Cybersecurity is a rapidly developing field in which job titles and role descriptions may vary from one organization to the others. The NICE Cybersecurity Workforce Framework (NCWF) provides a common language to categorize and describe cybersecurity work for organizations to build a strong workforce. As the predominant workforce prescribed by the NCWF is technical in nature, academic efforts targeted towards these career paths are likewise technical. Though technical security education is critical, an equal amount of knowledge outside the technical domain is pivotal to understand sophisticated challenges in cybersecurity. Articulating a concise, inclusive, meaningful, and unifying approach in cyber related education fosters a balanced motivation for students from both technical and non-technical majors (interdisciplinary) to pursue a career in cybersecurity. Towards this end, we analyzed competencies, knowledge, skills and abilities of interdisciplinary roles and other roles introduced in the NCWF; we then highlighted discrepancies observed.
more »
« less
Interdisciplinary Cybersecurity: Rethinking the Approach and the Process
The need for cybersecurity professionals continues to grow and education systems are responding in a variety of ways. This study focusses on the “interdisciplinarity” of cybersecurity that contributes to the emerging dialogue on the direction, content and techniques involved in the growth and development of cybersecurity education and training. The study also recognizes the contributions of other disciplines to the field of cybersecurity by the discussion of relevant theories that contribute to understanding security in the context of legal, economics and criminology perspectives. Finally, quantitative analysis (security metrics) is done to understand the existing knowledge of security behaviors and beliefs among students from technical and non-technical majors, helps measure the interest fostered towards an academic pathway in cybersecurity and substantiates on the need for providing a level of cyber education for all individuals appropriate to their role in the society.
more »
« less
- Award ID(s):
- 1723596
- PAR ID:
- 10171758
- Date Published:
- Journal Name:
- National Cyber Summit 2019
- Page Range / eLocation ID:
- 61-74
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Cybersecurity workforce development is the key to protecting information and information systems, and yet more than 30% of companies are short on security expertise. To address this need, the current authors have developed four cybersecurity education games to teach social engineering, secure online behavior, cyber defense methods, and cybersecurity first principles. These games are intended to recruit the next generation cybersecurity workforce by developing an innovative cybersecurity curriculum and pedagogical methods to provide high school students with hands-on activities in a game-based learning environment. Purdue University Northwest (PNW) offered high school summer camps for 181 high school students in June of 2016 and June of 2017. Out of 181 high school participants, 107 were underrepresented minority students, including African Americans, Hispanics, Asians, and Native Americans. To evaluate the effectiveness of the cybersecurity education games, post-camp surveys were conducted with 154 camp participants. The survey results indicated that the games were very effective in cybersecurity awareness training. Furthermore, the cybersecurity education games were more effective for male students than female students in raising student interest in computer science and cybersecurity.more » « less
-
Haldorai, Anandakumar (Ed.)Cybersecurity affects us all in our daily lives. New knowledge on best practices, new vulnerabilities, and timely fixes for cybersecurity issues is growing super-linearly, and is spread across numerous, heterogeneous sources. Because of that, community contribution-based, question and answer sites have become clearinghouses for cybersecurity-related inquiries, as they have for many other topics. Historically, Stack Overflow has been the most popular platform for different kinds of technical questions, including for cybersecurity. That has been changing, however, with the advent of Security Stack Exchange, a site specifically designed for cybersecurity-related questions and answers. More recently, some cybersecurity-related subreddits of Reddit, have become hubs for cybersecurity-related questions and discussions. The availability of multiple overlapping communities has created a complex terrain to navigate for someone looking for an answer to a cybersecurity question. In this paper, we investigate how and why people choose among three prominent, overlapping, question and answer communities, for their cybersecurity knowledge needs. We aggregated data of several consecutive years of cybersecurity-related questions from Stack Overflow, Security Stack Exchange, and Reddit, and performed statistical, linguistic, and longitudinal analysis. To triangulate the results, we also conducted user surveys. We found that the user behavior across those three communities is different, in most cases. Likewise, cybersecurity-related questions asked on the three sites are different, more technical on Security Stack Exchange and Stack Overflow, and more subjective and personal on Reddit. Moreover, there appears to have been a differentiation of the communities along the same lines, accompanied by overall popularity trends suggestive of Stack Overflow’s decline and Security Stack Exchange’s rise within the cybersecurity community. Reddit is addressing the more subjective, discussion type needs of the lay community, and is growing rapidly.more » « less
-
This Innovative Practice Work-in-Progress paper presents a virtual, proactive, and collaborative learning paradigm that can engage learners with different backgrounds and enable effective retention and transfer of the multidisciplinary AI-cybersecurity knowledge. While progress has been made to better understand the trustworthiness and security of artificial intelligence (AI) techniques, little has been done to translate this knowledge to education and training. There is a critical need to foster a qualified cybersecurity workforce that understands the usefulness, limitations, and best practices of AI technologies in the cybersecurity domain. To address this import issue, in our proposed learning paradigm, we leverage multidisciplinary expertise in cybersecurity, AI, and statistics to systematically investigate two cohesive research and education goals. First, we develop an immersive learning environment that motivates the students to explore AI/machine learning (ML) development in the context of real-world cybersecurity scenarios by constructing learning models with tangible objects. Second, we design a proactive education paradigm with the use of hackathon activities based on game-based learning, lifelong learning, and social constructivism. The proposed paradigm will benefit a wide range of learners, especially underrepresented students. It will also help the general public understand the security implications of AI. In this paper, we describe our proposed learning paradigm and present our current progress of this ongoing research work. In the current stage, we focus on the first research and education goal and have been leveraging cost-effective Minecraft platform to develop an immersive learning environment where the learners are able to investigate the insights of the emerging AI/ML concepts by constructing related learning modules via interacting with tangible AI/ML building blocks.more » « less
-
The field of DevOps security education necessitates innovative approaches to effectively address the ever evolving challenges of cybersecurity. Adopting a student-centered approach, there is the need for the design and development of a comprehensive set of hands-on learning modules. In this paper, we introduce hands-on learning modules that enable learners to be familiar with identifying known security weaknesses, based on taint tracking to accurately pinpoint vulnerable code. To cultivate an engaging and motivating learning environment, our hands-on approach includes a pre-lab, hands-on and post-lab sections. They all provide introduction to specific DevOps topics and software security problems at hand, followed by practicing with real world code examples having security issues to detect them using tools. The initial evaluation results from a number of courses across multiple schools show that the hands-on modules are enhancing the interests among students on software security and cybersecurity, while preparing them to address DevOps security vulnerabilities.more » « less