This mini-workshop aims to introduce a series of hands-on labs designed and packaged in software containers, allowing instructors to deploy them quickly on the cloud or cyber range environment without extensive configuration. The hacking labs exploit application vulnerabilities to launch common attacks such as data races, buffer overruns, code injection, and other web-based attacks. The primary goal of these hands-on hacking labs is to raise awareness about software vulnerabilities and their potential consequences among students who will be future software developers.

Due to the increasing threat to both government and industry information systems, it is necessary for cybersecurity programs to produce graduates that can react to the increasingly complex attempts by hostile actors to exploit computer networks. To respond to these growing threats, it is critical for graduates of cybersecurity undergraduate programs to have knowledge of the concepts, techniques, and tools to break down and analyze malicious software used by hostile actors, and understand evolving cyber-attack tactics, techniques, and procedures.

Malicious programs are not new. Many approaches have been proposed from signature-based methods in most anti-virus products to machine learning approaches that try to classify samples based on extracted features. There are inherent challenges to carry out systematic in-depth malware analysis. Only recently have very large datasets become available. There are three families of techniques for malware analysis: static analysis, dynamic analysis, and symbolic execution.

Contrary to the intuition of some administrators and teachers, holding students to high standards improves retention. Establishing expectations early improves the classroom atmosphere because students are much more willing to help other students who put in a serious effort, and because instructor time is not wasted on students who don’t. Students graduating from a rigorous program are much more likely to have a true understanding of the material. This gives them confidence and leaves them prepared for competitions.

A brief outline of the student development research projects being conducted by University of Memphis students associated with CAE federally funded research grants.

BYU has recently signed an MOU with a vendor. The vendor partners with institutions and offers to faculty, staff, and students of higher education institutions access to vital cybersecurity skills training and learning resources. It provides students with real-world experience in multiple fields of cyber security such as Cloud, Network, and endPoint. The program is free of charge as the vendor aims to provide vital cybersecurity skills and learning resources in order to close the field’s workforce gap.

Our program has a constant struggle to get our students placed in meaningful internship opportunities. We have all heard the response all too often: Are they in their junior or senior year in college? We only offer internships to 4 year institutions. Then there is the management of paperwork and tracking of which student is at what location and how many hours are they logging there. We had enough and we are building our own paid internship opportunities for Tier 1 SOC Analysts. We are calling it the GSOC. Gaucho Security Operation Center.

Missoula College University of Montana has completed the inaugural year of a CAE-CD rapid training program. Our CAE-CD Program of Study (PoS) encompasses four classes covering networking, operating systems, basic cybersecurity, and ethics/legal issues in computer science. Recognizing the need for short term training programs (i.e., completed within six months), Missoula College has developed a 10-15 week course of study specifically designed for individuals to get a jump-start on transitioning to a career in cybersecurity.

This presentation outlines how we use our Cyber Capstone Classes to access both the Program Learning Outcomes (PLO) and competencies of our graduating seniors. At USD, we found that local businesses were reluctant to allow students the opportunity to evaluate, and implement security on an operational system. We developed the USD Cyber Cloud (a private cloud using OpenStack) to have an isolated sandbox that can be quickly configured to give the student (Student Teams) a fully functional business network system.

Incident response training is designed to test an organization's ability to respond to a cybersecurity attack. It involves developing a tabletop attack scenario and then running through the incident response plan to determine whether the plan is effective in detecting, containing, and remedying the attack. During the exercise, participants are required to make decisions and take actions as they would in a real cybersecurity attack. The exercise brings together various teams within the organization, including IT, security, legal, and public relations.