skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Integrating Cybersecurity Concepts Across Undergraduate Computer Science and Information Systems Curriculum
The global Cybersecurity skill gap in 2020 is about 3.1 million and the Cybersecurity staff shortage is about 69%. Universities are waking up to the need for developing skills in Cybersecurity. Though many Universities offer a master’s degree in Cybersecurity, it is impractical to fill this huge demand for Cybersecurity through only graduate degree holders. After careful analysis, it has become evident that there is a gap in the curriculum as it relates to training for Cybersecurity concepts in foundational computing courses for students. To be more specific, there is relatively less focus on the infusion of Cybersecurity concepts in undergraduate computing courses and its impact on classroom practices. This paper serves to address this gap by providing an experience in infusing, teaching, and assessing Cybersecurity modules in various undergraduate computing courses that immerse students in real-world Cybersecurity practices through active learning.  more » « less
Award ID(s):
1818722
PAR ID:
10264185
Author(s) / Creator(s):
;
Date Published:
Journal Name:
2021 ASEE Annual Conference
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; (, ASEE Annual Conference proceedings)
    Nowadays, cyberattack incidents are happening on a daily basis. As a result, the demand for a larger and more challenging workforce is increasing. To handle this demand, academic institutions offer cybersecurity courses and degree programs into their curricula; however, more efforts are needed to address the high demand of the cybersecurity workforce. This work aims to bridge the gap between workforce shortage and the number of qualified graduates to fill the positions. We approach this by introducing cybersecurity concepts at the early stage of undergraduate curricula of computer science and engineering programs. Secure programming is critical as many cybersecurity incidents happen due to software vulnerabilities. However, most UG-level programming courses pay little attention to secure programming practices. As a result, many students graduate with limited knowledge of security vulnerabilities that might plague the developed software. Our goal in this work is to introduce secure programming at introductory level programming courses so that students should be aware of cybersecurity issues and use this security mindset in advanced level courses and projects in their degree programs. To accomplish this goal, we developed intuitive and interactive modules emphasizing secure programming in C++ and Java courses to help students become secure software developers. These modules will be used alongside the coursework to emphasize certain vulnerabilities within the programming environment of a specific language and allow students to learn cybersecurity topics, enforcing a solid foundation and understanding. We developed cybersecurity educational modules for C++ and Java as they are amongst the popular languages and used in introductory programming courses. While designing these modules, we kept in mind that the topics must be relevant to real-world issues in the software industry. We used a variety of resources and benchmarks to ensure the authenticity of our chosen topics, including Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE). While choosing module topics to develop, we had some restrictions. For example, the topics must be introductory and easy to understand. These modules are geared towards freshman or sophomore-level UG students who have just started programming. The developed security modules have four components: power-point slides, lab description, code template for the lab, and complete solution. The complete solution for each module will be provided to the instructors to check students’ work if they adopt the modules in their courses. The modules developed for a C++ programming course include labs on input validation, integer overflow, random number generation, function call with incorrect argument type, and dangling pointers. In Java, we developed lab modules for input validation, integer overflow, null object reference, random number generator, and data encapsulation. 
    more » « less
  2. ; ; ; (, Proceedings of ACM Practical Experience in Advanced Research Computing Conference (PEARC’19))
    As the volume and sophistication of cyber-attacks grow, cybersecurity researchers, engineers and practitioners rely on advanced cyberinfrastructure (CI) techniques like big data and machine learning, as well as advanced CI platforms, e.g., cloud and high-performance computing (HPC) to assess cyber risks, identify and mitigate threats, and achieve defense in depth. There is a training gap where current cybersecurity curricula at many universities do not introduce advanced CI techniques to future cybersecurity workforce. At Old Dominion University (ODU), we are bridging this gap through an innovative training program named DeapSECURE (Data-Enabled Advanced Training Program for Cyber Security Research and Education). We developed six non-degree training modules to expose cybersecurity students to advanced CI platforms and techniques rooted in big data, machine learning, neural networks, and high-performance programming. Each workshop includes a lecture providing the motivation and context for a CI technique, which is then examined during a hands-on session. The modules are delivered through (1) monthly workshops for ODU students, and (2) summer institutes for students from other universities and Research Experiences for Undergraduates participants. Future plan for the training program includes an online continuous learning community as an extension to the workshops, and all learning materials available as open educational resources, which will facilitate widespread adoption, adaptations, and contributions. The project leverages existing partnerships to ensure broad participation and adoption of advanced CI techniques in the cybersecurity community. We employ a rigorous evaluation plan rooted in diverse metrics of success to improve the curriculum and demonstrate its effectiveness. 
    more » « less
  3. ; ; ; ; (, In Proceedings of the 53rd ACM Technical Symposium on Computer Science Education)
    Often, security topics are only taught in advanced computer science (CS) courses. However, most US R1 universities do not require students to take these courses to complete an undergraduate CS degree. As a result, students can graduate without learning about computer security and secure programming practices. To gauge students’ knowledge and skills of secure programming, we conducted a coding interview with 21 students from two R1 universities in the United States. All the students in our study had at least taken Computer Systems or an equivalent course. We then analyzed the students’ approach to safe programming practices, such as avoiding unsafe functions like gets and strcpy, and basic security knowledge, such as writing code that assumes user inputs can be malicious. Our results suggest that students lack the key fundamental skills to write secure programs. For example, students rarely pay attention to details, such as compiler warnings, and often do not read programming language documentation with care. Moreover, some students’ understanding of memory layout is cursory, which is crucial for writing secure programs. We also found that some students are struggling with even the basics of C programming, even though it is the main language taught in Computer Systems courses. 
    more » « less
  4. ; ; ; (, American Society for Engineering Education (ASEE))
    The increasing cyber threats to online systems have resulted in the need for a more inclusive approach to educating the broader population on preventative measures to reduce the impact of these threats. It is estimated that the cybercrime cost to the world will be $10.5 trillion annually by 2025. No longer can cybersecurity courses be specialized courses in university curricula, but some of these courses need to become core courses for all students. These courses should not only be tailored for university and college students but also be required to thread the curricula, starting in elementary schools. This paper describes our experiences conducting a collaborative cybersecurity project to increase access to undergraduate cybersecurity education. The project was funded by the NSF and Cyber Florida. The project was a collaboration between two Florida public universities. One university is a large urban Hispanic-Serving Institution. We describe how the Software Engineering and Programming Cyberlearning Environment (SEP-CyLE), in conjunction with other cybersecurity systems, was used to develop basic cybersecurity materials, labs, and activities for undergraduate students and instructors. SEP-CyLE motivates students to learn in an interactive environment where they can provide feedback to their peers while employing three learning and engagement strategies (LESs). These LESs include collaborative learning, gamification, and social interaction. We present the objectives of the project, describe how the objectives were met, briefly describe SEP-CyLE, and provide data showing students’ interactions with SEP-CyLE. The data retrieved from SEP-CyLE provides insight into how the learning environment was used, students’ performance on the learning objects, and the impact of the LESs on students’ overall performance in an introductory cybersecurity course. 
    more » « less
  5. ; ; ; (, The 2022 Annual Conference and Exposition)
    Prior scholarship on broadening participation in undergraduate computing education has made important contributions to supporting underrepresented students’ identity development and persistence. However, the specific experiences of low-income students are underexplored, and the critical juncture between undergraduate education and career or graduate school pathways are as well. For scholarship support programs to make a further impact on broadening participation in computing, it is critical to know low-income students’ viewpoints on the barriers, risks, and opportunities associated with different career pathways that influence their post-graduation plans. Our research seeks to better understand the future career pathway perceptions of low-income undergraduate computing students. We explore students’ perceptions of three specific pathways: pursuing a graduate degree, working for a large company, and becoming an entrepreneur. This study utilizes Bourdieu’s conception of economic capital, cultural capital, and social capital to understand low-income students’ perceptions of their future career pathways. This study is a part of a National Science Foundation-funded program that provides need-based scholarships, internship connections, research opportunities, and entrepreneurial education to low-income students pursuing a bachelor’s degree in computer science, information technology, cybersecurity, or computer engineering. The program includes three large, public universities in the Southeast United States and was launched in September 2021. We conducted semi-structured interviews with 16 participants from one of the participating universities to gather information about their perceptions of professional, graduate school, and entrepreneurial career pathways. The interviews were transcribed verbatim and analyzed using thematic coding. We found that the majority of our low-income participants plan to work for a large technology-focused company immediately after graduation. However, some participants indicated that the program’s scholarship, which covers up to two years of graduate education in a computing field, gives them the ability to consider pursuing a master’s degree between completing their bachelor’s degree and entering the workforce. Additionally, though many participants expressed that the idea of becoming an entrepreneur is appealing, the financial risks associated with entrepreneurship deter them from considering this career pathway themselves. Ultimately, our findings suggest that financial stability is a crucial consideration for low-income computing students as they contemplate their future goals. The participants’ responses demonstrate the importance of need-based financial aid and internship connections for low-income computing students. Furthermore, our findings indicate that intervention programs that aim to support low-income students’ career development should be more sensitive to the unique perspectives and financial concerns of low-income students when they promote graduate school and entrepreneurial pathways. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email