An official website of the United States government
The critical shortage of cyber security professionals has driven faculty interest in adding this to the curriculum, and it was added to the ACM/ IEEE Model Curriculum of 2013. This is a subject that demands hands-on exercises. There has been a modest increase in the number of such exercises, but the limit is usability. Most faculty do not have the time to create their own exercises, modify and install VMs, and set up assessment mechanisms. EDURange is a framework for accessing, developing and assessing interactive cybersecurity exercises. It has a range of exercises from introductory to advanced. We will demo an introductory exercise about using the command line and an advanced exercise about network scanning. We want to reach and engage as many faculty as possible, so that they can develop their own exercises. EDURange uses VMs in the cloud. Students only need an ssh-client. We have built tools to give faculty detailed information on how students are doing. This allows instructors to more easily see when students are stuck or heading in the wrong direction. The exercises we have created have manuals that instructors can use. Information about EDURange can be found at https://edurange.org.
more »
« less
Cybersecurity Exercises in the Age of LLMs
In this tutorial, we will introduce a cybersecurity education framework for developing polymorphic hands-on exercises. Many faculty readily acknowledge the importance of cybersecurity in the Computer Science curriculum, but there are still barriers to integrating it into existing courses. One of those barriers is the fact that in most courses, the current content fills the entire term. Another issues is that faculty don't have time and expertise to create new content that would fit well with their current content and style. The third problem is that exercises created should be resistant to solution by LLMs. We have developed cybersecurity exercises that combine two principles: environment specificity and polymorphism. Environment specificity means that the solutions to the exercise should depend on the local environment (LLMs don't have access to that information). In this context, polymorphism means that they can be easily modified each time that the class is taught.
more »
« less
- Award ID(s):
- 2216492
- PAR ID:
- 10595454
- Publisher / Repository:
- Consortium for Computing Sciences in Colleges
- Date Published:
- Journal Name:
- Journal of computing sciences in colleges
- Volume:
- 40
- Issue:
- 1
- ISSN:
- 1937-4771
- Page Range / eLocation ID:
- 25-27
- Subject(s) / Keyword(s):
- computer science education LLMs
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Cybersecurity expertise continues to be relevant as a means to confront threats and maintain vital infrastructure in our increasingly digitized world. Public and private initiatives have prioritized building a robust and qualified cybersecurity workforce, requiring student buy-in. However, cybersecurity education typically remains siloed even within computer and information technology (CIT) curriculum. This paper's goal is to support endeavors and strategies of outreach to encourage interest in cybersecurity. To this end, we conducted a survey of 126 CIT students to investigate student perceptions of cybersecurity and its major crosscutting concepts (CCs). The survey also investigates the prevalence of preconceptions of cybersecurity that may encourage or dissuade participation of people from groups underrepresented in computing. Regardless of prior learning, we found that students perceive cybersecurity as a relatively important topic in CIT. We found student perspectives on conceptual foundations of cybersecurity were significantly different (p < .05) than when simply asked about "cybersecurity," indicating many students don't have an accurate internal construct of the field. Several previously studied preconceptions of cybersecurity were reported by participants, with one misconception - that cybersecurity "requires advanced math skills" - significantly more prevalent in women than men (p < .05). Based on our findings, we recommend promoting cybersecurity among post-secondary students by incorporating elements of cybersecurity into non-cybersecurity CIT courses, informed by pedagogical strategies previously used for other topics in responsible computing.more » « less
-
Foundational engineering courses are critical to student success in engineering programs. The conceptually challenging content of these courses establishes the requisite knowledge for future classes. Thus, it is no surprise that such courses can serve as barriers or gatekeepers to successful student progress through the undergraduate curriculum. Although the difficulty of the courses may be necessary, often other features of the course delivery such as large class environments or a few very high-stakes assessments can further exacerbate these challenges. And especially problematic, past studies have shown that grade penalties associated with these courses and environments may disproportionately impact women. On the faculty side, institutions often turn to non-tenure track instructional faculty to teach multiple sections of foundational courses each semester. Although having faculty whose sole role is dedicated to quality teaching is an asset, benefits would likely be maximized when such faculty have clear metrics for paths to promotion, some autonomy and ownership regarding the curriculum, and overall job satisfaction. However, literature suggests that faculty, like students, note ill effects from large classes, such as challenges connecting and building rapport with students and having time to offer individualized feedback to students. Our NSF IUSE project focuses on instructors of large foundational engineering students with the belief that by better understanding the educational environment from their perspective we can improve the quality of the teaching and learning environment for all engineering students. Our project regularly convenes faculty teaching an array of core courses (e.g,. Mathematics, Chemistry, Mechanics, Physics) and uses insights from these meetings and individual interviews to identify possible leverage points where our project or the institution more broadly might affect change. Parallel to this effort, we have been working with data stewards on campus to gain access to institutional data (e.g., student course and grade histories, student evaluations of faculty teaching) to link and provide aggregate deidentified results to faculty to feed more information in to their decision-making. We are demonstrating that regular engagement between faculty and institutional leaders around analyzed and curated data is essential to continuous and systematic improvement. Efforts to date have included building an institutional data explorer dashboard (e.g., influences of pre-requisite courses on future courses) and drafting reports to be sent to department heads and associate deans which gather priorities identified in the first year of our research. For example, participating instructors identified that clarity of promotion paths across non-tenure track teaching faculty from different departments varied greatly, and the institution as a whole could benefit from clarified university-wide guidance. While some findings may be institution-specific (NSF IUSE Institutional Transformation track), as a large public research institution, peer-institutions with high engineering enrollments often face similar challenges and so findings from our change efforts potentially have broad applicability.more » « less
-
The increasing cyber threats to online systems have resulted in the need for a more inclusive approach to educating the broader population on preventative measures to reduce the impact of these threats. It is estimated that the cybercrime cost to the world will be $10.5 trillion annually by 2025. No longer can cybersecurity courses be specialized courses in university curricula, but some of these courses need to become core courses for all students. These courses should not only be tailored for university and college students but also be required to thread the curricula, starting in elementary schools. This paper describes our experiences conducting a collaborative cybersecurity project to increase access to undergraduate cybersecurity education. The project was funded by the NSF and Cyber Florida. The project was a collaboration between two Florida public universities. One university is a large urban Hispanic-Serving Institution. We describe how the Software Engineering and Programming Cyberlearning Environment (SEP-CyLE), in conjunction with other cybersecurity systems, was used to develop basic cybersecurity materials, labs, and activities for undergraduate students and instructors. SEP-CyLE motivates students to learn in an interactive environment where they can provide feedback to their peers while employing three learning and engagement strategies (LESs). These LESs include collaborative learning, gamification, and social interaction. We present the objectives of the project, describe how the objectives were met, briefly describe SEP-CyLE, and provide data showing students’ interactions with SEP-CyLE. The data retrieved from SEP-CyLE provides insight into how the learning environment was used, students’ performance on the learning objects, and the impact of the LESs on students’ overall performance in an introductory cybersecurity course.more » « less
-
In order to address the cybersecurity education and workforce challenges, we need a greater number of prepared faculty. In this workshop, we will introduce the EDURange framework, present one or two hands-on exercises that faculty can try, and discuss how they can be taught in classes.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- The DOI is not currently available.
