Cyber threat hunting has emerged as a critical part of cybersecurity practice. However, there is a severe shortage of cybersecurity professionals with advanced analysis skills for cyber threat hunting.

Sponsored by NSA, the University of North Carolina at Charlotte (UNC Charlotte) and Forsyth Technical Community College (Forsyth Tech) have been developing hands-on teaching materials for cyber threat hunting that will expand our current strong educational programs in cybersecurity. UNC Charlotte is designated as a Center of Academic Excellence in Information Assurance Education-Cyber Defense, and a Center of Academic Excellence in Information Assurance Research by NSA and DHS, and has an NSF funded IUCRC in Configuration Analytics and Automation. Since 2001, UNC Charlotte has run the Carolina Cyber Defender Scholarship Program, one of the largest such programs in the United States, with funding from NSF and NSA. Forsyth Tech has been re-designated as a Center of Academic Excellence in Cyber Defense Education in May 2019. It has established the Davis ITEC Cybersecurity Center and with the support of a grant from the Department of Education, it has been building a Security Operation Center Student Lab since December 2018, to strengthen the future workforce in cybersecurity through hands-on learning.

We have developed freely-available, hands-on teaching materials for cyber threat hunting suitable for use in two-year community college curriculum, 4-year university curriculum, as well as for collegiate threat hunting competitions. To the best of our knowledge, there are not such open-source material online for educational purposes.

Our project fits into the theme of “Innovations in Cybersecurity Education, Training, and Workforce Development,” with a focus on “Accelerate Learning and Skills Development” defined by the NICE Strategic Plan.

The objectives of our project are twofold: (1) develop hands-on learning experiences that cover two important areas in threat hunting: threat analysis and security data analytics, and (2) build institutional capacity by integrating at least seven hands-on labs on threat hunting into existing curricula at two participating institutions: UNC Charlotte and Forsyth Tech.

Our hands-on labs focus on exercising a set of essential technical skills (called the threat hunting skillset) in an enterprise environment and they are modeled after real-world scenarios. Our lab environment contains real threats (e.g., malware) against real software (e.g., Operating Systems and applications), and real security datasets. These labs are designed to help a student learn how to detect active and dormant malware, analyze its activities, and assess its impact. These labs also teach a student how to search and probe for anomalies in a variety of datasets using multiple analytical skills, such as statistical analysis. Our labs are designed at different difficulty levels suitable for use by two-year community college students, 4-year university students, as well as for collegiate threat hunting competitions.

We plan to present the design and implementation of our hands-on labs, and we will offer an interactive learning session in which we will walk the participants through some of our labs on their computers.