify the challenges and solutions implemented for a successful PBE journey.

Norma Colunga-Hernandez, Amy Hertel

This fast pitch session will describe how the Information Technology—Networking and Cybersecurity department at Johnson County Community College (JCCC) established a K-12 pathway with a large local district, Blue Valley Schools. The pathway provides students the opportunity to complete the JCCC Cybersecurity Certificate program tuition-free alongside their high school education. Successful students will receive both their diploma and the Cybersecurity Certificate upon graduation from high school. The session will discuss:

  • Building the pathway
  • Strategies for recruiting students into the program
  • Working with the state department of education to increase opportunities
Andrew Lutz

Employers are citing a significant disconnect between the needs of their organizations and what higher education institutions are turning out in their cybersecurity-related education programs, with only 23 percent believing that college graduates are fully prepared to enter the cybersecurity industry with a certain knowledge set and applicable technical skills. One recent response from a major corporation to a request for information issued by NICE indicated that “the current [education] environment does not provide a common baseline set of skills from which to build the role-specific knowledge necessary to meet employer workforce requirements.

Problems in Matching to Internships: For a student without meaningful work experience, the only document is a university transcript that usually only contains the course information (i.e., name, number, credit hours) and accompanying letter grades along with the current and cumulative GPA, but they fail to provide specific information about the actual skills or rigor used to obtain that grade. The content and difficulty of each course can vary widely among institutions. Students cannot simply hope to stand out to employers based on their grades alone because universities lack normalized standards for the rigor of content in each course. Employers require a more work-skill specific transcript that matches the needs of the job specification.

The primary issue when hiring new graduates into the industry is correctly matching employer needs with student skills. For example, employers need web socket programming, or React API or Java Spring Boot but do not know how to measure the rigor of the skill. In this fast pitch, we present a workforce Readiness (WRT) transcript (we are building by crawling through the Canvas) tailored to the individual student with a quantifiable substantiation of preparedness for employment as a cybersecurity professional that includes a match percentage to an advertised internship and missing skills.

Ram Dantu, Mark Thompson

Most young people do not know what a cybersecurity professional is, the skills required to reach and excel at a high level or a pathway to pursue the goal of a cyber-based career. The joy and impact of learning cybersecurity through competitions is still in its infancy.

Using the NICE framework, we are starting to use metrics to measure competencies in competitions. The NSA/CAE Evidencing Competency grant team is measuring competency using NICE Framework Tasks and Work Roles in labs, ranges, and competitions. This includes an ABCDE approach to competency statements. A = Who, B = What, C = How, D = How much, and E = Why.

This presentation will focus on how we can measure these competencies in competitions. In the future we can learn to measure cyber performance as well as we do athletic performance. We will create cybersecurity competition measurements enabling a spectator sport similar to traditional sports. This is not just a dream, it is a reality today for e-sports. It is time we put our passion, creativity, effort, and money where our future is.

Dan Manson, Morgan Zantua

While the job market for cyber talent has hit record numbers, employers have found it quite difficult to recruit quality individuals to fill the ranks. There are intense efforts to identify and hire employees with related experience, yet with limited success.

Beginning in 2020, a team of 4 higher education institutions established an NSA funded consortium named Cybersecurity Workforce Certification Training initiative or CWCT with the support from N-CAE. CWCT leadership projects by September of 2023 when this round of funding concludes, 1,100 people will be trained.

By design, 75% of the trainees in CWCT come from those who have served our nation, state, or local communities – via the military, law enforcement, 1st responders, etc. To date, our records show that 71.2% of the trainees are from underrepresented populations, 29.3% are women, which fits well with the desired demographic most employers are looking for. We are proud to announce our potential completion rate is currently running over 80%, well beyond our expectations.

Our CWCT workforce development program has fully recognized the importance of workforce preparation through academic training and competency measurement through the industrygovernment recognized certifications. The CWCT program goes one step further to develop a Job Placement program through workshops on resume building and interview skills development, and more importantly, introducing job opportunities to our training participants through CWCT virtual job fairs and other unique efforts.

This Fast Pitch talk will provide a quick synopsis of the CWCT initiative, then address our unique and successful approach to bringing employers and trained employees together.

Mengjun Xie

The UAH Cyber Force Incubator (CFI) is a cybersecurity workforce development program which recruits students from UAH, partner colleges and universities, and some Alabama high schools. CFI students are enrolled in an extracurricular cybersecurity and work place behaviors training program. Select students who pass the aforementioned training are nominated for security clearance. Students are hired to work on UAH cybersecurity research and development projects and students are placed into internships at government and industry partner locations.

Tommy Morris

No matter how stressful the thought of an interview may be for you, there is an easy answer. Each person has a collection of responses that can be used to solve almost every question, and the best part is that there is no wrong answer! The answer that the interviewer is looking for is your personal story. It is a collection of events that shaped you as an individual and will ultimately be the deciding factor in your success in the role and within the company. Each of you has been on a project, worked on a team, failed, and succeeded. You all have experienced challenges and overcame them, or maybe not.

What we must do as interviewees is pull our experiences out and frame them so that it becomes a story with us as the main character. We need to us as a character who experiences conflict and then arrive at a resolution. The story will contain our experiences and are unique to use, which is essential when competing for roles.

In this fast pitch, the attendee will find examples relating their personal story to the most common interview questions. Finding the right mix of challenge and conflict in school projects, extra-curricular events, work, or class lessons is as easy as understanding what the interviewer is looking for in future team members. The storytelling takes some practice and polish, but it still is your story to tell.

Robert Loy

Manufacturing is not only the backbone of U.S. military-technical advantage, but also a major contributor to the U.S. economy. A healthy, innovative, and vibrant manufacturing sector is essential to the economic strength and national security of the United States. The Industrial IoT, coupled with 5G, security in IIoT, machine learning, and artificial intelligence, is impacting the future and growth of manufacturing. In this presentation, we will discuss and live demo how we use the zero trust model, machine learning, and 5G to design and implement a secure smart manufacturing testbed in a lab environment. The further discussion also includes how we collaborate with the manufacturing outreach center to engage local manufacturers and show business use cases that smart factories can drive value.

Loyce Pailen, Kimberly Mentzell

This is a presentation of research completed to compare higher education information security policies to the NIST risk management framework. A surprising event occurred when it was found that the higher ed institutions were using the NIST cybersecurity framework instead, which incorporates parts of the RMF. This workshop presents the results of this research along with a discussion.

Matt Paulson

Software Defined Network (SDN) is a programmable network that separates the network data plane from the control plane. However, lots of security threats and issues are concerned in software defined network. In this work, in order to reasonably complete the cyber attack situation evaluation in the SDNs, we proposed a cyber attack situation evaluating method based on multi-dimensional features analysis in SDNs. Cyber attack detection features were considered and improved their computation methods about four typical cyber attacks in SDN. Correlations vectors between any two different cyber attack features using variety of measures was considered.

Mininet was used to establish our experiment environment, in which we simulated four typical cyber attacks to verify and analyze our method in the experiment.

George Meghabghab, Roane State

The Computer Forensics Teaching Resources Workshop is designed to share our experience teaching CECS 7235 Computer Forensics and CECS 7237 Advanced Computer Forensics to Computer Science graduate students at Politechnic University of Puerto Rico over the last decade. We will begin with a brief overview discussing the relationship between Computer Forensics and Cyber Defense and our Computer Forensics Graduate Certificate Program. We will then describe the teaching resources that we are using in our courses with an emphasis on hands-on laboratory experience. This will include textbooks (Nelson-Phillips), lab manuals (Blitz) and internet resources such as NIST CFTT, CFREDS, Digital Corpora, and the DFRWS (Digital Forensics Research WorkShop Conference). We will also discuss our experience with Computer Forensics Software tools such as ProDiscover, Forensics Toolkit, OSForensics and Autopsy. In addition we will discuss the philosophy we used to decide what material to include in the advanced course and how we deal with operating system compatibility issues (Windows vs. MAC OSX).

Jeffrey Duffany, Alfredo Cruz

This submission will be a 15 minute overview of a post-GenCyber Teacher Camp activity that provided guidance to teachers for a focused Raspberry PI project for their high school students. The project included post-camp follow-on meetings for teachers to develop their skills and proficiency in using the Raspberry Pi to teach Linux concepts and cybersecurity tools.UMGC trained eight dedicated H.S. teachers who were committed to implementing the project in their schools. All teachers had varying successes and challenges.

We feel that discussing the project outcomes to the larger CAE community will support the success of similar endeavors and remove roadblocks teachers often encounter. This session is unique for a few reasons. First, this was a very focused post-camp activity. Also, the teachers involved had to implement the Raspberry Pi project despite it not being an established part of their curriculum for the academic year. The session will provide an overview of how we planned and managed the teacher training and tool support in a virtual environment. A brief review of the lesson plan will be discussed. The theme of Pi project for students included using Kali Linux; Linux intro / basic commands; Network basics with Wireshark; and Password cracking. Session attendees will receive the excellent Raspberry PI lesson plan developed by one of the teacher participants.

Loyce Pailen, Kimberly Mentzell

How do you ensure your CAE outcomes are consistently addressed from class section to class section? This workshop will provide some best practices to ensure student assessment and KU content is addressed in every section.

Brandy Harris

The Critical Infrastructure Protection (CIP) set of standards is developed by the North American Electric Reliability Corporation (NERC) to ensure the protection of assets used to operate North America’s Bulk Electric Systems (BES). Any entity that owns or operates any type of BES in the United States and Canada must be compliant with the requirements of the NERC-CIP Standards. This talk provides an overview of the NERC-CIP Standards to describe its relevance to the protection of one of our critical infrastructures: electric utility entities, to establish its harmonizing relation with the NIST Cyber Security Framework (NIST CSF), and to disseminate our workforce development program in this area of national need.

Guillermo Francia

Modern power grids, such as smart grid and micro-grid systems, have various intelligent and sophisticated controllers at all stages of generation, transmission, sub transmission, distribution, and customer ends. Moreover, renewable energy sources (wind generator, photovoltaic systems, etc.) are being connected to the grids through various power electronics components and energy storage systems (ESS). According to a recent report, solar and wind together represent roughly 10 percent of the world’s installed capacity. These power electronics devices as well as energy storage systems are also based on robust and intelligent controllers that may have internet-connectivity for their real-time operations.

However, there is a high possibility of cyber-attacks at those control and communication systems, which may be adversely effected and consequently major power disruptions or even blackouts may happen. ESS are important assets in power grids, capable of providing several essential services to systems dominated by intermittent renewable energy resources. Cybersecurity attacks exploit vulnerabilities in communications or control systems to disrupt system operations or execute malicious actions. With the advent of distributed energy resources (DER), which include consumer-owned small ESS often connected to public networks, the attack surface has greatly increased. This fast pitch will cover the basics of cybersecurity issues with the smart power grid, and also will discuss about the smart grid security workshop held at the University of Memphis on March 25, 2022, for a wide range of audiences.

Mohd Hasan Ali

This proposal discusses considerable benefits of a recent outreach project to strengthen relationships between Indiana University of Pennsylvania (IUP), an established CAE for over two decades, and several Community Colleges (CCs) and technical institutes across Pennsylvania. IUP has been working with several CCs for years to promote cybersecurity education and research in the western PA region. With support from a Capacity Building Project that focuses on outreach to technical and community colleges funded by the DoD and as a part of the Cyber Scholarship Program (CySP), IUP has built long-term relationships with several CCs throughout PA and provided engaging and highly rated professional development opportunities in cybersecurity to faculty and students at six institutions. The main goal of the project is to find additional ways to recruit qualified students into the cybersecurity field and DoD CySP to help protect the nation’s cyber infrastructure. This goal was achieved through increased faculty and student development (via a series of collaborative cybersecurity workshops), and a wider network/partnership with several CCs and minority institutions. Specifically, our workshops have been designed in such ways to ensure that all participants will develop the following skills, abilities, and knowledge:

  1. Faculty and students are able to self-organize their work, collaborate, and be successful in assessing and resolving vulnerabilities in digital space.
  2. Faculty learn new cybersecurity teaching methods that help increase knowledge retention and develop plans for continuing education and professional development.
  3. Students leave the workshops with a vast set of skills, including programming specialty computers and embedded systems.
  4. Faculty and students learn procedures for ensuring software integrity through hands-on activities such as hash generation and verification.
  5. Faculty and students develop interest in cybersecurity and are motivated to further their study of advanced techniques in cybersecurity to protect systems from vulnerabilities.

We have offered six workshops that each consist of two full days delivered over two successive Saturdays or during a semester break. Workshops were originally delivered face-to-face, but we shifted the delivery mechanism online due to the pandemic. We delivered workshops to the following CCs and technical institutes geographically distributed across PA: Westmoreland County CC, Pennsylvania Highlands CC, Laurel Business Institute, Laurel Technical Institute, Butler County CC, and Northampton CC. Below is a list of benefits and outcomes that resulted from this outreach project:

  1. We built excellent relationships with faculty and administrators at six institutions across PA.
  2. We were able to provide well-received, cybersecurity professional development to about 120 faculty and students at six different institutions.
  3. Our offerings continued to be engaging after the shift to online delivery, which has been shown in the participants’ high ratings of all sessions.
  4. Efforts in this project have facilitated ongoing collaboration work that involves about half of PA community colleges working with IUP to enhance cybersecurity and STEM education.
Waleed Farag

The healthcare ecosystem involves several interconnected stakeholders with different and sometimes conflicting security and privacy requirements. Sharing medical data, particularly remotely generated data, is a challenging task. Although there are several solutions in the literature that address the interoperability & scalability functional requirements of such services, as well as the security & privacy requirements, achieving a good balance between these is not a trivial task as off-the-shelf solutions do not exist. On one hand, centralized cloud based architectures provide interoperability & scalability, but make strong trust assumptions. On the other, decentralized blockchain platforms support independent trust management and data privacy, but typically do not allow dynamic changes of the underlying trust domains.

To address this challenge we propose a hierarchical multi-expressive blockchain architecture that addresses this challenge by providing: (a) dynamic trust management between different authorities, (b) flexible access control policy enforcement at the domain and cross-domain level and, (c) a global source of trust for all entities by an immutable forensics-by-design auditing mechanism. Fine-grain access is enabled by using an attribute based encryption scheme that provides a single access point that cannot be bypassed by users or authorities and that supports flexible shared multiowner encryption, when attribute keys from different authorities are combined to decrypt data. The effectiveness of the proposed approach is validated experimentally. The multi-blockchain has also been implemented using the Hyberledger Fabric.

This work based on the following publications of the presenter.

  1. JANUS: Efficient multi-authority & multi-domain attribute based access control in practice, submitted, 2022.
  2. A hierarchical multiblockchain for fine grained access to medical data, V Malamas, P. Kotzanikolaou, TK Dasaklis, M. Burmester, IEEE Access 8, 134393-134412, 2020
  3. A forensics by design management framework for medical devices based on blockchain, V Malamas, TK Dasaklis, P Kotzanikolaou, M Burmester, S Katsikas, IEEE World Congress on Services (SERVICES) 2642, 35-40, 2019


Mike Burmester, Xiuwen Liu

The need for cybersecurity workers is clear. With a documented current shortage of cybersecurity workers in the U.S. identified as over 300,000 openings, the need to attract, and retain more future cybersecurity workers could not be more clear. Many efforts have been created to address this need and have had clear positive results. These include the use of summer camps & competitions to increase interest in the field, reaching out to underrepresented populations to help fill the need, and providing scholarships and using shared curriculum to help students through their educational pathway.

This presentation will discuss the implementation of a Community Based Life Cycle (CBLC) approach to help address this need. With the development of a Cyber Education Task Force (CETF), the ability to use a systems development approach to identify and align the efforts that already have been developed to help retain students’ interest in cybersecurity as a career. Through the use of professional and peer mentoring in a Cascade Advising approach, the professional mentors (and members of the CETF) would identify communities (summer camps, competitions, etc.), where peer mentors can be effective in helping newer and future students be successful.

Lonnie Decker, Teha Emmons

As the capability to detect network intrusion has increased, so has attackers’ ability to avoid detection. Commonly, attackers use Secure Shell (SSH) to hide their identity. SSH securely connects two hosts together and encrypts their interactions. The first step to preventing Stepping-Stone Intrusion is to be able to detect if it occurs, in this regard, much research has been done to detect intrusion by looking at downstream network traffic, that is, the traffic flowing to the victim and back from them, but detection methods looking at upstream data, which is the traffic flowing from the attacker and back towards them from a sensor, are inadequate and underrepresented in the field.

To this end, a potential method for upstream detection has been devised. By observing the upstream connection, we can match a send packet with its respective echo packet, and as a result, determine the round trip time (RTT) of that packet. When looking at a series of these matches, we can find the average RTT of all the packets, and then the standard deviation of the RTTs among matches. We estimate that, as a result of the increasing routers, hops, and physical distance between them, transmission will vary more the further a sensor is from a victim. By observing the standard deviation of these RTTs at different places in a long connection chain, we may be able to discern a usable standard or pattern that can determine the length of a downstream connection, and with modification, estimate the length of an upstream connection.

Jianhua Yang

Critical Infrastructure training based on the current threat environment is at a high level throughout the nation and worldwide. A concerted effort by multiple professors, professional cybersecurity personnel, students and staff, a workshop has been developed based that provides training on current topics using in some cases actual examples of security incidents, demonstrations such as pen-testing and necessary remediation steps and methodologies. The current topics include the current state of cybersecurity, ransomware, threat level/surfaces, zero trust architecture, cyber risk assessment from a data-driven view and the work from home/remote office environment. The workshop/training provides not only research based initiatives but also insight and experience of cybersecurity practitioners.

Dipankar Dasgupta, Jim McGinnis

This presentation shares a best practice in teaching network defense based on recent research on network security. Computer networks as part of critical infrastructure facilities and assets for most organizations are facing increasing challenges in defending against various and sophisticated cyber threats, intrusions, and attacks. Knowledge discovery is a key factor in cyber defense, and honeypots could be an effective tool for gaining knowledge for cyber defense. The research for this presentation draws upon a cyber defense knowledge model based on the classic of The Art of War and focuses on the use of honeypots for network intrusion detection. The cyber defense model highlights the role of knowledge (and the lack of knowledge) discovery of strengths and vulnerabilities of yourself and your opponent in cyber defense. This presentation illustrates the dynamics of the knowledge and its network security benefits using honeypots in a simulation of detection of intrusions and distributed denial of service (DDoS) attacks on a virtual network.

Ping Wang

Concerns with cyber-attacks in the form of ransomware are on the mind of many executives and leadership staff in all industries. Inaction is not an option, and approaching the topic with real, honest, and hard discussions will be valuable ahead of such a possible devastating experience. This research note aims to bring thoughtfulness to the topics of ethics in the role of cybersecurity when dealing with ransomware events. Additionally, a proposed set of non-technical recovery preparation tasks are outlined to help organizations bring about cohesiveness and planning for dealing with the real potential of a ransomware event. Constraints from many factors come into focus during preparations for ransomware, and a method to categorize them is detailed. Finally, the use of Incident Command Systems is well known and documented in emergency management, and a proposed model for integrating this process for ransomware episodes is sketched.

Stanley Mierzwa

The Internet of Things (IoT) paradigm promises to make “things” include a more generic set of entities such as smart devices, sensors, human beings, and any other IoT objects to be accessible at any time and anywhere. IoT allows for the interconnectivity of devices or objects to collect, send, and receive information. IoT varies widely in its applications, but one of its most beneficial uses is in the medical field. Healthcare utilizes IoT and its emerging technologies to provide more efficient and quality care for patients while reducing the workload and burden on healthcare facilities. IoT provides a mainstream method for healthcare professionals to analyze patient data in real-time and make informed decisions regarding patient care. However, the large attack surface and vulnerabilities of IoT systems needs to be secured and protected.

This work investigates various applications of IoT in healthcare and focuses on the security aspects of the two internet of medical things (IoMT) devices: the LifeWatch Mobile Cardiac Telemetry 3 Lead (MCT3L), and the remote patient monitoring system of the telehealth provider Vivify Health, as well as their implementations. Our research explores the security issues with these IoMT devices and proposes efficient solutions to better protect them. Security is a requirement for IoT systems in the medical field where the Health Insurance Portability and Accountability Act (HIPAA) applies. While there is a risk that sensitive and protected health information may be compromised in the use of IoT systems, effective implementation of robust security measures and risk mitigation techniques can ensure that IoT can be an invaluable system of technologies that enhances the quality and efficiency of patient care.

Lixin Wang

Stepping-stone intrusion is a hacking strategy in which an attacker sends attacking commands through compromised hosts, called stepping-stones, in order to remotely access a target host. These stepping-stones form part of a connection chain that serves as an intermediary between the target and attacker hosts, providing the attacker with increased anonymity and detection avoidance capabilities. It is well-known that a long connection chain with three or more connections often indicates malicious activities. In a long connection chain, it is possible for the sender to transmit the next request packet before the sender receives the response for the previous request. In such a case, some request and response packets may cross each other somewhere along the chain, producing packet crossover. In prior work, it was demonstrated that the number of crossover packets in a given data stream should be proportional to the length of a connection chain. In this work, we develop an innovative detection method for stepping-stone intrusion based on crossover packets, referred to as Crossover-Packet Detection. Our network experiments demonstrate that our proposed Crossover-Packet detection method is resilient to hackers’ session manipulation such as chaff perturbation or time jittering.

Lixin Wang

As the cyber threat landscape continues to evolve, the critical shortage of cybersecurity professionals continues to expand, particularly in Critical Infrastructure Sectors. This session will highlight three innovative cybersecurity workforce development programs, funded by the NCAE-C Program to address that challenge. An overarching goal is to support other CAE-C designated institutions in developing similar upskilling and reskilling training programs to complement their academic degree programs and multiply the pathways toward cybersecurity jobs. The presenters will offer a call to action to the CAE-C Community and discuss how other CAE-C institutions can leverage the programs’ resources and platform to launch similar programs.

The National Cybersecurity Workforce Development Program is a nationally scalable program that focuses on recruiting, preparing, and placing over 1650 transitioning military, first responders, and veterans into cybersecurity roles across Critical Infrastructure Sectors. CyberSkills2Work is led by the University of West Florida and supported by a coalition of 10 NCAE-C designated institutions across the country, including CAE-CD, -R, -CO, 2Y, 4Y, and MSI institutions. The program offers 15 flexible training pathways that address 15 NICE Cybersecurity Framework work roles, help students develop hands-on skills via industry certifications, cutting-edge tools, and training courses, and document their competencies via digital badges and credentials. CyberSkills2Work includes a National Employers Network to connect students with employers and job opportunities, and a one-stop-shop web portal for students, employers, and institutions.

The University of Louisville-led Coalition (composed of 10 NCAE-C schools, including four HBCUs) Cybersecurity Workforce Development Program focuses on collaborating and leveraging resources and expertise to create cybersecurity curriculum addressing use cases in healthcare and logistics. The online asynchronous flexible cyber curriculum includes technology vendor credentials such as IBM, Microsoft, Google etc. matched with subject matter experts as well as participants partnered with success coaches networked within businesses. Three levels of progressive knowledge of cybersecurity (new/emerging cutting-edge technologies) are offered on topics, including blockchain, post quantum cryptography, artificial intelligence, and cognitive computing. A gaming app is available on the Google and App store free to anyone.

The CWCT, led by Purdue University Northwest and other three CAE institutions, has been launched to recruit and train over 1000 transitioning military, first responders, and other adult learners in the field of AI and Cybersecurity. Training participants have been engaged with educators and advisors at each phase of their CWCT journey including interest inspiration, pre-knowledge assessment, structured learning, certification preparation, career mentoring, and job placement. CWCT fully recognizes the importance of workforce preparation through online academic training and competency measurement through industry-government recognized certifications. CWCT goes one step further to develop a Job Placement Program through workshops on resume building and interview skill development, and more importantly, introducing job opportunities to training participants through virtual job fairs and other unique efforts.

Eman El-Sheikh

In this presentation Chris Simpson will discuss National University’s mapping of low cost and open source labs to the NICE Workforce Framework and course learning outcomes using the online database Airtable. He will also provide updates on some new free and low cost lab environments that might be of interest to the CAE community.

Chris Simpson

This presentation will review the development of a week-course for high school students. The course is designed to introduce students to the exciting science of Cybersecurity using an experiential gamification approach to learning Computer Science, with an emphasis on application and teamwork. The course includes practice using current Cybersecurity industry tools and technologies, development of cyber detective skills, and academic team competition. The course is offered during the Honors Summer Academy on the Oklahoma Christian University campus. Students attend 50-minute lectures and labs for 5 days. The last day students apply their acquired cyber sleuthing knowledge and skills to escape from the Sherlock Holmes Escape Room.

Curtis Coleman

Deepfake technologies, which allow malicious actors to produce fake images, videos, and audio clips, are reaching an unprecedented convergence of quality, scalability, and ease of use. It will soon be possible to mass-produce highly realistic synthetic content that may be generated and spread faster than fake media detectors can manage. The proliferation of these technologies poses clear threats to society and democracy (for example, consider the dangers of shared videos wherein politicians give fake speeches). It appears that the future of information channels which we rely on when forming our beliefs and opinions is on the shaky ground unless detection technology can gain the upper hand. Synthetic audio detection is one key element of managing this threat.

Chengzhe Sun, Ehab AlBadawy, Siwei Lyu, Timothy Davison, Sarah R Robinson, Nathaniel Kavaler

By combining technologies such as Network Function Virtualization and Service-Based Architecture with decentralized and cloud deployments, the fifth generation of cellular networks (5G) aims for unprecedented Quality of Service, and use-cases in smart industry, emergency operations, remote medicine, and more. The increased attack surface introduced by this transition as well as the critical nature of the 5G communications require, more than ever before, a rigorous analysis of 5G security. In this talk, we analyze the security implications introduced in the 5G Core, and the existing security solutions proposed in the 5G standard. We explore the model of Zero Trust Architecture (ZTA) and we discuss how it is supported by the 5G Core standard. With Virtualization and Cloud deployment being significant factors in the increase of the attack surface, we expand ZTA principles to include the software and hardware of the deployment stack. We leverage Trusted Execution Environments (TEEs) to ensure confidential computing on untrusted deployments and our analysis shows how our proposed model handles the increased attack surface and reinforces the ZTA principles in the 5G Core, without any changes to the 5G standard. Finally, we provide experimental results that demonstrate the overhead incurred by our model in terms of performance and monetary cost.

Norbert Ludant, Marinos Vomvas, Guevara Noubir

Presented here is an overview of CanarySat, which is an open, virtual model of a cube satellite (CubeSat) and a satellite ground station. The goal of this project was to produce a high-fidelity, extensible modeling framework that will allow cybersecurity researchers and satellite designers to investigate cybersecurity solutions targeted specifically at CubeSats and other small satellite platforms. Unlike the typical desktop and server computer systems, space-based systems have significant limitations in terms of their computational resources, the available energy resources, and communication bandwidth. CanarySat facilitates evaluation of competing cybersecurity solutions based upon the effectiveness of the technique, the computational overhead, and the energy consumption. To guide development of CanarySat, we have acquired the ISISpace CubeSat Development Platform, which is a flight-proven, cost-effective system which serves as the engineering model for training, development, and testing. Prior to selection of this cubesat platform, we performed a trade study which examined and compared the available commercial-off-the-shelf cubesat and ground station systems. The platform we selected includes the actual flight computer, electrical power system, communications system, and attitude control system as well as the ground station. Our student researchers have constructed both a Satellite Power Scheduling Application and the baseline CanarySat model. The Satellite Power Scheduling Application is an application that allows satellite designers to estimate the energy requirements of their missions and explore trade-offs between performance and power consumption for different on-board computer systems. The application includes a database of performance and power consumption data that was collected via a sequence of experiments performed on representative single-board computers (SBCs). The baseline CanarySat model includes an orbital physics model built within Simulink and the open-source COSMOS command and control software which serves as the satellite ground station. The orbital physics model is deployed on a representative single board computer, and the COSMOS ground station software executes on a desktop or laptop computer. Our student team demonstrated the ability to issue commands from the ground station and view the satellite attitude changing in the Simulink model. The students have also demonstrated successful operation of an image processing workload to simulate an earth observation mission. We are currently engaged in the development of proof-of-concept cyberattacks against the CanarySat model to demonstrate the utility of CanarySat for cybersecurity research.

David Coe, Aleksandar Milenkovic, Jeffrey Kulick and Letha Etzkorn

The growing adoption of zero-trust architectures brings the principle of complete mediation to the forefront of well-designed, secure systems. Despite the potential for zero-trust to improve the security and resilience of systems from cyberattack, practical adoption of these architectures is hindered by lack of sufficiently trustworthy origin authentication within untrusted networks such as the Internet. Notably, problems with authentication exist due to stolen credentials and mobile clients used by remote workers that are easier for threats to compromise than traditional workstations hiding behind boundary firewalls. The result is that access control for the protection of critical assets increasingly depends not just on user authentication but also on context-sensitive techniques, e.g., behavior and location, to monitor and isolate such threats. In this talk, we introduce path-aware risk scores for access control (PARSAC), a novel context-sensitive technique to enrich access requests with risk scoring of the path taken by those requests between the authenticated user and the resources they access. These path-aware risk scores enable another layer of security for traditional access control systems that addresses the need for fine-grained monitoring and enforcement within a zero-trust architecture. We define rules for general functions that can be used to determine risk and instantiate a specific approach to calculate path risk scores. We have evaluated our approach with realistic network graphs and discovered that PARSAC finds more paths with lower risk when compared with traditional routing algorithms that select the shortest path.

Philip Brown

Recent advances in the development of quantum computing hardware have accelerated the interest of preparing information systems for the post-quantum world. Grover’s unstructured search and Shor algorithm for period-finding have potential applications in security, cryptography, and communications in general. We present in this paper the evaluation and simulation of proofs of concepts, gates, and experiments for quantum circuits along with explanations of their potential applications to computing and security. The circuits explore several aspects of quantum computers such as superposition, parallel calculations, amplitude amplification and phase estimation. These circuits and gates were also tested on real quantum computers to assess their behavior.

Hugo Delgado

V8 is the open source interpreter developed by Google to enable JavaScript (JS) functionality in Chrome and power other software. Malicious threat actors abuse the usage of JS because most modern-day browsers implicitly trust script code to execute. To aid in incident response and memory forensics in such scenarios, our work introduces the first generalizable account of the memory forensics of the V8 JS engine and provides practitioners with a list of objects and their descriptors extracted from a memory image. These objects can be used to reveal key information about a user and their activity. We analyzed the V8 engine and its garbage collection process. We then developed and validated a Volatility plugin – V8MapScan – to reconstruct V8 objects from a memory image. The runtime of the V8 engine is housed within the V8 isolate which contains its own heap manager and garbage collector. Within the heap of the isolate exists a root object map known as the MetaMap. By using the MetaMap and a object-fitting technique, we were able to extract objects, object-maps, and object properties. The V8MapScan plugin scans process memory for the MetaMap data structure contained within the V8 isolate using its data structure, references to objects can be found and extracted. Our findings were verified with Chrome DevTool’s Heap Profiler. Our approach recovered the majority of objects indicated by the heap profiler with common types such as the ONE BYTE INTERNALIZED STR type returning more than 98.9%. Lastly, we provide a case study using our tools on the Monero Cryptocurrency Miner. This material is primarily based upon work supported by National Security Agency (NSA) and Department of Defense (DoD) under grant H98230-20-1-032.

Ibrahim Baggili, Samuel Bergami, and Enoch Wang

Currently, the INSuRE program is one of the main efforts of the Community of Practice in Research (CoP-R). As part of this panel, Technical Directors from four different government agencies and national laboratories will share information on their backgrounds, research interests, as well as their involvement and experience with the INSuRE program. A major focus of the panel is for the Technical Directors to not only discuss the benefits of the INSuRE program to the three stakeholders of the program (i.e., students, academic institutions, and to the government - represented by the agencies and labs) but also address the challenges that may arise as students, faculty, and Technical Directors jointly carry out the various projects. 

Susanne Wetzel, Timothy Davison, Roland Varriale, Edward Zieglar

In 2017, six universities (five NCAE-C and one candidate) joined together (“Power of 6”) to establish a pilot program to demonstrate their ability to develop cybersecurity talent pathways for women and underrepresented students for civilian and military positions in the Department of Defense (DoD). Norwich University, University of North Georgia, The Citadel, Texas A&M, Virginia Tech, and Virginia Military Institute share a common identity as senior military colleges but had never previously teamed to create and fund academic, experiential, and research opportunities for cybersecurity students.

In 2018, the “Power of 6” built bipartisan Federal support of Senators and Congresspersons to insert language in the 2019 National Defense Authorization Act to establish DoD Cyber Institutes. In 2019, the “Power of Six” gained federal appropriations support to fund this pilot effort to help fill the cybersecurity workforce gap. Using a common framework, the Cyber Leader Development Program, the “Power of Six” successfully completed their first pilot program year and are fully engaged in Phase II!

Panel focus: Now in Phase II (2022-2024), the DoD Cyber Institute team is excited to share their pilot program insights on outreach activities, collaboration with government and military organizations, student professional development and experiential opportunities, and strategies for other NCAE-Cs to develop similar cybersecurity opportunities for students and faculty.

The panel moderator, Dr. Sharon Hamilton, Colonel (Retired, US Army), Norwich University, has led the “Power of 6” team since its inception in 2017 and is the Principal Investigator and Program Director for this initiative and grant.

Panel members will consist of Dr. Hamilton and two cybersecurity leaders from NCAE-C universities partnered in this pilot program.

  • Dr. Bryson Payne, University of North Georgia, Professor, Cybersecurity
  • Colonel (SC Army National Guard) Linda Riedel, Citadel DoD Cyber Institute (CDCI) Deputy Director, Operations and Outreach
Sharon Hamilton, Colonel Linda Riedel, Dr. Bryson Payne

This presentation is about to identify conversational bots using blockchain technology, a first step to address trustworthy challenging when social media applications are mixed with human users and social bots. Internet persona or account user profile for social bots usually is hardly being used to distinguish conversational bots from other human users. PASS (Personal Archive Service System) using blockchain technology has built in the Proof of X mechanism. The usage of such built in feature into bot identification makes users aware of bot interaction which could mitigate the threat of disinformation by social bots. Moreover, in practice, we add feedback bot score, called syn points stored in the chain during the process of registration, verification and lifecycle monitoring.

Dr. Zhixiong Chen

Over the last decade, many public health research efforts have included information technologies such as Mobile Health (mHealth), Electronic Health (eHealth), Telehealth, and Digital Health to assist with unmet global development health needs. This presentation provides a background on the lack of documentation on cybersecurity risks or vulnerability assessments in global public health areas. This presentation suggests existing frameworks and policies be adopted for public health. We also propose to incorporate a simple assessment toolbox and a research paper section intended to help minimize cybersecurity and information security risks for public, nonprofit, and healthcare organizations. - Further slides will be provided prior to the event to be shared.

Stanley Mierzwa

As long as we have people, social engineering is a threat. Hacking the human element has only gotten worse with most people working, playing and communicating online. With its prominence, shouldn’t this be a part of all cyber defense and operations curriculum? In this session, you will learn techniques for teaching it either as its own class or within other classes. Everyone in security needs to understand human weaknesses and the best ways to protect and defend against human threats and vulnerabilities. Attendees will learn the importance of human factors, psychology, and leadership for security professionals. The session leaders will show how security controls may be bypassed by a person’s intentional or unintentional acts and methods for reducing the cyber risks associated with human error and social engineering. Attendees will leave with a firm grasp of social engineering techniques and how the laws of influence can be used to breach security controls. The techniques discussed here are taken from books such as, “Influence, The Art of Persuasion”, “How to Win Friends and Influence People,” and “Social Engineering, The Science of Human Hacking.” The objective isn’t to make attendees paranoid, but aware of their surroundings and how they may be vulnerable to the power of human hacking. Learn how social engineering and human hacking is incorporated into a cybersecurity curriculum as one of its most popular classes. All cyber instructors need to learn how to social engineer their students before they social engineer you.

Ronald Woerner, Karla Carter

Existing literature show that Escape The Room themed games have not been used much in cybersecurity education and outreach. In this fast pitch talk, we will present an original Escape The Room themed cybersecurity educational game, which consists of a set of nifty cybersecurity challenges in the form of beginner’s puzzles on a variety of introductory cybersecurity topics, including cryptographic ciphers, social engineeringbased phishing attacks, online fake web certificates, and ransomware attacks. We have specifically developed this cyber educational game as an experiential learning activity that is driven by realistic scenario-based cybersecurity challenges, and can be played in teams. We have successfully implemented this game as a team learning exercise that can be offered in a virtual learning setting. We will share our experience (including lessons learned and takeaways) of hosting this game as part of a virtual cybersecurity educational summer camp for a high school audience, where remote learners participated in this game in “Breakout Room” teams within a Zoom meeting session. Our presentation will include an overview of this novel “Escape The Breakout Room” game, and a discussion on hosting this game over Zoom as part of a virtual cybersecurity education camp, or a virtual introductory cybersecurity class. Under the current COVID-19 pandemic situation, when cybersecurity education is going virtual, this new instance of an Escape The Room themed cybersecurity educational game and its experiential team learning approach would be of interest & relevance to the CAE community, including all cybersecurity educators, who are particularly looking for engaging, competitive virtual learning activities at a beginner’s level.

Ankur Chattopadhyay, Meghyn Winslow

This Fastpitch covers Eastern New Mexico University-Ruidoso IS258 Cyber Ethics, Career Development, and Professional course curriculum developed and endorsed jointly by an advisory team from ExxonMobil, DOD U.S. Navy, Academia, New Mexico Workforce Development. The rationale for student taking this course was to provide students with the necessary understanding and abilities to apply ethics in the cyber world. This course prepares students to apply cyber ethics in the workplace and in furthering their careers.

Stephen Miller

UNT’s new B.S. in Cybersecurity was formally approved by the Texas Higher Education Coordinating Board (THECB) in March 2020 with an implementation date starting in the Fall 2020 semester. Given the rapidly changing and often unchartered environment that cybersecurity operates in, the B.S. in Cybersecurity was created to provide a high quality, academically challenging, and career-enriching educational program that is responsive to industry trends, changing standards, and employer needs. Approved only a few months before the program launch, we will discuss the lessons learned in the design and implementation of this new, high demand interdisciplinary degree program. In particular, we would like to share the technical, logistic, and marketing opportunities and challenges that we faced during this past year as we worked to get our new program off the ground, especially as we were met with further obstacles of social distancing and remote learning requirements due to COVID-19.

Mark Thompson, Ram Dantu

As we become a more digital society, it imperative that first responders, including EMS and law enforcement, become well-versed in the role that technology plays in their field and understand the security implications demanded in this changing environment. Most existing continuing education (CE) credits, however, are only offered specifically for technical job requirements, such as de-escalation techniques and airway management training for law enforcement and EMS certified personnel, respectively. We propose offering CE credits in cybersecurity and forensics for first responders, working with the applicable agencies such as the Texas Commission on Law Enforcement (TCOLE) and the National Registry of Emergency Medical Technicians (NREMT) for approval. The training modules for EMS personnel would, for example, include hands-on experiments focusing on securing first responder operations, devices, and privacy such as securing mobile applications and sharing emergency information via mobile devices and HIPAA-compliant confidentiality protection of patient data such as vital signs (e.g., blood pressure, heart rate, respiration rate, blood oxygen). We will discuss our novel interdisciplinary training approach and then review the process from creating our curriculum to getting approval from the appropriate agencies.

Ram Dantu, Mark Thompson

A brief summary of the educational, research, and community outreach activities conducted by The University of Memphis Center for Information Assurance.

Tony Pinson

With many “entry-level” positions in the cybersecurity industry requiring 3-5 years of experience, numerous students and recent graduates find themselves at a loss on how to launch their careers in this field with an ever-growing need for professionals. The question becomes, “How can students take their knowledge from curriculum to career?” The National Cyber League (NCL) does just that in a way that makes learning feel like playing. The NCL vision is to provide an ongoing virtual training ground for students to develop, practice, and validate their cybersecurity knowledge and skills using nextgeneration, high-fidelity simulation environments, based on industry-relevant learning objectives. This offensive and defensive cybersecurity capture-the-flag (CTF) game is based on the CompTIA Security+ and maps to the NIST NICE Framework and NSA CAE Knowledge Units so that the comprehensive, individualized Scouting Reports each player receives provides metrics that matter! Join this panel led by NCL Assistant Chief Player Ambassador, Kaitlyn “CryptoKait” Bestenheider, and supported by NCL Commissioner, Dan Manson, NCL Lead Player Ambassador and professional penetration tester, Meredith Kasper, and the NCL Game Maker from Cyber Skyline, Franz Payer. The panel will discuss the importance of creating on-ramps for students to launch their cybersecurity careers, the NCL integration with CAE Knowledge Units, and how NCL supports schools CAE accreditations

Dan Manson, Kaitlyn Bestenheider, Meredith Kasper, Franz Payer

The open-source cyber gym provides a hands-on Google cloud learning environment flexible for both instructors and students. Instructors have access to custom-built workouts mapped to skills in the NICE Framework and Security+ Standards or instructors can create their own workouts. When ready, an instructor initiates a system build for the number of students or teams in their class. From here students have access to independently control their workout both in the class and outside of the class. This session will explore the experience in deploying this technology to over 500 students in the state of Arkansas and show the cloud costs for various workouts. We will also walk participant through the setup and live build from the viewpoint of the instructor and demonstrate the automated assessment reported back to the instructor. This material is based upon work supported by the National Science Foundation under Grant No. 1623628. The project is available at emerginganalytics/ualr-cyber-gym.

Philip Huff, Sandra Leiterman

The first CAE National Competition will be held throughout the 2021-2022 academic year and is designed to increase student and faculty engagement with competitions throughout the CAE program. The competition is oriented towards students who are new to cybersecurity competitions, and will include an extensive training and practice environment, regional competitions, and the National Finals to be held at the 2022 CAE Executive Leadership Forum. The challenges within the competition will be CAE-sourced to allow each of the unique facets of cybersecurity education to be components of the competition. This presentation will provide an overview of the project as well as the challenge submission and compensation framework that encourages CAE faculty to collaborate and contribute to the project.

Jake Mihevc,Math Ron Sanders

The University of Maryland Global Campus (UMGC) is developing a robust graduate degree program in Cyber Operations (CO). The program was designed from the beginning to ultimately obtain an NSA/DHS CAE-CO designation. With this in mind, the subject matter experts and curriculum designers focused on the required knowledge units and built in the artifacts to meet other CAE criterion like explicit focus on CO, integration of CO into the foundational courses, and content currency. This session will also review the faculty and student involvement as well as research concerns required for the designation and how the institution approached these concerns. While the UMGC program has not yet been designated as a CAE-CO, this session is valuable to those who are considering a program and for those who may face re-designation hurdles.

James Robertson, Loyce Pailen

Covid-19 has created tremendous challenges for academia. Last spring, faculty across the U.S. moved suddenly and completely to virtual teaching. This fall, as many of us continue to teach primarily online, we are developing quality resources, including videos and other materials that facilitate learning in this new environment. As a result of the pandemic, the role of the CAE community is more important than ever. Cyber attacks have increased, as hackers are exploiting the new vulnerabilities posed by the massive migration to work-from-home across all industries. CLARK, funded by NSA (grant# H9830-17-1-0405), hosts over 750 free cybersecurity learning objects under the creative commons non-commercial license. CLARK’s Plan C is an opportunity to gather cybersecurity resources developed during these trying times and expedite publication on the CLARK ( platform. During this workshop, the CLARK team will work with faculty to upload their curriculum content to the Plan C collection, fine-tune their learning outcomes with the “Blooming Onion” app, and map to CAE knowledge units. By contributing curriculum, the CAE community can help faculty across the country teach cyber in their online classes. Participants will receive a small stipend for each contribution.

Blair Taylor, Sidd Kaza

The use of NICE Cybersecurity Workforce Framework (NCWF) is critically important to ensure consistency across cybersecurity jobs in government, industry, and academia. Nova Southeastern University (NSU) has been a leader in cybersecurity education for many years and was among the first in the state of Florida to receive CAE designation. NSU received the initial CAE designation in March 2005 and received CAE re-designation in 2009 and 2014. Over the past several months the faculty and staff of College of Computing and Engineering (CCE) at NSU has been working with the NSU Career Development Office (CDO) staff ( on the integration of the NCWF into the student advising process. The CAE 2020 Fastpitch presentation provides an overview of the collaboration model between the CCE and CDO at NSU that includes exposure of the framework to the career advisors, the relevant job roles for the NSA/DHS designated cybersecurity programs offered by the CCE, the creation of a Career Development Newsletter specifically for computer science and engineering students, as well as the development of sample student resumes specifically aligned with the NSA/DHS designated NSU cybersecurity programs.

Dr. Yair Levy

This proposal discusses the findings of an interesting research study with the objective of identifying writing and communication challenges faced by both cybersecurity students and professionals in the field and proposing effective solutions to address these challenges. This research study was part of a comprehensive project (funded by the NSA) intended to enhance cybersecurity education in western PA. To achieve the project’s objectives, we designed and conducted a QUAN-QUAL mixed-method study which collected survey data from students enrolled at two US-based institutions, and interview data from 27 professionals working in the cybersecurity field within the US and elsewhere. This proposal discusses results related to the quantitative component of our research while briefly commenting on the related findings of the qualitative component. To better understand the backgrounds and needs of the study participants, and attempt to capture various challenges they face in the area of communication skills, the employed quantitative instrument was designed to primarily address the following two research questions: • Which courses did aspiring cybersecurity professionals identify as valuable? Are there group differences? • How did undergraduate students describe their present attitudes and skill level in terms of writing and oral communication? This presentation will expound our research findings including an identified gap of high school courses that prepare students to succeed in the field, and differences in perception of the importance of writing and communication skills among various student groups. The presentation will also provide recommendations and lessons learned from implementing an effective educational service to address the identified challenges.

Waleed Farag

The ultimate goal of an educator is to build students towards a successful career outside the classroom. The top careers today focus on technology, from software development to IT management to cybersecurity, yet businesses often struggle to find qualified people to fill these positions. This session provides actionable solutions for teachers and school administrators for teaching critical computing, cybersecurity, and technical troubleshooting skills. The presenter will share tips, tools, and techniques for building our next generation of cyber experts in ways that build critical technology skills while remaining fun and accessible to all students. He will share ideas for getting technology into the classroom, finding mentors to help with instruction, and engaging students to learn through cyber clubs, camps, and competitions. One of the biggest challenges is influencing students to enter fields that lead to technology careers. He does this by hacking; not the evil kind, but the type defined in the Hacker Dictionary as “one who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.” The techniques discussed in this session allow students to use their native curiosity to better and more safely use the technology around them. This session also covers teaching cyber safety, security, and ethics. Successful careers all start in our schools. Join me in building the next generation of cyber employees to solve the technical problems of today and tomorrow. This session is based on the TED talk, “Hackers Wanted.”

Ron Woerner

We propose a designed growth path for emerging researchers that does not currently exist. When Ph.D.’s defend, it is expected that their directed training and research focus will provide clear direction for impactful future work, but that assumption has not been realized. We propose an entry path for graduate students to better understand and contribute to research and administration publication functions that should enhance their academic prospects and help them add to scientific solutions business desperately needs.

Dr. Derek Sedlack

There is a pervasive talent deficit in cybersecurity that prevents employers from being able to find qualified job applicants. In a recent survey of cybersecurity professionals, most report that their teams are at least somewhat understaffed with open positions remaining unfilled. Many tools are available to bridge the educational gap for the cybersecurity workforce, but these tools do not take a holistic approach to security by addressing both operational technology (OT) and information technology (IT). With the recent convergence of IT and OT systems, vulnerabilities that were previously limited to IT have been introduced into the industrial environment. Therefore, it is vital to integrate industrial security concepts into current and future cybersecurity curriculum offerings. During this workshop, participants will learn about the CYBER security – Competency Health and Maturity Progression (CYBER-CHAMP©) model. CYBER-CHAMP was initially created as a tool for organizations to understand the security competency gaps in their workforce, but the model can also be utilized to inform academia and cybersecurity training providers. The model offers a methodology to increase security across an organization, which includes all work roles within a company and the best practices employees are expected to perform. Once these target roles are identified, the roles can be mapped to education and training options by identifying the everyday tasks an individual performs. This same mapping method can be used to reverse-engineer the education and training offerings that can be provided for students, the current workforce, veterans, and individuals in other disciplines who are interested in growing their knowledge of cybersecurity.

Jade Hott, Dr. Shane D. Stailey, Donaven Haderlie, Gary M. Deckard

We propose a designed growth path for emerging researchers that does not currently exist. When Ph.D.’s defend, it is expected that their directed training and research focus will provide clear direction for impactful future work, but that assumption has not been realized. We propose an entry path for graduate students to better understand and contribute to research and administration publication functions that should enhance their academic prospects and help them add to scientific solutions business desperately needs.

Dr. Derek Sedlack, Associate Professor, Colorado Technical University

This presentation is intended to discuss the promotion of security tools in general, and Wireshark in particular, in security-related classes at Nova Southeastern University (NSU). As a pioneer in cybersecurity education, NSU was striving to introduce students with hands-on experience in classroom settings. Wireshark is one of the most widely used tools in computer networking for deep packet analysis and has been used widely in several courses. In this presentation, we will cover a brief Wireshark introduction, and demonstrate a step-by-step process on how to set up and deploy the tool, identify protocols and payload, and perform analysis on security protocols such as SSL. Through this presentation, we hope to raise awareness, foster new ideas, and share the best practices in teaching hands-on skills within the CAE community.

Wei Li, Professor, College of Computing and Engineering at Nova Southeastern University

Learn how a program management process and a single document can support your faculty and also your course/program reviews. Elevate the instructor’s workbook into a tool that not only provides situational awareness and pedagogical foundations, but also helps to connect remote faculty and capture ideas and experiences in a hectic and demanding environment. Presuming that all faculty are experts in a course’s subject matter, the workbook does not focus on substantive knowledge. Rather, it helps to blend practical resources, pedagogical foundations, and experiential tips from prior teachers and students. Since Spring 2019, faculty in UNH’s online M.S. Cybersecurity Policy & Risk Management courses have utilized our workbooks and related processes. Our faculty especially value the workbook’s support with pedagogy and the learning management system, as well as the workbook’s accessibility and inclusion features that encourage each instructor to add comments and suggestions for improvement. In this Fastpitch Session, Prof. Maeve Dion provides an exemplar workbook, highlights the core features, and shares how the workbooks are utilized as part of our collaborative curriculum development and course review processes. Whether full-time academics or full-time practitioners, our faculty’s lives are busy and complicated. The COVID-19 situation has increased the complexity: more learning is remote, and instructors are delving more deeply into the functionalities of our learning management systems/tools and the best practices for online learning and teaching. Raise your concept of a workbook to a new level and explore how you might want to adapt it for your course or program.

Maeve Dion, Assistant Professor, University of New Hampshire

Cybersecurity has become a prevalent topic in many colleges, but how it should fit into the overall educational process is still not fully understood. A cybersecurity project at the University of Hawaii Maui College (UHMC), funded by the NSF ATE program, spans multiple disciplines and targets women and minorities. The goal of this project is to ensure that a broad audience of faculty, students and practitioners get trained in the fundamentals of cybersecurity. This is especially challenging during a pandemic, when all education is online. This project also targets students in middle and high schools, who are drawn to cybersecurity by the mass media but are not educated in the field or aware of future careers in cybersecurity.

Debasis, Bhattacharya, Assistant Professor, University of Hawaii Maui College

As the majority of jobs in Computer Science are software development oriented, Computer Science curricula have shifted towards producing software more efficiently. As a result, low-level concepts such as computer instructions, assembly programming and calling conventions that are fundamental to cyber security are only covered marginally. Ultimately the security of cyberspace depends on the programs we use; increasing their robustness to vulnerabilities will enhance cyber security greatly. How to engage software developers in secure coding and other cyber security practices becomes a fundamental challenge. At the same time, in order to handle the everincreasing complexity of malware and other programs, cyber security analysts heavily depend on specialized tools. This makes it even more difficult for typical software developers to comprehend the cyber security impacts. Without an intuitive grasp of the impacts of software vulnerabilities, it is difficult for software developers to get interested in the inherent cyber security threats. To overcome the challenges, we have developed universally applicable small programs that illustrate the importance of cyber security mechanisms. The programs are designed so that they can be tried using only commonly available tools such as compliers to maximize their reach. These simple programs overcome the barriers to most cyber security issues that rely on specialized tools. By relating these programs to fundamental issues in cyber security, software developers gain first-hand experience of the potential impacts of cyber attacks and therefore increase the awareness of cyber security importance. To illustrate the effectiveness of the approach, we have developed several examples. We have used variations of the tools in intro-level computer organization and programming courses, that have raised curiosity and interests to cyber security substantially

Xiuwen Liu, Mike Burmester

The Army Cyber Institute (ACI) is a national resource for interdisciplinary research, advice and education in the cyber domain, engaging DoD, Army, Government, academic and industrial cyber communities in impactful partnerships to build intellectual capital and expand the knowledge base for the purpose of enabling effective army cyber defense and cyber operations. The ACI focuses on exploring the challenges facing the Army (and likewise the Nation) within the cyber domain in the next 3-10 years. Using our multi-disciplinary, mission focused team of professionals as well as leveraging the United States Military Academy faculty and our various partners, we expand the body of knowledge and advise senior military and government officials. Our vision is to develop intellectual capital and impactful partnerships that enable the nation to outmaneuver our adversaries in cyberspace.

Dr. Lubjana Beshaj, Assistant Professor in the Department of Mathematical Sciences at West Point

INSuRE (Information Security Research and Education) has been an important activity within the CAE-R community, yet it remains unknown to many institutions. In this talk, we will present the history of the program, its evolution and its current state. We will discuss the values and the challenges INSuRE faces and its future directions.

Agnes Chan, Suzanne Wetzel

The Army Cyber Institute (ACI) is a national resource for interdisciplinary research, advice and education in the cyber domain, engaging DoD, Army, Government, academic and industrial cyber communities in impactful partnerships to build intellectual capital and expand the knowledge base for the purpose of enabling effective army cyber defense and cyber operations. The ACI focuses on exploring the challenges facing the Army (and likewise the Nation) within the cyber domain in the next 3-10 years. Using our multi-disciplinary, mission focused team of professionals as well as leveraging the United States Military Academy faculty and our various partners, we expand the body of knowledge and advise senior military and government officials. Our vision is to develop intellectual capital and impactful partnerships that enable the nation to outmaneuver our adversaries in cyberspace.

Dr. Victor Piotrowski, James Joshi

Moraine Valley Community College and University of Alabama Huntsville
Dakota State University and University of Colorado Colorado Springs
Dakota State University and University of Colorado Colorado Springs

The 2019 CAE in Cybersecurity Symposium General Program slide deck contains general symposium information, updates on the CAE in Cybersecurity Community Website, and the CAE Virtual Career Fair, sponsored by NCyTE and NSF.

Tony Coulson, Anastacia Webster, Amy Hysell

This slide deck includes upcoming events, speaker photos and bios, as well as important resources available to you as a Center of Academic Excellence in Cybersecurity. 

Anastacia Webster

To meet the ever-growing demand for well-trained, ethically responsible cybersecurity professionals, we looked to programs and students at community colleges in the Dallas-Fort Worth area as input for our new degree in cybersecurity. Then we applied curricular guidelines from CAE, NICE, ABET, and ACM to develop high quality, academically challenging, and career-enriching ABET-accredited pathways for community college students to a degree in cybersecurity that is responsive to industry trends, changing standards, and employer needs.

Mark Thompson and Ram Dantu, University of North Texas

The global cybersecurity crisis has challenged academic institutions to build and grow cybersecurity programs to help produce a skilled and knowledgeable cyber workforce. The current state of cybersecurity education is faced with three intersectional challenges: 1) a dire shortage of faculty and teachers, 2) a rapidly evolving field, and 3) limited access to quality curricular materials. While addressing the shortage of faculty requires a long-term solution, it has been shown that high-quality curricula not only helps institutions build programs, but also improve student learning outcomes. Increasing access to better curricula is a relatively inexpensive, yet impactful intervention. To help meet these challenges, the National Security Agency funded the CLARK Cybersecurity Curriculum Library (www. CLARK hosts over 700 quality-assured learning objects from over 70 institutions organized as collections, including the NSA National Cybersecurity Curriculum Program (NCCP) and the National Science Foundation C5 ( collections. This fastpitch will introduce the highlights of CLARK and provide examples of high-quality cyberlearning objects that can be immediately deployed in the classroom.

Sidd Kaza, Towson University, and Mark Loepker, National Cryptologic Museum

In 2017 the ACM (the world's largest educational and scientific computing society), with the Joint Task Force on Cybersecurity Education, published Cybersecurity Curricula 2017 (CSEC2017), guidelines for baccalaureate programs in Cybersecurity.

The ACM CCECC (Committee for Computing Education in Community Colleges) is developing curriculum guidelines for associate degree programs, based on CSEC2017, with expected publication in early 2020. These guidelines, code-named Cyber2yr, map to the CAE knowledge units for two-year programs.

Note also that the ACM CSEC2017 and Cyber2yr guidelines, respectively, are the basis for the ABET program criteria for Cybersecurity four-year programs, and the currently-under-development ABET program criteria for Cybersecurity two-year programs. This fastpitch session will present an overview of the ACM Cybersecurity curriculum guidelines with a focus on the forthcoming Cyber2yr guidelines for two-year programs, and how they map to the CAE knowledge units for two-year programs. The Cyber2yr guidelines can be used to develop or update a two-year Cybersecurity program that includes the CAE foundational and technical core knowledge units.

Cara Tang, Portland Community College

In 2018, NSF awarded a group of community colleges funding to establish a standalone CyberCorps®: Scholarship for Service program. These community colleges received funding for student scholarships, tuition, and related costs. The session will briefly review the recruiting and selection process, the different curriculum pathways and describe the target audience to receive these scholarships. The fastpitch will also discuss how the institutions have collaborated to establish a cohort of students across multiple institutions.


Kyle Jones, Sinclair College

This presentation will cover international opportunities for cybersecurity faculty to expand their technical and cultural vision of the discipline. Its purpose is to share experiences gained and to entice other academic or professional experts in cybersecurity to conduct research, pursue professional development, assist in curriculum development, and/or assess cyber best practices at international institutions through the Fulbright program. The Fulbright award, administered by the Council for the International Exchange of Scholars for the US State Department, provides a generous stipend to cover travel, food and lodging, and other personal expenses incurred during the duration of the award which ranges from 3 to 6 months. Depending on the selected program, dependents may also be supported with modest allowances to enable them to join the award recipient during the entire duration. It is indeed a rewarding experience towards understanding cultural and technical diversity!

Guillermo Francia, University of West Florida

The lack of soft skills such as communication, diversity, leadership, and work ethics being taught in programs reduces the effectiveness of cybersecurity experts as organizations across all industry sectors become targets of increasingly complex and debilitating attacks. We propose a program to improve the career-readiness of future workforce by increasing soft skill competencies, encouraging engagement through experiential learning, and providing opportunities for learning and networking through professional development using mixed reality tools and other novel activities.

Mark Thompson and Ram Dantu, University of North Texas

This presentation is intended to cover the promotion of cybersecurity competitions by the Center of Academic Excellence (CAE) at Nova Southeastern University (NSU). NSU first received its CAE designation in March 2005 amongst the first in the State of Florida and was redesignated in October 2014. The promotion of cybersecurity competition has long been in our agenda but was challenging, primarily due to the nature of students as many of them are working professional students. In this presentation, we will cover the recent practices at NSU with a focus on the engagement of working professionals and online students in cybersecurity competition.

  • National cybersecurity competitions currently being promoted • Faculty support of cyber competitions
  • Programs/Courses promotions of cyber competitions
  • Outcomes/Benefits of cyber competitions
  • Future steps Through this presentation, we hope to raise awareness, foster new ideas, and share the best practices in promoting cybersecurity competitions within the CAE community.
Wei Li, Nova Southeastern University

A team of educators has been working on a cybersecurity curriculum framework (CCF). The purpose of the framework is to express a set of standards that stakeholders can use to develop a dedicated cybersecurity course for high schools. While computer science ideas and work are present in the framework, the CCF clearly delineates cybersecurity as its own topic. In the next phase of this project, the team hopes to develop methods for dual-credit and/or advanced placement so that students who take the course in high school can earn college credit for it. This session at the CAE community meeting would be focused on sharing the framework and investigating the pros and cons of dual-credit or advanced placement from the perspective of CAE principals.

Melissa Dark, Dark Enterprises, Inc., and Mark Loepker, National Cryptologic Museum

Cyber threat hunting has emerged as a critical part of cybersecurity practice. However, there is a severe shortage of cybersecurity professionals with advanced analysis skills for cyber threat hunting.

Sponsored by NSA, the University of North Carolina at Charlotte (UNC Charlotte) and Forsyth Technical Community College (Forsyth Tech) have been developing hands-on teaching materials for cyber threat hunting that will expand our current strong educational programs in cybersecurity. UNC Charlotte is designated as a Center of Academic Excellence in Information Assurance Education-Cyber Defense, and a Center of Academic Excellence in Information Assurance Research by NSA and DHS, and has an NSF funded IUCRC in Configuration Analytics and Automation. Since 2001, UNC Charlotte has run the Carolina Cyber Defender Scholarship Program, one of the largest such programs in the United States, with funding from NSF and NSA. Forsyth Tech has been re-designated as a Center of Academic Excellence in Cyber Defense Education in May 2019. It has established the Davis ITEC Cybersecurity Center and with the support of a grant from the Department of Education, it has been building a Security Operation Center Student Lab since December 2018, to strengthen the future workforce in cybersecurity through hands-on learning.

We have developed freely-available, hands-on teaching materials for cyber threat hunting suitable for use in two-year community college curriculum, 4-year university curriculum, as well as for collegiate threat hunting competitions. To the best of our knowledge, there are not such open-source material online for educational purposes.

Our project fits into the theme of “Innovations in Cybersecurity Education, Training, and Workforce Development,” with a focus on “Accelerate Learning and Skills Development” defined by the NICE Strategic Plan.

The objectives of our project are twofold: (1) develop hands-on learning experiences that cover two important areas in threat hunting: threat analysis and security data analytics, and (2) build institutional capacity by integrating at least seven hands-on labs on threat hunting into existing curricula at two participating institutions: UNC Charlotte and Forsyth Tech.

Our hands-on labs focus on exercising a set of essential technical skills (called the threat hunting skillset) in an enterprise environment and they are modeled after real-world scenarios. Our lab environment contains real threats (e.g., malware) against real software (e.g., Operating Systems and applications), and real security datasets. These labs are designed to help a student learn how to detect active and dormant malware, analyze its activities, and assess its impact. These labs also teach a student how to search and probe for anomalies in a variety of datasets using multiple analytical skills, such as statistical analysis. Our labs are designed at different difficulty levels suitable for use by two-year community college students, 4-year university students, as well as for collegiate threat hunting competitions.

We plan to present the design and implementation of our hands-on labs, and we will offer an interactive learning session in which we will walk the participants through some of our labs on their computers.

Jinpeng Wei and Bei-Tseng "Bill" Chu, University of North Carolina at Charlotte, and Deanne Cranford-Wesley, Forsyth Technical Community College

We present a novel way to help match employers’ cybersecurity skill requirements with students’ knowledge using a blockchain to assure students’ credentials and records. This approach applies micro-accreditation of topics and rigor scores to students’ courses and associated tasks, making it easier for employers to explore students’ records to verify their success in specific skills. In turn, this allows employers to make better hiring decisions, conferring a solid way for students to prove the quality of their skills. Future work includes mapping courses from CAE to NICE framework, fine-tuning transaction times, and developing a better consensus model for peer-reviewed rigor.

Zachary Zaccagni and Ram Dantu, University of North Texas

There is a capacity issue in the educational system preparing cybersecurity experts in this high-demand area: students cannot readily be added to the education system, especially at the Community Colleges level, because trained faculty to accommodate expanded sections are scarce. The weak link in the cybersecurity workforce supply chain is often the inability to find faculty who can be effective and can provide proper encouragement to the students to join the cyber workforce.

GW has developed one way to address this capacity issue by preparing a way to tap cybersecurity experts, with an initial emphasis on graduates of the NSF-sponsored CyberCorps program, as adjunct faculty. Such cybersecurity experts in the workforce have the potential to fill the need for part-time cybersecurity faculty at the Community College level. By tapping into the pool of working cybersecurity experts and retired individuals whose background fits the typical qualifications, a viable long-term strategy can be developed. The challenge is to outfit these technology-savvy individuals with pedagogical insights and skills, usually not present in this chosen population.

The Reach to Teach project, funded by the Department of Defense, was developed over the last two years with input from educators at both 2-year and 4-year institutions to explore this potential. The research effort engaged current faculty, as well as education experts, and resulted in a pilot Reach To Teach online course that was piloted in several workshops including the 2018 3CS Conference in Portland, OR. Reach to Teach includes six brief video sessions that can be viewed by prospective adjunct faculty, each of which includes the following content: introduction to community colleges, ethics, and pedagogy. The pedagogic content includes the general structure of a course, crafting goals and objectives, techniques for moving explanations from the concrete to the abstract, using group work using case studies, and using discussions in classes.

Reach to Teach is now ready to be used by the academic community. The program can be found at reachtoteach/ . There is no fee or cost associated with program adoption. For more information contact Principal Investigator Shelly Heller ( or co-Principal Investigator Costis Toregas ( ).

Shelly Heller, George Washington University

Hands-on cybersecurity labs are an excellent way to teach cybersecurity and for students to demonstrate knowledge. There is a large body of research on cybersecurity labs that provide examples of excellent lab environments. Due to the use of proprietary software and other factors like significant hardware requirements and large file sizes, it can be difficult to replicate these lab environments. The emergence of low-cost cloud computing resources and the automated deployment of infrastructure using DevOps tools make it easier to share and deploy lab resources. There are several open-source projects that provide excellent lab environments that can be easily deployed in cloud computing environments.

This presentation will provide a short overview and demonstration of using DevOps tools to automate the deployment of open source cybersecurity labs into cloud computing environments. The talk will highlight some of the possible tools and how they can be used across cloud computing platforms. During the demonstration, an open-source lab environment will be deployed in Amazon Web Services.

This presentation is based on a paper from the presenter that was presented at the AMCIS 2019 conference. The presentation at the CAE conference will focus on the practical aspects if using DevOps tools to deploy cybersecurity labs.

Chris Simpson, National University

Careers in cybersecurity and information technology (IT) require professional certifications along with academic degrees. The challenge most students are faced with is that some cybersecurity certifications require significant knowledge, skills, and abilities (KSAs) and personal recommendations for years of industry experience. However, there are several great opportunities for students to obtain entry-level cybersecurity certifications that are well accepted by the industry as part of their academic degree program. Moreover, such cybersecurity certificates are required by thousands of cybersecurity entry-level jobs and can greatly help students even to finance their education immediately after completing such professional certifications.

This presentation will discuss the integration of such entry-level cybersecurity professional certification preparation as part of the virtual lab component that of Fundamental of Cybersecurity course at the graduate program that is mainly focused on career changers. The presentation will provide the background for the selection of the specific platform (LabSim) along with the experience our college had over the past two years in using it. Moreover, the discussions will cover some of the linking of the Fundamental Knowledge Units (KUs) to the course and the specific assignments to assess the relevant KU objectives.

The presentation will also include cases of the success stories of students who completed the course, went to pursue the professional cybersecurity certification (Security+), and the impressive impact it had on their cybersecurity career path. The presentation will conclude with an open discussion and Q&A session.

Yair Levy, Nova Southeastern University, and Eric G. Berkowitz, Roosevelt University

We would like to highlight the success and vision of our Cyber Program. In May 2018, the University of Arizona (UA) received it's National Security Agency (NSA) Center of Academic Excellence in Cyber Operations (CAE-CO) designation. Reverse engineered not only to meet NSA requirements but also for the delivery as a completely online program, the UA’s Cyber Operations program offers a one-of-a-kind Bachelor of Applied Science degree. While maintaining the high standards of NSA designated schools, we shape our cyber warriors during their Junior and Senior years. We have articulated pathways from universities and community colleges to ensure a successful transfer into our program. Additionally, this program provides a breadth of knowledge to all students, ensures students are exposed to all facets of cyber operations, and ultimately equips students to leverage and apply their computer science skills across various industries.

The UA delivers its Cyber Operations program through an engineered Virtual Learning Environment (VLE). This platform consistently delivers course content and a hands-on learning environment for all students globally. Unlike other learning management systems, the VLE is connected to a virtual city, driven by powerful Artificial Intelligence. To create a realistic training environment, the virtual city CyberApolis consists of 15,000 virtual residents enhanced with Personally Identifiable Information (PII), Personal Health Information (PHI), financial data, and a variety of other attributes. These personas have fully developed patterns of life and conduct financial transactions, web browsing, emailing, social media posts, and entity and data relational linkages. Additionally, full web and network infrastructure supports CyberApolis’ infrastructure, utility companies, news agencies, banks, hospitals, and large and small retailers. Furthermore, CyberApolis hosts unique social media platforms that enable students to research, analyze, and complete program learning objectives.

Besides its CAE-CO designation, the University of Arizona Cyber Operations program also is distinguishable due to its varied career tracks which support a diverse population of students. Complementing its Cyber Engineering emphasis, the University of Arizona Cyber Operations program offers a Defense & Forensics career track and a Cyber Law & Policy career track. Both tracks are designed to fill critical roles within the government and industry. Defense & Forensics students are able to specialize within their degree by taking advanced courses in penetration testing, cyber intelligence, forensics, wireless and mobile networking, or coding through python. Law & Policy students have a direct pathway to enter the University of Arizona’s School of Law should they choose.

In addition to the above features, there are many other unique characteristics that contribute to the success of the University of Arizona Cyber Operations program. We are one of only two cyber operations undergraduate operations degree programs in the nation. With the University of Arizona’s designation as an Intelligence Community Center of Academic Excellence (ICCAE) we bridge our cyber program with our intelligence and information operations program to evolve the skills of our students to better address the changing operational environment. The most impressive characteristic is the program’s explosive growth; doubling our student population ever semester since its inception in 2016.

Paul Wagner and Jason Denno, University of Arizona

The purpose of this research is to glean insight into the taxonomy or differentiation methods used in cybersecurity employment. In addition, the research will identify the career paths have experienced professionals such as executives and senior managers taken to reach their current positions. Considering both top-down and bottom-up approaches, we can better identify what current KSAs and cybersecurity certifications are predominantly obtained by current cybersecurity professionals and what types of KSA are missing. More specifically, we expect that the results of this analysis provide several important outcomes such as current cybersecurity career paths, a cybersecurity certification and KSA map, and a cybersecurity knowledge units mapping. As a result, we can improve future workforce efficiency by identifying what experience, education and certifications are needed and encouraged to pursue. This study will provide insights of the practical utilization of the knowledge and skills in the cybersecurity industry that provide the greatest impact it contemporary employee needs. It explains the directions that successful employees have taken to reach their current positions. It also provides perspective into the priorities of industry leaders by outlining their backgrounds, and the industries and fields in which they were previously employed.


It is clear that in order to address the cybersecurity education and workforce crisis, the challenges are not just numerous but also inextricably linked. The least of which include a greater number of prepared faculty, effective curriculum, and infrastructure to host, use, and disseminate the curriculum. There is a demonstrated need for a cybersecurity digital library (DL) that will help address these challenges. The Cyber DL is similar to other curricular digital libraries in some respects (material quality, uptake, etc.) and unique in others (national security concerns, presence of damaging material – malware, material integrity issues, etc.). We have been working on the design and implementation of CLARK – The Cybersecurity Labs and Resource Knowledge-base. CLARK is a prototype curriculum management platform that hosts diverse cybersecurity learning objects. This submission introduces the system and highlights its capabilities as a tool that is much needed in the cybersecurity education community.


In this talk, we will present the Society of Women in Cybersecurity (SWiCS), a less than one-year-old club. SWiCS is energized and ran by CSUSB students of The Jack H. Brown College of Business. The main aim of the club is to attract women to the technical field and especially to cybersecurity. SWiCS is a community of students (all genders) supporting each other through every step of their career, from school duties to job hunting. The aim of the club is to supplement classroom curricula through study groups, workshops, mentoring, networking, and internship/job placement assistance.

Though one year old, the club members have doubled in number, attracting not only females but also males.

Essia Hamouda

Within the past few decades, cybersecurity has grown from individual concerns to a national-level issue. With such an explosive growth, there has been a discrepancy between the increasing demand for a better cybersecurity knowledge base and cybersecurity workers who are struggling to keep up. Government, academia, and the private sector have taken initiatives in order to fulfill these discrepancies with varying methods and levels of success. Additionally, considerable amount of research for each sector spanning across multiple disciplines have been conducted. However, there is a lack of a holistic view on cybersecurity knowledge among these three sectors and the relationships that exist between them. This research paper aims to explore the current cybersecurity ecosystem in order to allow future researchers and practitioners to understand and broaden the full scope cybersecurity knowledge. In order to achieve our research goal, we use an ontological network and identify key relationships that exist within all three sectors.


This proposal reports on the success and lessons learnt of an innovative and interdisciplinary project (funded by the NSA) with the objective of enhancing Cybersecurity education in western PA. This project implemented six different services that worked collaboratively to identify and address challenges facing Cybersecurity education. A focus of this funded project was to implement a novel program to enhance communications skills (soft skills) of Cybersecurity students and those aspiring to enter this promising field. Our ultimate objective was to propose an innovative and successful model that can be easily replicated in other schools and/or environments. These services and activities are briefly described below: 1. Designed and implemented quantitative and qualitative research studies to identify challenges facing Cybersecurity education. 2. Employed results from the above-mentioned research studies and from extant published research as the basis for designing a comprehensive program for delivering individualized instruction to Cybersecurity students. 3. Offered three weekend Cybersecurity skill enhancement workshops that provided very engaging sessions on various aspects of Cybersecurity. 4. Worked on building a Cybersecurity community that invited students, teachers, business owners, NGO’s, and government organizations to come together to increase Cybersecurity awareness, practice, and education by pooling resources, collaborating in teaching and learning, and creating an integrated network for cyber education. 5. Offered a successful and well attended Cybersecurity skill enhancement summer camp (modeled after GenCyber camps).


Forecasters are predicting a catastrophic shortage in workers to fill open positions in cybersecurity by 2020. We are not developing enough qualified candidates for this field, but by the time students enroll in a higher education institution, it may already be too late as many students are unable to handle the complexity and continually changing environment in cybersecurity. We propose starting a discussion on a new pedagogical approach to cybersecurity education based on our past strength in innovation. America has long been considered a nation of innovators, but with rapidly changing technology, we have to up our game by making innovation a part of growing up. Innovation should start from elementary school and promote thinking outside of the textbook. by making an investment to educate teachers and parents to encourage and sustain innovation. This presentation will discuss some initial steps needed to create a culture of innovation by educating teachers and parents to encourage and sustain innovation early on.


It this fast pitch, blockchain technology and its potential applications are presented. We will explore so called decentralized transparent immutable yet secured applications using the blockchain technology and will describe a novel approach of “proof of X” such as proof of identity, proof of college degree and proof of academic achievements. The project prototype of a personal archive service system (PASS) is demonstrated. Personal archive is defined as a collection of various artifacts that reflect personal portfolio as well as personal unique identifications. Personal portfolio is in addition to a simple statement of personal achievement. It is an evidentiary document designed to provide qualitative and quantitative chronically documentation and examples. The pitch moves on to focus on security concerns, risks and challenging. Blockchain technology has been bringing cryptography to individuals who are in turn as value investors in the internet with a clear time sequence, not just any information consumers. But, it is also coupled with various threats and concerns. We will discuss issues inherited from the current blockchain technology such as scalability, efficient and block sizes. We will also talk over a possibility of altering blocks even without over 50% mining power, low resource eclipse attacks and other forms of cheating. We will also present in the end a challenging case of cleaning poisoned blocks.


The University of Arizona, to enhance the learning experience of online, hybrid, and face-to-face students in the Cyber Operations degree program, has designed, built, and implemented a Cyber Virtual Learning Environment (VLE). Built upon a hybrid cloud architecture, students can log in to their classes from anywhere there is internet access, and safely complete hands-on learning exercises in a synthesized environment with no fear of damaging or interfering with current, live, computer networks. This provides a cost-effective option for students wishing to pursue their degree, paired with the geographic flexibility students may need. The VLE is made up of several components which students will use throughout their courses. This vast array of components keeps students challenged and provides a depth of experience in the Cyber realm not readily available elsewhere. Our students, regardless of learning modality, leave the program with the knowledge, skills, and abilities to work immediately in the Cyber field upon graduation. Through the VLE, they will attack and defend the businesses, individuals, and governmental offices of CyberApolis, our virtual city. With 15,000 highly developed virtual citizens, CyberApolis is a thriving city with its own social media, hospital, bank, businesses, and organized crime. Our Internet of Things lab devices are being increasingly integrated into CyberApolis to allow students to interact with these everyday devices that may be watching, listening, or interfering with our homes and businesses. And the Malware Sandbox provides a safe environment in which to reverse engineer malware, with no threat to current computers or networks.


Each year, the community highlights one CAE designated institution that exceeded expectations providing resources, programs,  or workshops to the community. This year, the community is recognizing  Dakota State University (DSU).  DSU has long been a leader in the community acting as a CAE Regional Resource Center for the  North Central Region. However, DSU also provided all CAE designated institutions with the opportunity to participate in faculty professional development workshops.

Wayne Pauli

The Joint Task Force (JTF) on Cybersecurity Education ( was launched in September, 2015 as a collaboration between major international computing societies: ACM, IEEE Computer Society, AIS’s Special Interest Group on Security (SIGSEC), and IFIP. The purpose of the JTF on Cybersecurity Education was to develop comprehensive model curricular recommendations for undergraduate program in cybersecurity education that will support future program development, and associated educational efforts. Prior ACM-lead JTFs that have worked to produce model curricula recommendations ( for undergraduate degree programs, included:

  • The ACM/IEEE CE2004 for Computer Engineering
  • The ACM/AIS IS2010 for Information Systems
  • The ACM/IEEE CS2013 for Computer Science
  • The ACM/IEEE SE2014 for Software Engineering
  • The ACM/IEEE IT2017 for Information Technology (under development)


Similarly, this JTF has been working to achieving the proposed curricular guidelines for undergraduate degree programs in cybersecurity (CSEC 2017). This presentation will start with an overview of JTF, the work that the JTF conducted, and Working Groups activities, including the thought model using the cross-cutting ideas, the knowledge areas, knowledge units, and topics outlined. Following, a discussion will be provided about the final report itself, the recommendation usage of the CSEC 2017 curricular guideline, issues related to the scope of the field of cybersecurity, along with challenges of defining the program outcomes. Discussion about the opportunities to engage in the Exemplary Programs will be provided, and its role in ABET accreditation for cybersecurity programs.

Yair Levy, Diana Burley, and Herbert Mattord

The field of cybersecurity is predicated on the existence of humans who deliberately attack computer systems. In other words, without cyber adversaries, there is no cybersecurity. Therefore, adversarial thinking, which is the study of cyber adversaries, is central to a cybersecurity education.  However, the learning outcomes associated with adversarial thinking are not well-defined, making it difficult for cybersecurity educators to confidently instruct students in this crucial area.  This presentation aims to advance cybersecurity education by rigorously defining what it means to “think like a hacker.” The proposed definition highlights the primary learning outcomes associated with adversarial thinking, and it will help educators see more clearly the big picture of a cybersecurity education.  This presentation will also promote the CLARK curriculum repository where cybersecurity educators can find materials to help develop the adversarial thinking abilities of their students. 

Seth Hamman

Cybersecurity has become a prevalent topic in many colleges, but how it should fit into the overall educational process is still not fully understood. A cybersecurity project at the University of Hawaii Maui College (UHMC), funded by the NSF SFS program, spans multiple disciplines and targets women and minorities. The goal of this project is to ensure that a broad audience of faculty, students and practitioners get trained in the fundamentals of cybersecurity.

Debasis Bhattachary

Hands-on labs are a critical component of any cybersecurity program. Schools can develop labs internally, outsource labs to a provider, or utilize free grant resourced labs, or use free and open source labs.  Many externally provided labs aren’t mapped to CAE Knowledge Units or the NICE Framework, especially the open source labs. This makes it challenging for schools to identify the right labs for their program and requires extensive efforts to map the labs to meet these different requirements. There is duplicated effort as different institutions map the same labs and in many cases will map them to the same knowledge units and NICE KSA’s. This presentation will discuss National University’s efforts to map labs from external providers and open source labs to knowledge units and to the NICE Framework.  A proof of concept portal that will allow schools to share their mappings will be demonstrated.

Chris Simpson

This presentation first discusses the introduction of cyber labs into existing graduate embedded systems and undergraduate microcontroller system design courses. A Raspberry-PI based platform was used to develop a set of six labs for the graduate embedded systems course required to be taken by all MS in Electrical Engineering and MS in Computer Engineering students. Additionally, Python as the programming language, Linux as the operating system, and concepts of security are introduced in the graduate course.

 A mapping of existing courses in the engineering programs showed that an Embedded Systems specialization is feasible by adding a few topics into existing graduate courses and developing a new course module on wireless sensor networks. On the other hand, the undergraduate course needs a more simplistic platform where pin level programming is feasible. As such, Micropython based Pyboard was chosen as the platform. The undergraduate microcontroller system design course is taken by electrical engineering, electrical engineering technology, mechanical engineering and mechanical engineering technology majors. Changes to the existing C based undergraduate course requires introducing Python as another programming language in the undergraduate engineering program. 

A proposed sequence of such undergraduate curriculum changes will allow introducing cyber and data science concepts into existing undergraduate engineering programs.

Kalyan Mondal

Cybersecurity education often feels fragmented because of its broad spectrum which includes theoretical principles, cyber hygiene, board-level decision-making, and highly specialized technical skills.  Workforce and academic training will benefit from cybersecurity instructors who position multi-faceted topics through the single lens of risk management. Effective programs do not seek to eliminate cyber risk, but to manage it appropriately. Helping students approach cybersecurity challenges from a risk management perspective will provide direction and confidence instead of fear and information overload. The National Centers of Academic Excellence (CAE) program seeks to reduce vulnerability in our national information infrastructure by promoting the development of professionals with appropriate expertise. Technical cyber professionals need help in communicating more effectively with decision makers. Non-cyber professionals need greater awareness of the importance of applying cybersecurity principles to non-IT-based roles. Introducing cybersecurity from a risk management perspective accomplishes both of these needs.

Barbara Fox

Cyber threat hunting has emerged as a critical part of cybersecurity practice. However, there is a severe shortage of cybersecurity professionals with advanced analysis skills for cyber threat hunting. Sponsored by NSA, the University of North Carolina at Charlotte (UNC Charlotte) and Forsyth Technical Community College (Forsyth Tech) have been developing hands-on teaching materials for cyber threat hunting that will expand our current strong educational programs in cybersecurity. UNC Charlotte is designated as a Center of Academic Excellence in Information Assurance Education-Cyber Defense, and a Center of Academic Excellence in Information Assurance Research by NSA and DHS, and has an NSF funded IUCRC in Configuration Analytics and Automation.

Since 2001, UNC Charlotte has run the Carolina Cyber Defender Scholarship Program, one of the largest such programs in the United States, with funding from NSF and NSA. Forsyth Tech was awarded the Center of Academic Excellence (CAE 2Y) Cyber Defense designation in June 2015. In this effort, Forsyth Technical Community College has established the Davis ITEC Cyber Center. We are developing freely-available, hands-on teaching materials for cyber threat hunting suitable for use in two-year community college curriculum, 4-year universities curriculum, as well as for collegiate threat hunting competitions. Our project fits nicely into the NICE 2018 theme of “Innovations in Cybersecurity Education, Training, and Workforce Development,” with a focus on “Accelerate Learning and Skills Development” defined by the NICE Strategic Plan.

Deanne Cranford-Wesley, Jinpeng Wei, Bei-tseng Chu, and James Brown

To increase national security for the U.S. and meet its workforce needs, cybersecurity education must develop new knowledge and skills. To address this need, the Cyber Up! Digital Forensics and Incident Response (DFIR) project at Coastline Community College in California will research, create, adapt, adopt, and implement a suite of course content that supports a Certificate of Achievement and an Associate of Science degree. The three-year project will run 10/2018-09/2021 (NSF ATE Award #1800999). 

The project will focus on the development of curricula that will teach students and professionals the cybersecurity knowledge and skills of digital forensics and incident response, which need to be deployed in real-time and are dynamic to changing situations during, and in response to, cyberattacks. Through the DFIR program, the project intends to create adoptable educational resources; form academic, government, and industry partnerships; and prepare qualified cybersecurity technicians and professionals for entry into, or advancement within, the U.S. workforce.

The DFIR distance education modalities will be designed for a national reach and assist in preparing students for successful employment. The project will also develop virtual labs and faculty resources. Because of the adoptable, modular content, other institutions can benefit through adoption into their programs, creating pathways to greater skills and knowledge for students and professionals. Increasing skills and knowledge in diverse and underrepresented populations in cybersecurity will help to assure increased participation of women, minorities, and special populations in science, technology, engineering, and mathematics (STEM) education.

Tobi West

Based on the growing number of security and data breaches that are occurring on a daily basis, as well as the impact they are having on our lives, security is no longer working, so as a community of users, we must take charge and reestablish control of our own security and privacy. Unfortunately, due to these frequent occurrences, people now bear a mindset that security is too complex and seem resigned to the fact that security breaches are just a part of their daily lives as they know it. For the most part, they are correct! If security professionals, who have been trained and certified to work on these systems, cannot fully secure them, then how can an average person with little or no computer experience be expected to do so? Rather than attempting to change the behavior of potential attackers, this discussion takes the approach that everyone is responsible for security and what we must do to develop an environment where everyone’s own personal background and experience can be used in sharing the responsibility for security, just as a Neighborhood Watch program does for a local community.

Mark Thompson and Ram Dantu

The purpose of this presentation is to compare existing online course designs and propose new pedagogical approaches to improve cybersecurity education. For this purpose, we chose three institutes that deliver online courses - one in WA and two in IL. The institute in WA delivers online MS in Cybersecurity (CSEC). The institutes in IL provides both online and on-campus courses for BS in Information Technology (IT) and Master of Business Administration (MBA). Campus visits and interviews were conducted for data collection purposes. The three institutes use different Learning Management Systems (LMS), yet all of them have distance learnings to support and maintain online course development initiatives.  

The following criteria were compared during the study: ownership of the course contents in a LMS, openness of the courses to future students, involvement of instructional technology experts, support from media production experts, use of learning analytics for retention and prediction, use of active learning methods for student engagement such as Just-in-Time Teaching (JiTT) and Flipped Classroom (FC), and diverse learning models such as social learning, competency-based learning, and project-based learning. Data revealed that one of the institutes has significant growth in enrollment with highly qualified students. Recommendations for future studies are provided.

Sam Chung and Simon Cleveland

It is a well-published concern that in order for the United States to maintain and expand its capabilities in the world of cybersecurity. Currently, there is a capacity issue: students cannot readily be added to the education system, especially at the community college level, because trained faculty are scarce. The weak link in the cybersecurity workforce supply chain is often finding faculty who can be effective and provide the proper encouragement to students to join the cyber workforce. Our answer: Tapping into cybersecurity experts as adjunct faculty.  Cybersecurity experts in the workforce have the potential to fill the need for part-time cybersecurity faculty at the community college level.  By tapping into the pool of working cybersecurity experts and retired individuals from government positions whose background fits the typical qualifications listed above, a viable long-term strategy can be developed. Currently, the Reach To Teach project is exploring these possibilities through a research effort and a pilot “REACH TO Teach” online course (See Figure 1) funded by the U. S. Defense Department.  

Introduction to Community Colleges, Ethics and general structure of a course 

The typical Community College student, Faculty codes, Crafting  goals and objectives 

Teaching concepts – moving from concrete to abstract  

Teaching concepts – using group work in your class 

Teaching concepts – using case studies in your class 

Teaching concepts – using discussions during a class 

Figure 1:  Cybersecurity Teaching Corps Course Content

The Cyber Security Faculty at Sinclair prides themselves on hands-on learning.  This is no exception for our security classes.  The faculty at Sinclair have taken notes from such conferences as Defcon to get their students involved in the classroom.  Currently, the department uses everything thing from hardening blade servers as a part of our Securing a Windows Network Environment class to lockpicking and WiFi Pineapples in our Network Security course.  Recently Sinclair was awarded funds from the NSA to help improve their hands-on experience.  With these funds, Sinclair will be purchasing new blade servers that students will be hardening in teams.  Then it will be attacked by other teams in that same class. The funds will also cover Open-Air PC's where students will be creating a SCIF style environment in the classroom.  Mobile devices and tablets will also be purchased for the Cyber Forensics class so the students can learn hands on mobile forensics.  The Computer Infomation Systems Department at Sinclair College believes that if students get their hands on hardware for hacking and defending it will ignite a learning passion for Cyber Security.

Kyle Jones

Current cyber-threats are imminent for all organizations as it is evident from the reporting of weekly data breaches. However, the shortage of cybersecurity workforce has been well documented and remains a major concern for future sustainability and resilience of our cyber infrastructure. Since 2012, Dr. Levy has been working to establish relationships with federal agencies (FBI, DHS, NIST, NSA, & USSS) to have their Special Agents and key personnel come to an annual event where over 200 high-school students bused to the university campus for a day full of passion and excitement about cybersecurity education and career path. This presentation will start with an overview of a self-funded “Cybersecurity Day” event that has been successfully running yearly each October, the cybersecurity awareness month, and will also highlight the presentations provided by agency personnel along with feedback notes from the high-school students and teachers who attended the event.

Yair Levy

This special interest group discussion focuses on the challenge of educating cyber security experts (multiple specialty domains), engineers (of all fields), and supporting personnel (managers, testers, analysts, etc.) to understand the cybersecurity and resiliency implications associated with the development and operation of complex cyber-physical systems. In contrast to conventional cybersecurity thinking (i.e., Confidentiality-Integrity-Availability), Cyber-physical systems are often operated in real-time with an emphasis on availability and safety over confidentiality. Moreover, the United States Department of Defense (DoD) is increasingly concerned with the successful operation and resiliency of defense focused cyber-physical systems such as aircraft, ships, missiles, command and control systems, navigation subsystems, and other combat-focused DoD Major Weapon Systems (MWS) of interest in highly contested cyberspace environments.

This special interest group is particularly interested in further understanding and studying principles of resiliency as they apply to complex cyber-physical systems such as DoD MWS. Discussion of supporting requirements and their corresponding metrics is also desirable. Emphasis is given to recently released NIST SP 800-160, Systems Security Engineering, available at and recent work by the MITRE Corporation on Cyber Resiliency (available at and

Logan Mailloux and Robert Mills

This presentation summarizes the presentations and discussions at the Northeast Region CRRC workshop on virtual platforms and exercises design for cybersecurity competitions.

Jake Mihevc

This Fast Pitch will highlight a library of adaptive, personalized, performance-based instructional modules designed by National CyberWatch to facilitate developing mastery of Information Security Fundamentals. These materials were created under a Core Curriculum Cybersecurity grant from the National Security Agency. The library will be presented and discussion will include an overview of the process of becoming a pilot implementation site for the Spring 2018 semester.

Casey O'Brien

Capture-the-flag (CTF) competitions provide dynamic, real-time environments intended to engage and challenge the participants. However, they are often not designed to be educational. Rather, they simply provide a series of progressively more difficult challenges in which the participant must find the flag (answer). As these challenges are typically devoid of any direction, this can lead to participants being unable to progress any further in the CTF and therefore unable to achieve educational goals. This presentation will discuss the process of hosting a CTF, their limitations, and common workarounds. We will then discuss our successes and failures in utilizing existing CTF frameworks in the classroom. Finally, we will introduce a custom designed CTF framework that aspires to solve many of the difficulties inherent in the current CTF space. This framework introduces a novel hint system that allows for customizable help to be built for each challenge within a CTF event. The goal is to allow all to participate and progress through the challenges by providing varying levels of help throughout the competition.  This approach maximizes learning and student engagement, opening the utility of such frameworks to the classroom. The framework will be made publicly available upon conclusion of the presentation.

Josh Stroschein & Andrew Kramer

It is well-known that there is a tremendous need for cybersecurity talent in the industry and government agencies. According to a recent (ISC)2 report, there will be 1.8 million unfilled cybersecurity positions by 2022.  In this talk, we present our approach at RIT to help alleviate the cybersecurity workforce shortfall.  It includes our partnerships with industry to provide real-world scenarios for students to practice and our MicroMasters in Cybersecurity offering on edX to reach worldwide learners. The preliminary results in increasing diversity and career changing students are encouraging.

Bo Yuan

Capitol will integrate a security operations experience into its Bachelor of Science in Cyber and Information Security and related degree Programs (Computer Science and Management of Cyber Information Technology). These unique operational experiences will better prepare our graduates to protect and defend networks by integrating required tools and technologies into a concept of operation (CONOPS). Students will be trained and mentored by vendors, faculty and alumni knowledgeable of SOC operating tools and techniques. Students will receive industry recognized certifications (forensics, malware analysis, scripting) where appropriate and focused experience with those tools.

William Butler

National Science Foundation programs of interest to the CAE in Cybersecurity Community.

Susanne Wetzel

This content is behind our user login. Please go to to view this PDF. 

Lynne Clark

The information booklet for the 2017 CAE in Cybersecurity Community.

CAE in Cybersecurity Community

This proposal describes an ongoing, interdisciplinary project (funded by NSA) to address persistent cybersecurity challenges identi ed in several national initiatives such as NICE and CNAP. The project proposes a set of activities and services designed with an interdisciplinary perspective to provide e ective solutions to such challenges. The proposed project is innovative for several reasons: 1) The project begins with a research component that will guide key steps of the project and add to the body of knowledge in cybersecurity education. 2) It includes collaboration between IUP’s Institute for Cybersecurity and the university’s Writing Center in order to deliver instruction to students from rural areas and help improve their soft skills. This collaboration puts to work the established expertise of a group of faculty from four di erent disciplines, see below. 3) It proposes the use of multiple approaches to solve persistent challenges in cybersecurity education including: peer-tutoring, weekend workshops, interactive learning experiences, exible delivery format, exible structural design, a summer camp, and the formation of a local cybersecurity consortium. 4) It is easily replicable for other institutions and rural areas. 5) It employs a set of assessment approaches throughout various project execution phases.

Waleed Farag

Cyber threat hunting has emerged as a critical part of cybersecurity practice. However, there is a severe shortage of cybersecurity professionals with advanced analysis skills for cyber threat hunting. This presentation presents an effort to develop freely-available, hands-on teaching materials for cyber threat hunting suitable for use in two-year community college curriculum, 4-year universities curriculum, as well as for collegiate threat hunting competitions.  Our efforts will be focused on the following two areas.  (1) develop hands-on learning experiences that cover two important areas in threat hunting: threat analysis and security data analytics, and (2) build institutional capacity by integrating at least seven hands-on labs on threat hunting into existing curricula at two participating institutions: UNC Charlotte and Forsyth Tech.

Our hands-on labs focus on exercising a set of essential technical skills (called the threat hunting skill set) in an enterprise environment and they are modeled after real-world scenarios. Our lab environment contains real threats (e.g., malware) against real software (e.g., Operating Systems and applications), and real security datasets. These labs are designed to help a student learn how to detect active and dormant malware, analyze its activities, and assess its impact. These labs also teach a student how to search and probe for anomalies in a variety of datasets using multiple analytical skills, such as statistical analysis, machine learning, and data visualization. Our labs are designed at different difficulty levels suitable for use by two-year community college students, 4-year university students, as well as for collegiate threat hunting competitions.

Bei-Tseng "Bill" Chu & Deanne Wesley

PUPR hosts a competitive graduate IA security program under the Master of Science in Computer Science (MS CS) with a specialization in Information Technology Management and Information Assurance (ITMIA), a track in Cybersecurity under the BS CS and BS CpE programs, and two (2) graduate security certificates: 1). Graduate Certificate in Information Assurance and Security (GCIAS); 2). Graduate Certificate in Digital Forensics (GCDF). All these programs serve a large, mainly Hispanic, under-represented student population. The MS CS ITMIA covers most of the aspects of Computer Science, IT Management, and focuses on Information Assurance to protect data and information at large. Computer Engineering focuses on software and hardware security, software development, and internet engineering, with an emphasis on cybersecurity. The GCIAS covers both technical and managerial aspects of IA and Security while the GCDF covers the technical aspects of Digital Forensics including knowledge and skills to protect, detect, recover and mitigate data loss and theft. PUPR has offered more than 25 core courses in cybersecurity at both the undergraduate/graduate level such as: Software Assurance, Terrorism & Cybercrime, Mobile Applications Development Security, Reverse Engineering and Software Protection, E-Discovery and Digital Evidence, Ethical Hacking, Cryptography Application, Network Security, E-Discovery, Digital Forensics I and II, Computer Security, Penetration Testing, Social Engineering, Principles of Information Security, Contingency Planning, IT Auditing and Secure Operations, E-Commerce Security, Database Security and Auditing, Management of Information Systems, Social Media, Law Investigation and Ethics, Nuclear Forensics, among others.

Alfredo Cruz

This talk will describe an innovative approach to cybersecurity education that the Johns Hopkins University Information Security Institute (JHUISI) is developing under a grant from the CAE Cybersecurity Grant Program.  The goal of the project is to introduce the latest cybersecurity topics and materials to a broad audience of community college students.  This effort is centered on the development of a series of educational video modules and accompanying learning materials that target community-college-level students with an in-depth exposure to the forefront subjects of cybersecurity research.   These materials can be delivered in flexible modes, as a complete in-classroom course with reading materials, lectures, and exercises and assignments, as modular components in classes studying cybersecurity, or simply as online resources to improve the awareness and digital hygiene of the interested general public. 

To develop the course, JHUISI is leveraging its past experience with Hagerstown Community College (HCC) where for the past two academic years of 2015-2017, JHUISI has worked closely with HCC to provide an advanced course called Cybersecurity Select Topics, consisting of over 10 special topic lectures on various advanced research topics from JHUISI faculty, staff, and graduate students.

In this talk, I will describe how we are taking our HCC experience to the next step to develop a complete cybersecurity course kit that will be made available to any community college or other audience that requests it.

Anton Dahbura

If you have any problems accessing content or questions, please contact