Malicious programs are not new. Many approaches have been proposed from signature-based methods in most anti-virus products to machine learning approaches that try to classify samples based on extracted features. There are inherent challenges to carry out systematic in-depth malware analysis. Only recently have very large datasets become available. There are three families of techniques for malware analysis: static analysis, dynamic analysis, and symbolic execution.

Contrary to the intuition of some administrators and teachers, holding students to high standards improves retention. Establishing expectations early improves the classroom atmosphere because students are much more willing to help other students who put in a serious effort, and because instructor time is not wasted on students who don’t. Students graduating from a rigorous program are much more likely to have a true understanding of the material. This gives them confidence and leaves them prepared for competitions.

A brief outline of the student development research projects being conducted by University of Memphis students associated with CAE federally funded research grants.

BYU has recently signed an MOU with a vendor. The vendor partners with institutions and offers to faculty, staff, and students of higher education institutions access to vital cybersecurity skills training and learning resources. It provides students with real-world experience in multiple fields of cyber security such as Cloud, Network, and endPoint. The program is free of charge as the vendor aims to provide vital cybersecurity skills and learning resources in order to close the field’s workforce gap.

Our program has a constant struggle to get our students placed in meaningful internship opportunities. We have all heard the response all too often: Are they in their junior or senior year in college? We only offer internships to 4 year institutions. Then there is the management of paperwork and tracking of which student is at what location and how many hours are they logging there. We had enough and we are building our own paid internship opportunities for Tier 1 SOC Analysts. We are calling it the GSOC. Gaucho Security Operation Center.

Missoula College University of Montana has completed the inaugural year of a CAE-CD rapid training program. Our CAE-CD Program of Study (PoS) encompasses four classes covering networking, operating systems, basic cybersecurity, and ethics/legal issues in computer science. Recognizing the need for short term training programs (i.e., completed within six months), Missoula College has developed a 10-15 week course of study specifically designed for individuals to get a jump-start on transitioning to a career in cybersecurity.

This presentation outlines how we use our Cyber Capstone Classes to access both the Program Learning Outcomes (PLO) and competencies of our graduating seniors. At USD, we found that local businesses were reluctant to allow students the opportunity to evaluate, and implement security on an operational system. We developed the USD Cyber Cloud (a private cloud using OpenStack) to have an isolated sandbox that can be quickly configured to give the student (Student Teams) a fully functional business network system.

Incident response training is designed to test an organization's ability to respond to a cybersecurity attack. It involves developing a tabletop attack scenario and then running through the incident response plan to determine whether the plan is effective in detecting, containing, and remedying the attack. During the exercise, participants are required to make decisions and take actions as they would in a real cybersecurity attack. The exercise brings together various teams within the organization, including IT, security, legal, and public relations.

Advanced Persistent Threat (APT) is a class of network attacks when attackers utilize malware or stealthy tools to hide their actions in a network and systems over a prolonged period so that they can eventually achieve strategic goals such as causing substantial damage to the victim organization by data exfiltration. Although APT has long been a research subject, it continues to be a serious threat for many organizations.

As more and more information technology workloads move to the cloud, it is imperative that students entering the workforce have the skills needed to implement cybersecurity practices. The concepts of identity and access management, least privilege access, compliance enforcement, and incident response are theoretical concepts that may take years to put into practice once students reach the workforce.