Join Login

Membership and collaboration facilitated by Member 365.


Join Login

Membership and collaboration facilitated by Member 365.

24th Colloquium

November 4 - 5, 2020

Online Sessions

24th Colloquium - Agenda

The Colloquium for Information Systems Security Education is hosting two days of FREE online seminars this November. This will be the first of a series of remote events for members, with the initial offering open to past conference attendees and guests. For event information, please click here.

The 24th Colloquium has concluded, the following information remains for post-event reference.

  • Session 1

    November 4th

    Introduction & Welcome

    24th Colloquium Kick-off

    • 11:00 AM EST
    • 8:00 AM PST
    • 4:00 PM GMT


    Although 2020 is the Year of the Crisis, Only One is New

    • 11:15 AM EST
    • 8:15 AM PST
    • 4:15 PM GMT


    “What’s in it for me?”: Growing a Cyber Security Education Community

    • 11:45 AM EST
    • 8:45 AM PST
    • 4:45 PM GMT


    Sponsor update

    • 12:05 PM EST
    • 9:05 AM PST
    • 5:05 PM GMT

    Paper Introduction

    Exploring Security Challenges

    • 12:10 PM EST
    • 9:10 AM PST
    • 5:10 PM GMT

    Paper Session 1

    Integration of Blockchain Concepts into Computer Science Curriculum

    • Eric Sakk, Paul Wang
    • 12:15 PM EST
    • 9:15 AM PST
    • 5:15 PM GMT

    Paper Session 4

    Experiential Activities for Risk Management Education

    • Michael Whitman, Bob Chaput
    • 12:35 PM EST
    • 9:35 AM PST
    • 5:35 PM GMT

    Paper Session 3

    Higher Education Social Engineering Attack Scenario, Awareness & Training Model

    • Thai Nguyen
    • 12:55 PM EST
    • 9:55 AM PST
    • 5:55 PM GMT

    Special Session

    How to Use the 20 Critical Controls in Your Business

    • 1:15 PM EST
    • 10:15 AM PST
    • 6:15 PM GMT

    Session I Close

    Sessions Wrap Up

    • 1:35 PM EST
    • 10:35 AM PST
    • 6:35 PM GMT
  • Session 2

    November 4th

    Session II Open

    Session Introduction

    • 3:00 PM EST
    • 12:00 PM PST
    • 8:00 PM GMT

    National Cyber League (NCL)

    Sponsor Update

    • 3:10 PM EST
    • 12:10 PM PST
    • 8:10 PM GMT

    Paper Introduction

    Focus on Student Performance

    • 3:15 PM EST
    • 12:15 PM PST
    • 8:15 PM GMT

    Paper Session 5

    Evaluating the Effectiveness of Gamification on Students’ Performance in a Cybersecurity Course

    • Fikirte Demmese
    • 3:20 PM EST
    • 12:20 PM PST
    • 8:20 PM GMT

    Paper Session 6

    Judging Competencies in Recent Cybersecurity Graduates

    • John Girard
    • 3:40 PM EST
    • 12:40 PM PST
    • 8:40 PM GMT

    Paper Session 7

    Tempting High School Students into Cybersecurity with a Slice of Raspberry Pi

    • Sandra Gorka
    • 4:00 PM EST
    • 1:00 PM PST
    • 9:00 PM GMT

    Paper Introduction

    Building Better Educational Programs

    • 4:20 PM EST
    • 1:20 PM PST
    • 9:20 PM GMT

    Paper Session 8

    Applied Cyber Security for Applied Software Engineering Undergraduate Program

    • Yulia Cherdantseva
    • 4:25 PM EST
    • 1:25 PM PST
    • 9:25 PM GMT

    Paper Session 9

    Building Capacity for Systems Thinking in Higher Education Cybersecurity Programs

    • Connie Justice, D. Cragin Shelton
    • 4:45 PM EST
    • 1:45 PM PST
    • 9:45 PM GMT

    Paper Session 10

    Enhancing Cyber Defense Preparation Through Interdisciplinary Collaboration, Training, and Incident Response

    • Tristen Amador
    • 5:05 PM EST
    • 2:05 PM PST
    • 10:05 PM GMT

    Session II Close

    Sessions Wrap Up

    • 5:25 PM EST
    • 2:25 PM PST
    • 10:25 PM GMT
  • Session 3

    November 5th

    Session III Open

    Session Introduction

    • 11:00 AM EST
    • 8:00 AM PST
    • 4:00 PM GMT


    U.S. Equities Process

    • 11:10 AM EST
    • 8:10 AM PST
    • 4:10 PM GMT

    The Colloquium

    Annual Awards

    • 11:40 AM EST
    • 8:40 AM PST
    • 4:40 PM GMT

    Jones & Bartlett Learning

    Sponsor update

    • Mike Sullivan, Ned Hinman
    • 11:55 AM EST
    • 8:55 AM PST
    • 4:55 PM GMT

    Paper Introduction

    Vital Passwords

    • Stephen Miller
    • 12:00 PM EST
    • 9:00 AM PST
    • 5:00 PM GMT

    Paper Session 11

    Weak Password Policies: A Lack of Corporate Social Responsibility

    • Tobi West
    • 12:05 PM EST
    • 9:05 AM PST
    • 5:05 PM GMT

    Paper Session 12

    Do Users Correctly Identify Password Strength?

    • Nikki Robinson
    • 12:25 PM EST
    • 9:25 AM PST
    • 5:25 PM GMT

    Paper Introduction

    Watching the Adversary

    • William Butler
    • 12:45 PM EST
    • 9:45 AM PST
    • 5:45 PM GMT

    Paper Session 13

    An Experimental setup for Detecting SQLi Attacks using Machine Learning Algorithms

    • Binh An Pham, Vinitha Subburaj
    • 12:50 PM EST
    • 9:50 AM PST
    • 5:50 PM GMT

    Paper Session 14

    Follow the Money Through Apple Pay

    • Yen-Hung (Frank) Hu
    • 1:10 PM EST
    • 10:10 AM PST
    • 6:10 PM GMT

    Paper Session 2

    Quantum Cryptography Exercise Schedules with Concept Dependencies

    • Abhishek Parakh
    • 1:30 PM EST
    • 10:30 AM PST
    • 6:30 PM GMT

    The Colloquium

    Conference Announcement

    • 1:50 PM EST
    • 10:50 AM PST
    • 6:50 PM GMT


    Session Complete

    • 1:55 PM EST
    • 10:55 AM PST
    • 6:55 PM GMT

William "Vic" Maconachy


The Colloquium for Information Systems Security Education

Dr. Maconachy holds a PhD in education from The University of Maryland and has earned several certifications to include Two Professionalization Certifications from The NSA, and appointed a fellow of ISC2. Dr. Machonachy obtained Top Secret clearance while employed with the U.S. Navy and National Security Agency.

Dr. Maconachy is a co-founder and currently the Chairman of Colloquium for Information Systems Security Education. After retiring from federal service, Dr. Maconachy served as Vice President for Academic Affairs/Chief Academic Officer at Capitol Technology University. Dr. Maconachy served our nation by working at The National Security Agency where he held increasing responsibilities. While there he developed the National Centers of Academic Excellence in Information Assurance Education, and led the development of the first national education and training standards in what is now cybersecurity education. Prior to that he served as an education specialist for the United States Navy, developing technical training programs in the cryptology field. Dr. Maconachy taught in Prince George's County Public Schools, Maryland, and Allegany County Public Schools, Maryland.

Dr. Maconachy has over 30 publications and contributing authorships. Dr. Maconachy's, A Model for Information Assurance: An Integrated Approach, was used as a teaching model in several U.S. Military academies. His numerous awards include Department of Defense - Meritorious Service Award, and Secretary of Navy Commendation (for actions overseas).

Denise Kinsey

Vice Chariman

The Colloquium for Information Systems Security Education

Denise Kinsey, Ph.D, CISSP, C|CISO, has been in cybersecurity for many years serving the private sector and academia. She holds many cybersecurity certifications and has held several high-profile positions with her work with law enforcement and corporations. She serves on the CISSE board and welcomes your feedback and membership in CISSE.

Charles Clarke

Lecturer in Cyber Security at Kingston University

CISSE UK & Kingston University

Charles is the Course Leader for the undergraduate Cyber Security and Computer Forensics programme at Kingston University. He has extensive experience of delivering creative, engaging and innovative learning experiences at both undergraduate and NCSC certified postgraduate levels.

His technical interests include cyber range development, cyber scenario and simulation modelling, steganography and distributed ledger technologies (including blockchain).

Charles is also a founding member of CISSE UK, a not for profit community interest organisation for UK cyber security educators.

Prior to academia, Charles worked extensively in the IT industry at all levels, including senior management and directorships. Previous work experience has included full-time and consulting roles with many organisations in numerous countries, examples of which include; Wireless Knowledge, Qualcomm (San Diego), Microsoft (Seattle), Smartone (Hong Kong), AIOC Corporation (Beijing, Cologne, Amsterdam, New York, Zug), BT Labs (Martlesham), Dresdner Klienwort, Merrill Lynch, JP Morgan and SHL SystemHouse (London). His experience also extends to consultancy for tech start-ups, most recently as a technical advisor to a number of Blockchain start-up businesses.

Kayne McGladrey

CISO; Global Cybersecurity Expert; Thought Leader

IEEE Computer Society (IEEE CS)

The modern company has an implicit social contract to protect the data entrusted to it. As a cybersecurity professional, my role is to advise companies on how to uphold that social contract by managing risks and deterring and denying threat actors. My consultative approach is the result of decades of experience working with Fortune 500 and Global 1000 companies.

The ability to fluently speak the languages of both business and technology and effectively communicate complex concepts to non-technical audiences has not only facilitated conversation with company leadership in developing and implementing effective policies to reduce cyber threat, it has made me the go-to person for multiple media outlets and a spokesperson for IEEE’s Public Visibility Initiative.

One of my career priorities is to inspire under-represented communities to pursue careers in cybersecurity. Talent is not limited by geography or background. Because I look beyond the usual circles for talent, trust their abilities, and have an eagerness to help people succeed, I have been able to build effective teams despite the continued challenges of low unemployment in cybersecurity careers.

Wesley Alvarez

Director of Academics


Wesley Alvarez is a native of western New York with a passion for Cybersecurity education and new technologies. His experience comes with over 12 years in strategic program development in compliance with industry accrediting standards, while supporting an academic network of over 2,500 institutions at both secondary and post-secondary levels. His focus in higher education includes cyber security learning technologies, certification, publishing, thought leadership, program design, implementation, and more. He has supported EC-Council's cyber security education initiatives from 2008 to 2014 via Axzo Press publishing (Rochester, NY) and in May of 2014, he transitioned from Axzo Press to EC-Council (Tampa, FL) to lead EC-Council’s academic division.

Throughout his career, Wesley worked on project development, program mapping, and course integration for published learning resources for organizations such as Microsoft, Oracle, CISCO, and Adobe, and more. Transitioning to lead EC-Council’s Academic division, Wesley began to focus on stackable credentials and student career pathways within education environments, while also working on workforce initiatives via EC-Council certification curriculum and technologies. Wesley's vision is to bridge the gap between the ever changing Information Security industry and higher education classrooms to ensure students transitioning to their professional careers are properly equipped with a career-based education.

Wesley is also the co-creator of the widely recognized EC-Council Academia Partner program, a program that supports institutions and tens of thousands of students each year with hand’s on, tactical cyber security education courses via the EC-Council Academia Series. This series is geared towards NCWF workforce roles with certification accreditations by authorizing parties such as U.S. Department of Defense (DoD), American National Standards Institute (ANSI), and more. This program supports affordable certification for both students and faculty, skills competitions, supporting events, and workforce initiatives.

Costis Toregas

Director, Scholarship for Service (SFS) Four-Year & Senior Advisor

George Washington University

Costis Toregas is the Director of the Cyber Security and Privacy Research Institute at The George Washington University, where he manages and conducts research projects in cybersecurity. His research interests include workforce development, the role of insurance in cyber risk management, and exploring a fuller utilization of Community Colleges in the cybersecurity work force strategies. He is a Senior Advisor & Director, Scholarship for Service (SFS) Four-Year to the National CyberWatch Center. He is a respected consultant to national governments and intergovernmental organizations, and a much sought-after speaker on the impact of technology in government and society. Dr. Toregas has a B.S. in Electrical Engineering and a M.S. and a Ph.D. in Environmental Systems Engineering from Cornell University.

Richard George

Senior Advisor for Cyber Security

Johns Hopkins University Applied Physics Lab
Richard M. (Dickie) George is the Senior Advisor for Cyber Security at the Johns Hopkins University Applied Physics Lab. At the Lab, he works on a number of projects sponsored by the US Government and provides oversight on additional efforts. He works with senior management at the Lab on cyber strategy for protection of critical national systems. He is also the APL representative to the I3P, a consortium of universities, national labs, and non-profit institutions dedicated to strengthening the cyber infrastructure of the United States. Prior to joining APL, he worked at the National Security Agency as a mathematician from 1970 until his retirement in 2011. While at NSA, he wrote more than 125 technical papers on cryptomathematical subjects, and served in a number of positions: analyst, and technical director at the division, office, group, and directorate level. He served as the Technical Director of the Information Assurance Directorate for eight years until his retirement.

Integration of Blockchain Concepts into Computer Science Curriculum

Eric Sakk, Shuangbao Paul Wang

In this work, we consider the nexus between blockchain technology and computer science curriculum. While it is possible to introduce the blockchain paradigm using a single course, the depth of a single topic can often be sacrificed at the expense of covering a breadth of information. As blockchain is an emerging technology, it is important to embed various concepts throughout the undergraduate curriculum with the depth necessary to reinforce each facet. Using a just in time approach, we define exactly where and how blockchain topics relevant to computer science should be introduced. As a means for active learning pedagogy, we introduce a lab framework for students to gain hands-on experience. Finally, we describe collaborations with industry to provide mentorship and internship opportunities.

Quantum Cryptography Exercise Schedules with Concept Dependencies

A. Parakh, V. Bommanapally, P. Chundi, M. Subramaniam

The design of a gamified instructional paradigm requires careful identification of concepts, concept dependencies, and concept flow in order to achieve maximum student proficiency, in a subject matter, while maintaining engagement. This is especially true for difficult and counter-intuitive fields such as quantum cryptography. In this paper, we present an abstraction of concepts that are needed to learn quantum key distribution in a gamified environment. This is coupled with a powerful adaptive navigation algorithm that guides students from one exercise to the next in the game such that maximum proficiency is achieved in various concepts associated with each exercise. The student traverses through different lessons in the game achieving the lesson outcomes in an efficient manner. This represents the first of its kind abstraction of quantum cryptography concepts and a navigation algorithm for a gamified paradigm.

Higher Education Social Engineering Attack Scenario, Awareness & Training Model

Thai H. Nguyen, Sajal Bhatia

In today’s information security ecosystem, hackers and threat actors are increasingly using social engineering tactics to circumvent advanced technical security technologies. While every year there are vast leaps in technical security systems, one critical dynamic, the human psychology still needs a dire upgrade to their operating system. The human dynamic and our innate psychological processing algorithms need a new approach to mitigate social engineering attacks. Higher education institutions are prime target for social engineering engagement missions as they house a large diverse population of faculties, students, alumni, and employees in their ecosystem. This diversity paired with increasing inclusion of international individuals only expands the existing dynamic vulnerable landscape, thereby requiring innovative methods to secure it. In this paper, the authors utilize an existing framework to develop nine specialized and publicly available social engineering attack scenarios geared toward a higher education environment. The paper also proposes preliminary models for social engineering awareness and training to combat such attacks. The effectiveness of the proposed models will be assessed by comparing pre- and post- awareness surveys as part of the future work.

Experiential Activities for Risk Management Education

Michael E. Whitman, Robert L. Chaput

A core premise in the instruction of Information Security/Cybersecurity is that risk management is a cornerstone of security management, as evidenced in the promotion of GRC (Governance, Risk Management and Compliance) as the strategic triad in the trade press. While a theoretical exploration of risk management is important, the provision of an experiential activity to support the theory is valuable in cementing the knowledge in students. This paper will discuss popular risk management methodologies and examine a number of tools to support the instruction of the more common methodologies by instructors without substantial cost or learning curve.

Evaluating the Effectiveness of Gamification on Students’ Performance in a Cybersecurity Course

Fikirte Demmese, Xiaohong Yuan, Darina Dicheva

The motivation of students to actively engage in course activities has significant impact on the outcome of academic courses. Prior studies have shown that innovative instructional interventions and course delivery methods have a vital role in boosting the motivation of students. Gamification tools aid course delivery by utilizing well established game design principles to enhance skill development, routine practice and self-testing. In this article, we present a study on how the use of a course gamification platform dubbed OneUp impacts the motivation of students in an online cyber security course. The study shows that more than 90% of the respondents agreed that OneUp has improved the effectiveness of the course delivery. In addition, 75% of the respondents want to use OneUp in their future courses. Furthermore, our analysis shows that OneUp has improved the median grade of students from B+ to A- compared to the same course delivered the previous year without using OneUp.

Judging Competencies in Recent Cybersecurity Graduates

Nelbert St. Clair, John Girard

This innovative research project chronicles how cybersecurity professionals and professors rate recent cybersecurity graduates in the components of Cybersecurity Competency Model. Noteworthy findings included that information technology graduates exhibit poor reading, writing, and some communication skills; there was a statistically significant difference between the two groups in their thoughts on the importance of mathematics; and there was a significant difference between the two groups pertaining to (a) planning and organization and (b) working with tools of technology.

Tempting High School Students into Cybersecurity with a Slice of Raspberry Pi

Sandra Gorka, Alicia McNett, Jacob R. Miller, Bradley M. Webb

Improving the Pipeline is an NSF grant project [1] to extend the Information Assurance and Cybersecurity pipeline into the high school environment by offering an after-school for college credit course to students. This paper discusses the use of an isolated and portable Raspberry Pi network within the course.

Applied Cyber Security for Applied Software Engineering Undergraduate Program

Yulia Cherdantseva, Phil Smart

In the current landscape where a constantly growing number of cyber threats is accompanied by the increasing shortage of cyber security professionals, it is essential to provide a well thought-out hands-on cyber security education as a part of all Computer Science and Software Engineering degrees. This paper described the experience of designing and delivering a Cyber Security module to Level 5 students on a three-year BSc Applied Software Engineering program. The key goal of the module is to instil the importance of cyber security in software development, and to teach in practice modern security techniques. While being predominantly focused on web-application security, the module also covers foundational cyber security concepts, cryptography and network security, and discusses non-technical topics including security frameworks and security economics. The paper presents the outline of the module, the configuration of the virtual machine used, the structure and content of sessions.

Building Capacity for Systems Thinking in Higher Education Cybersecurity Programs

Esther A. Enright, Connie Justice, Sin Ming Loo, Eleanor Taylor, Char Sample, D. Cragin Shelton

The decentralized nature of cybersecurity programs in higher education leads to a lack of unifying knowledge, skills, and dispositions in the cybersecurity workforce. The emphasis on teaching the latest technologies and techniques without a sufficient foundation in systems thinking could result in graduating students without the capacity to function as constructive agents operating in complex systems. Having a unifying, cohesive cybersecurity systems framework can bridge some of these gaps. In this article, we argue that cybersecurity programs and courses must contextualize their instruction on a specific topic by teaching students to situate their learning on the system level. Additionally, we suggest that active learning strategies, in particular case study analysis and concept mapping, are particularly well suited to support this type of student learning. This article presents a cohesive framework for teaching systems thinking in cybersecurity programs and courses. The framework is designed to support meaningful reform in the currently decentralized, (mostly) unregulated academic ecosystem that manages the preparation of our cybersecurity workforce.

Enhancing Cyber Defense Preparation Through Interdisciplinary Collaboration, Training, and Incident Response

Tristen K. Amador, Roberta A. Mancuso, Erik L. Moore, Steven P. Fulton, Daniel M. Likarish

To enhance the capabilities of a cyber defense collaborative, a psychometric analysis team was embedded in a collaborative incident response team. Collaborative incident response community members included the State of Colorado, the Colorado National Guard, Regis University, private companies, and others. The collaborative training developed when National Guard leadership saw the Rocky Mountain Collegiate Cyber Defense Competition held at Regis, and planning began around the potential of collaborative training. The case presented shows the progressive efforts that allowed this to move from enhancing training exercises to being embedded during live cyber defense operations. Some outcomes of the psychometric evaluation are presented here as an embedded quantitative study within the framing case analysis. The case analysis is then used to formulate a generalized model designed to support opportunities for a range of interdisciplinary collaboration in support of technical endeavors with operations security requirements as exemplified by cyber defense. The resulting model provides a framework for expanding research to other disciplines.

Weak Password Policies: A Lack of Corporate Social Responsibility

Tobi A. West

Data breaches continue to occur as weak password policies prevail on major websites, at costs reaching billions of dollars annually. Password attacks are a known cause of data breaches and abuse of user accounts. Enforcing strong password policies should be considered part of an organization’s corporate social responsibility. Major technology companies are socially obligated to go beyond internal policies to strengthen their password policies for external-facing consumer accounts to help reduce the risk of data breaches or sensitive data exposure. Strong, enforceable password policies are beneficial to reduce the risk of successful network attacks and prevent unauthorized access to sensitive data stored in online consumer accounts. This study includes a compilation of current password policies for major social media sites, online streaming services, and online retailers to demonstrate the lack of strong password requirements across multiple industries and spanning decades of corporate establishment in the online environment. Recommendations are provided for organizations to strengthen their password policies to align with NIST Special Publication 800-63-3 as part of their corporate social responsibility to provide protection for sensitive consumer data for millions of customers and online marketplace sellers.

Do Users Correctly Identify Password Strength?

Jason M. Pittman, Nikki Robinson

Much of the security for information systems rests upon passwords. Yet, the scale of password use is producing elevated levels of cognitive burden. Existing research has investigated the effects of this cognitive burden with a focus on weak versus strong passwords. However, the literature presupposes that users can meaningfully identify such. Further, there may be ethical implications of forcing users to identify password strength when they are unable to do so. Accordingly, the purpose of this study was to measure what socioeconomic characteristics, if any, led participants to identify weak and strong password strengths in a statistically significant manner. We gathered 436 participants using Amazon’s Mechanical Turk platform and asked them to identify 50 passwords as either weak or strong. Then, we employed a Chi-square test of independence to measure the potential relationship between three socioeconomic characteristics (education, profession, technical skill) and the frequency of correct weak and strong password identification. The results show significant relationships across all variable combinations except for technical skill and strong passwords which revealed no relationship.

An Experimental setup for Detecting SQLi Attacks using Machine Learning Algorithms

Binh An Pham, Vinitha Hannah Subburaj

SQL injection attacks (SQLi attacks) have proven their danger on several website types such as social media, e-shopping, etc... In order to prevent such attacks from occurring, this research effort investigates on efficient ways of detection and prevention, so that we can preserve each cyber-user’s right of privacy. This research effort is aimed at investigating and looking at different ways to protect websites from SQL injection attacks. In this research effort, machine learning algorithms were used to detect such SQLi attacks. Machine Learning (ML) algorithms are algorithms that can learn from the data provided and infer interesting results from the dataset. We used SQL code and user input as our data and ML algorithms to detect malicious code. The machine learning model developed in this research can detect such attacks from happening in future. The precision and accuracy of the machine learning algorithms in terms of predicting the SQLi attacks has been calculated and reported in this research paper.

Follow the Money Through Apple Pay

Dominicia Williams, Yen-Hung (Frank) Hu, Mary Ann Hoppa

Rapid growth in the number of mobile phones and their users has brought ecommerce applications and mobile payments to the forefront along with raising significant new cybersecurity concerns. Consumer enthusiasm for “tap-and-go” purchases must be tempered with knowledge about new risks and responsibilities that come along with these payment technologies. This paper highlights and analyzes key risks within end-to-end mobile-payment transactions through the lens of one of the most popular services: Apple Pay. Hackers are relentlessly adapting their ploys to breach these payment systems. Proactive approaches are identified to better secure vulnerabilities in smartphones, networks, communication, consumers, merchants and banks, along with practical, proactive countermeasure and action plans.

Companion Journal

Papers to be presented at the 24th Colloquium are available for purchase. Print edition is available on Amazon, with digital download through the CISSE portal store.

Our gratitude to our esteemed sponsors for making this event possible.

Questions about the event? Please contact:

Operations Manager

Last modified on Sunday, 25 October 2020 21:39

The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

24th Colloquium

The virtual event has concluded. Thank you for your interest.


Recent Posts