cart

Members

Join Login

Membership and collaboration facilitated by Member 365.

Members

Join Login

Membership and collaboration facilitated by Member 365.

25th Colloquium

October 4th to 6th, 2021

Online Sessions

25th Colloquium - Agenda

The 2021 conference of the Colloquium on Information Systems Security Education (CISSE) celebrates its 25th year as the senior and premier conference on Cybersecurity Education. The program will be a virtual / online conference from October 4th to 6th, 2021. The following is the program agenda for October sessions.

Sessions are in Central Time (CT).

The 25th Colloquium has concluded, the following information remains for post-event reference.

  • Monday

    Main

    Welcome

    Opening Remarks

    • 08:30 CT

    Keynote

    Defending your Network in a Contested and Congested Environment?

    • 09:00 CT

    Sponsor Spotlight

    • Eduardo Castro
    • 09:45 CT

    Session

    Employability Centred Projects: Academic Opportunities for Experiential Learning in Cyber Security

    • Charles Clarke
    • 09:50 CT

    Session

    CyBOK and its impact on the NCSC Certified Degrees Programme

    • Chris E2, NCSC
    • 10:20 CT

    Break

    • 10:50 CT

    Session

    Use the Case Study Methodology to Enhance Student Engagement and Learning

    • 11:00 CT

    Briefing

    Writing Workshop Report

    • 11:40 CT

    Lunch

    • 12:10 CT

    Sponsor Spotlight

    • Ned Hinman, David Lally
    • 13:00 CT

    Session

    Internet Human Trafficking

    • 13:05 CT

    Session

    Cyber Bullying

    • Erik Fretheim
    • 13:55 CT

    Session

    Adversarial Thinking

    • 14:30 CT

    Break

    • 15:15 CT

    Panel

    NSA DHC - CAE

    • 15:30 CT

    Session

    CMMC

    • 16:15 CT

    Papers & Courses

    Paper Sessions: K-12

    Introduction

    • 10:00 CT

    Paper 1

    High School Cybersecurity? Challenge Accepted – Radford University's RUSecure CTF Contest for High School Students

    • Joe Chase, Prem Uppuluri
    • 10:10 CT

    Paper 2

    Using Complexity Theory to Identify K-12+ Pedagogical Misalignment With a Security Mindset

    • Holly Hanna, Jane Blanken-Webb
    • 10:30 CT

    Break

    • 10:50 CT

    Course Walk-through: Group 1

    Introduction

    • 11:05 CT

    Course 1

    Enterprise Security course

    • Cheryl Resch
    • 11:10 CT

    Course 2

    TBA

    • Denise Kinsey
    • 11:30 CT

    Course 3

    IAS492A/B: IAS Seminar

    • 11:50 CT

    Lunch

    • 12:10 CT

    Paper Sessions: Education Theory

    Introduction

    • 13:00 CT

    Paper 3

    Cyber as a second language? A challenge facing cybersecurity education

    • Ben Scott, Raina Mason
    • 13:05 CT

    Paper 4

    Adapting Process-Oriented Guided Inquiry Learning (POGIL) for Online Teaching in Cybersecurity: Challenges and Recommendations

    • Yuming He, Wu He, Lida Xu, Xin Tian, Xiaohong Yuan, Li Yang, Jennifer Ellis
    • 13:25 CT

    Paper 5

    Knowledge Gaps in Curricular Guidance for ICS Security

    • Ida Ngambeki, Sean McBride, Jill Slay
    • 13:45 CT

    Program Walk-through

    Introduction

    • 14:05 CT

    Program 1

    Curriculum for the B.S. in Cybersecurity

    • Eric Chan-Tin
    • 14:10 CT

    Program 2

    The Educational Trifecta

    • 14:40 CT

    Paper Sessions: Interaction

    Introduction

    • 15:00 CT

    Paper 6

    Hands-on Educational Labs for Cyber Defense Competition Training

    • Animesh Pattanayak, Stu Steiner, Daniel Conte de Leo
    • 15:00 CT

    Paper 7

    A Vertically Integrated Pathway for Infusing Engineering Technicians with Industrial Cybersecurity Competencies

    • Sean McBride, Corey Schou, Jill Slay
    • 15:20 CT

    Break

    • 15:40 CT

    Course Walk-through: Group 2

    Introduction

    • 15:55 CT

    Course 4

    Cyber Warfare

    • Erik Fretheim
    • 16:00 CT

    Course 5

    Cybersecurity for Educational Leaders

    • 16:20 CT

    Course 6

    CSC229: Cybersecurity for Non-IT Majors

    • 16:40 CT
  • Tuesday

    Main

    Welcome

    Opening Remarks

    • 08:30 CT

    Keynote

    First Principles in Security

    • Rick Howard, Cyberwire
    • 8:40 CT

    Sponsor Spotlight

    • 9:20 CT

    Panel

    Building Cyber Teams

    • 9:25 CT

    Session

    Integrating Experiential Learning in Cyber Curriculum

    • Debbie Gordon
    • 10:10 CT

    Break

    • 10:40 CT

    Session

    The Need for Legal Education within a Cybersecurity Curriculum

    • 10:55 CT

    Lunch

    • 11:45 CT

    Highlight

    Awards

    • 12:40 CT

    Session

    PISCES Monitoring for the Public Sector

    • Mike Hamilton, Michael Tsikerdikis
    • 13:05 CT

    Session

    Information Sharing Networks

    • 13:55 CT

    Break

    • 14:35 CT

    Sponsor Spotlight

    • Costis Toregas
    • 14:45 CT

    Session

    Pandemic Impacts to the 2020 CyberForce Competition

    • 14:50 CT

    Panel

    How to Prepare Cybersecurity Competition Mentors / Coaches

    • 15:20 CT

    Session

    Inside the NCL with Doc and Dan

    • 15:50 CT

    Top Papers

    Session

    • 16:20 CT

    Top Paper 1

    DISSAV: A Dynamic, Interactive Stack-Smashing Attack Visualization Tool

    • Erik Akeyson, Harini Ramaprasad, Meera Sridhar
    • 16:20 CT

    Top Paper 2

    Galore: A Platform for Experiential Learning

    • Abhishek Parakh, Mahadevan Subramania
    • 16:40 CT

    Papers & Courses

    Paper Sessions: Education Theory

    Introduction

    • 9:25 CT

    Paper 8

    Cybersecurity Laboratory Education Research: A Lush Ecosystem or Elephant Graveyard?

    • Jason Pittman, Reilly Kobbe, Taylor Lynch, Helen Barker
    • 9:35 CT

    Paper 9

    Cybersecurity Education: A Mandate to Update

    • Vic Maconachy, Denise Kinsey
    • 9:55 CT

    Paper 10

    A Roadmap to overcoming the Challenges of Cyber Security and Forensics Education in the age of distance learning and the Covid-19 pandemic

    • Geoffrey Elliott, Mazhar Malik
    • 10:15 CT

    Paper Sessions: Tools

    Introduction

    • 10:35 CT

    Paper 11

    Intelligent Interaction Honeypots for Threat Hunting within the Internet of Things

    • Greg Surber, Morgan Zantua
    • 10:40 CT

    Paper 12

    On Teaching Malware Analysis on Latest Windows

    • Lan Luo, Cliff Zou, Sashank Narain, Xinwen Fu
    • 11:00 CT

    Paper 13

    Leveraging Browser-Based Virtual Machines to Teach Operating System Fundamentals

    • Matt Ruff, Nicklaus Giacobe
    • 11:20 CT

    Paper 14

    LUCID Network Monitoring and Visualization Application

    • Claude Turner, Dwight Richards, Rolston Jeremiah, Jie Yan, Ruth Agada
    • 11:40 CT

    Lunch

    • 12:00 CT

    Course Walk-through: Group 3

    Introduction

    • 13:00 CT

    Course 7

    Applied Cryptography

    • 13:05 CT

    Course 8

    SOC Operations Course

    • 13:25 CT

    Course 9

    A Cybersecurity Framework

    • Susan Tisdale
    • 13:45 CT

    Break

    • 14:05 CT

    Paper Sessions: Cyber Industry Analysis / Theory

    Introduction

    • 14:20 CT

    Paper 15

    Bridging the disconnect within Cybersecurity Workforce Supply Chain

    • Olatunji Osunji
    • 14:25 CT

    Paper 16

    Cyberwar and the Solarwinds Sunburst Hack: A Case of Technology, People, and Processes

    • Pratim Milton Datta
    • 14:45 CT

    Paper 17

    Healthcare in the Balance: A Consequence of Cybersecurity

    • Susan Helser
    • 15:05 CT

    Paper Sessions: Interactive

    Introduction

    • 15:25 CT

    Paper 18

    Providing A Hands-on Advanced Persistent Threat Learning Experience Through Ethical Hacking Labs

    • Yen-Hung Hu
    • 15:30 CT

    Paper 19

    Introducing Penetration Test with Case Study and Course Project in Cybersecurity Education

    • Xinli Wang, Yan Bai
    • 15:50 CT

    Paper 20

    A Study of Video Conferencing Software Risks and Mitigation Strategies

    • Yelena Arishina, Yen-Hung Hu, Mary Ann Hoppa
    • 16:10 CT

    Paper 21

    Design Hands-on Lab Exercises for Cyber-physical Systems Security Education

    • Hongmei Chi, Jinwei Liu, Weifeng Xu, Shonda Bernadin, Jon deGoicoechea
    • 16:30 CT
  • Wednesday

    Main

    Welcome

    Opening Remarks

    • 08:30 CT

    Keynote

    The Evolution of the Supply Chain and Cybersecurity: What the Next Generation of Practitioners Needs to Know

    • 8:40 CT

    Session

    Successful Cybersecurity Professionals

    • 9:25 CT

    Panel

    An IoT Testbed for Undergraduate Cybersecurity Students

    • 10:00 CT

    Break

    • 10:30 CT

    Session

    Mapping Low Cost and Open Source Lab to the NICE Workforce Framework and CAE KU's

    • 10:45 CT

    Panel

    Cybersecurity Lexicon

    • 11:15 CT

Josh Adkins

Jayson Berryhill

Co-founder

Wholechain

Jayson Berryhill is a partner and founder of Wholechain, a blockchain based traceability solution that enables trust, coordination, and transparency in fragmented supply chains. Wholechain was initially developed for food & agriculture supply chains, but is commodity and industry neutral with customers including Estee Lauder, Chicken of the Sea, Fair Trade USA, Topco Associates (largest grocery coop in the US) and many more. Wholechain is the winner of the Fish2.0 Award for supply chain innovation at Stanford's Center for Ocean Solutions and has been featured in Forbes, NASDAQ, Computer World, Progressive Grocer and Beauty Inc. Magazine.

Prior to founding Wholechain, Jayson worked for more than a decade in mobile technology developing digital innovations with organizations such as BSR (Business for Social Responsibility), XL Axiata, Unilever and the US Department of State. Jayson holds a BBA from the University of Texas at Arlington, an M-DIV from Baylor University and an MBA from Indiana University's Kelley School of Business.

Jane Blanken-Webb

Assistant Professor

Wilkes University

Jane Blanken-Webb is an Assistant Professor in the School of Education at Wilkes University, where she teaches in the Doctor of Education (Ed.D.) in Educational Leadership program. Prior to joining Wilkes University, she held postdoctoral positions at the University of Eastern Finland and the University of Illinois at Urbana-Champaign, where she worked at the Information Trust Institute. There, she led a cybersecurity grant funded initiative, Ethical Thinking in Cyber Space (EThiCS), that developed and taught a graduate-level cybersecurity ethics curriculum. Building upon this foundation, she partnered with cybersecurity experts to develop and teach a Cybersecurity for Educational Leaders course at Wilkes University. She holds a PhD in Philosophy of Education from the University of Illinois at Urbana-Champaign and her research has been published in numerous peer reviewed journals in the field of education and beyond.

Ethan Bodzin

Intelligence Research Specialist, Intelligence Analysis Branch

CISA Intel

Ethan Bodzin serves as a senior intelligence analyst within the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) Intelligence Division. An intelligence community veteran of 13 years with a background in cybersecurity and all-source intelligence operations, Mr. Bodzin brings a breadth of knowledge and expertise on threats to cyber and physical national critical infrastructure; identifying, analyzing, and mitigating the most critical risks facing the Nation.

Prior to joining CISA, Mr. Bodzin worked within The Texas A&M University System's Research Security Office, his work specializing in the foreign, non-traditional collection threat against the proprietary research and intellectual property of 11 universities and eight state agencies.

Mr. Bodzin spent 12 years in the United States Marine Corps, his career split between all-source intelligence analysis and counterintelligence and human intelligence collection. Throughout his military career, Mr. Bodzin's support crossed strategic, operational, and tactical-level boundaries with the goal of providing accurate, timely, and actionable intelligence to customers when and where required to ensure mission success.

Mr. Bodzin's previous roles include serving as the chief counterintelligence to force protection liaison officer for US Embassy Amman, managing direct action liaison for Joint Special Operations Task Force – Arabian Peninsula, Navy Special Warfare Unit Three, and producing actionable intelligence for Task Force 373.

A native of Chicago, Illinois, Mr. Bodzin is a decorated combat veteran whose private sector contributions aided the Texas A&M University System's 2017 and 2019 Award for Excellence in Counterintelligence for achieving extraordinary results in thwarting foreign-directed theft of US technology and the 2020 James S. Cogswell Award for Outstanding Industrial Security. Mr. Bodzin received his Bachelor's degree from Texas A&M University where he graduated as a National Security Agency P3I Cyber Scholar. He is undergoing his Master's degree from The National Intelligence University's School of Science and Technology Intelligence with concentrations in Emerging Technology and Geostrategic Resources and Weapons of Mass Destruction.

Debra Bowen

Assistant Professor and Co-Academic Program Director

National University

Dr. Bowen is an Assistant Professor and Co-Academic Program Director for the Bachelors of Science in Information Technology Management (BSITM) program in the Department of Engineering and Computing (DOEC) at National University. She is a veteran of the U.S. Air Force and Air National Guard. Dr. Bowen has over 20 years of experience in global technology and infrastructure project management in private industry. She joined National University in 2013. Currently Dr. Bowen is supporting the BSITM and the MS Cybersecurity programs.

Brandon Brown

Professor, Computer Science Technology

Coastline Community College

Steven Brown

Director of the University of the Cumberlands' PhD Program in Information Technology

University of the Cumberlands

Dr. Brown is the Director of the University of the Cumberlands' PhD program in information technology. The University has grown from its private Christian, Appalachian roots to a global University that provides opportunities for personal and professional growth with particular emphasis on meeting the educational and professional needs of diverse populations through a range of professional programs designed for success. In addition to developing an innovative, advanced curriculum and recruiting highly quali_ ed faculty, and his publications and presentations, Dr. Brown has mentored numerous dissertations in information techn ology, cybersecurity, networking, forensics, management, etc., even in music. His philosophy is that it is essential to expand knowledge in multiple research areas to improve one's unique area of expertise.

Dr. Brown's leadership and scholarship draw on a deep and diverse set of experiences acquired in decades developing Cybersecurity Masters / Doctoral programs, and participation in many governmental standard bodies such as the National Security Agency (NSA/DHS) Center of Academic Excellence in Information Assurance (CAEs) and National Initiative for Cybersecurity Education (NICE). He is the developer/creator of the CERTIFIED CYBERSECURITY BEHAVIORAL PROFESSIONAL (CCSPB) certification (ccsbp.org). When not working, Dr. Brown enjoys time with family, friends, and practicing Krav Maga at home in North Carolina.

William Butler

Chair of Cybersecurity Programs

Capitol Technology University

Bill Butler is Chair of Cybersecurity Programs at Capitol Technology University (Located in Laurel, Maryland). Bill has over thirty-five years of experience in public and private sectors as a security engineer and consultant. Bill served in the US Marine Corps Reserves and retired as a Colonel specializing in communications systems and security. Bill is an IEEE senior member and a Fulbright cyber specialist (Kosovo). Bill has extensive experience building standards-based courses, certificates, and cybersecurity, wireless, and cloud computing curricula. Bill holds degrees from Brenau University, US Army War College, National Defense University, the University of Maryland, and Capitol Technology University. In 2021 Bill was selected for the prestigious SC Media Leadership Award for Outstanding Educator for 2021. SC Media also recognized Capitol for the best cybersecurity program in 2020 and as a finalist in 2021. Bill was recognized for the faculty teaching award for 2020 and 2021 at Capitol. Bill holds a Doctor of Science in Cybersecurity, which focused on preserving cell phone privacy from the IMSI catcher threat (illegal cell towers). Bill is passionate about preparing underrepresented groups for STEM careers. Bill also volunteers for Team Rubicon in service to his community.

J. D. Chase

Professor, School of Computing and Information Sciences

Radford University

Dr. J. D. Chase is a Professor in the School of Computing and Information Sciences at Radford University. He received his Ph.D. from Virginia Tech in 1994. Prof. Chase's areas of specialization include Computer Science Education, Software Engineering, Cybersecurity and Human-Computer Interaction. His most recent research and teaching assignments have been in the areas of cybersecurity and game development, both as areas of study and as strategies in computer science education. Professor Chase has co-authored three computer science textbooks primarily covering CS 2 topics in Data Structures and Analysis of Algorithms as well as more than seventy scholarly publications including journal articles, conference proceedings, and books.

Dr. Chase has served as PI or Co-PI on a wide variety of grants including NSF ATE, NSF STEP, NSF CSEMS, NSA GenCyber, Commonwealth Cyber Initiative (CCI) and NSA MEPP. Professor Chase is a member of the Association for Computing Machinery (ACM), ODK, and UPE. He is also active in the ACM's Special Interest Group on Computer Science Education (SIGCSE).

Eric Chentin

Sam Chung

Professor & Dean of School of Technology and Computing

City University of Seattle

Dr. Sam Chung is a Professor, the Dean of School of Technology and Computing (STC) at City University of Seattle (CityU) in WA. He earned his Ph.D. in Computer Science from the University of South Florida in Tampa, Florida and has two MS degrees in Computer Science from George Washington University and the Korean Advanced Institute of Science and Technology. He graduated with a BS from the Department of Electronics/Computer Engineering at Kyungpook National University. Before joining CityU, Dr. Chung was a tenured full Professor and the Director of the School of Information Systems and Applied Technologies at Southern Illinois University (SIU) in Carbondale, IL. Before joining SIU, he was an Endowed Associate Professor of Information Systems and Information Security and a founder of the BS in Information Technology and Systems program at the University of Washington (UW), Tacoma. Dr. Chung also served as an Associate Director of Cyber-Physical Systems for the Center for Information Assurance and Cybersecurity (CIAC) at the UW. He joined the UW Tacoma in 2001. He was tenured and promoted to an Associate Professor at the UW Tacoma in 2007. Dr. Chung has led a research group in Smart and Secure Computing (SSC). His SSC research group focuses on making Cyber-Physical Systems (CPS) smart and secure by developing and using the Software Reengineering approach with emerging technologies such as Full-Stack Development. Dr. Chung has mentored many undergraduate and graduate students through his student-oriented research program. He was a Co-PI or PI of multiple funded projects from Amazon, NSF, KITECH, T-Mobile, etc.

Charles Clarke

Ryan Cloutier

President & Virtual Chief Information Security Officer (Various K12 districts accoss the U.S.)

SecurityStudio

Ryan Cloutier is the President of SecurityStudio, he is an experienced IT / Cyber Security professional with over 15 years of experience developing Cyber Security programs. Ryan is a virtual Chief Information Security Officer for K12 districts across the country and is Certified Information Systems Security Professional CISSP® and is proficient in cloud security, Dev-Ops, and Sec-Ops methodologies, security policy, process, audit, compliance, network security, and application security architecture. Ryan also co-hosts a weekly security podcast and is included on the top 100 most influential people in cybersecurity.

Deanne Cranford-Wesley

Director of the Cybersecurity

North Carolina Central University

Dr. Deanne Cranford-Wesley is the Director of the Cybersecurity at North Carolina Central University (NCCU); in this role she continues to oversee initiatives with the cybersecurity ecosystem, internal/ external partners and in the innovative cybersecurity lab at NCCU. She is the former Associate Dean of the Davis iTEC / Cyber Security Center at Forsyth Technical Community College where she directed the Center of Academic Excellence program designated by the National Security Agency. Dr. Cranford-Wesley is currently a member of the Executive Board for the NC TECH Association as well as member of the Executive Board for the Colloquium of Information System Security.

Dr. Cranford-Wesley was named Innovator of the Year by E-Council in December 2020. She is a cybersecurity professional and has appeared as a subject matter expert on WRAL, Fox8 and Time Warner News discussing innovations in cyber security, cyber-attacks and ransomware. Dr. Cranford-Wesley has vast experience in, curriculum design, grant writing, and program evaluation. She is also a published author. Dr. Cranford-Wesley has a PhD in Education Leadership. Furthermore, she has obtained the following certifications: IC3, Security +, Cisco Certified Network Professional (CCNP), Cisco Certified Network Associate (CCNA) and Cisco Certified Instructor (CCAI) during her career journey.

Paula deWitte

Professor of Practice in the Computer Science and Engineering Department

Texas A&M University

Paula S. deWitte, J.D., Ph.D,. P.E., is a Professor of Practice in the Computer Science and Engineering Department at Texas A&M University, College Station and the Maritime Business Administration Department at Texas A&M University, Galveston where she is building the maritime cybersecurity program. She teaches Cybersecurity Law, Cybersecurity Risk, and Marine Insurance Law. As well, she is an Adjunct Professor of Law at the Texas A&M University Law School, Fort Worth, and teaches courses in Enterprise Risk and Data Analytics as well as cybersecurity courses in their Cybersecurity Management Track within the Master of Jurisprudence program. She is a licensed attorney (Texas) and a registered patent attorney (USPTO). She holds a Bachelors and Masters from Purdue University where in 2015 she was honored as the Distinguished Alumna in the Department of Mathematics, School of Science. She earned her Ph.D. in Computer Science from Texas A&M University (1989) and a law degree from St. Mary's University (2008). She holds a patent on drilling fluids optimization [US Patent US 8812236 B1]. Her research interests are in the areas of cybersecurity law and policy, risk, and cyber-resilient systems especially in systems in the critical infrastructure including the supply chain.

Chris E2

NCSC

Barbara Endicott-Popovsky

Executive Director, Center for Information Assurance and Cybsersecurity

University of Washington

Information Assurance (IA), cybersecurity, digital forensics: Integrating experience in academia, industry and government, I apply a multi-disciplinary approach to research questions and curriculum development that address the unintended consequences of society's embrasure of pervasive, networked computing. I have investigated questions concerning: cybersecurity, cloud security, digital forensics, digital forensic-readiness, risk management, cybersecurity pedagogy, secure coding practices, legal and societal impacts, information warfare.

Erik Fretheim

Debbie Gordon

Sandra Gorka

Professor and Department Head of Information Technology

Pennsylvania College of Technology

Sandra Gorka is an associate professor and department head of information technology at Pennsylvania College of Technology in Williamsport, Pennsylvania. Gorka's primary teaching responsibilities lie within information assurance and cyber security and includes teaching courses such as auditing and cryptography as well as capstone courses in information assurance. Gorka is a member of ACM and has been a member of ACM SIGITE since its inception. She was a member of the committee responsible for completing the original Information Technology Volume (IT2008) of the Computing Curricula series. Since 2011, Gorka has been a volunteer for ABET and CSAB. She is currently an ABET Commission for the Computing Accreditation Commission of ABET and serves on the CSAB Board of Directors as Secretary/Treasurer. In 2014 she received a CSAB Certificate of Appreciation for exceeding expectations for service to computing accreditation. Recently, she was a Co-Pi for the National Science Foundation CyberCorps Capacity Building Grant entitled Improving the Pipeline: After-School Model for Preparing Information Assurance and Cyber Defense Professionals (Grant No. 1623525).

Mike Hamilton

Rick Howard

Nancy S. Jones

Presidential Appointee, MS / BS Cybersecurity Programs

National University

Dr. Nancy Jones is a Presidential Appointee at National University in the MS / BS Cybersecurity Programs. Previous positions include Coastline CC in California where she was a tenured faculty member in cybersecurity and then an Academic Dean before retiring and returning to her first love, teaching. She has worked on several NSA CAE and K-12 initiatives and now servers on the CAE National Competition team serving as the Southwest Regional Coordinator.

Amanda Joyce

Group Leader, Strategic Cybersecurity Analysis & Research

Argonne National Laboratory

Amanda Joyce has worked as a subject matter expert in cybersecurity since 2011. At Argonne National Laboratory, she provides expertise to DHS as an instructor of cybersecurity. She has lead and co-lead two strategic studies on remote access within industrial control systems and cloud technology (respectively) and written or assisted in 6 published articles.

Ali Khamesipour

Program Manager and Assistant Professor

City University of Seattle

Dr. Khamesipour is the Program Manager and an Assistant Professor at the School of Technology and Computing at the City University of Seattle. He completed his Ph.D. in Bioinformatics from the Department of Electrical and Computer Engineering at Southern Illinois University in August 2018. His previous role was the Director of R&D at HomeWAV, A Video Visitation Solution for Correctional Facilities. He has an M.Sc. in Biomedical Engineering from the Islamic University of Mashhad in Iran and a BSc. in Electronics and Electrical Engineering from the Islamic University of Tehran – Central Branch. His academic research interests are three folds: Bioinformatics, Healthcare / Clinical Informatics, and Bridging Industry-Academia.

Denise Kinsey

Dan Likarish

Director & Treasurer

The Colloquium for Information Systems Security Education

Dan Likarish is a professor emeritus in the Regis University Anderson College of Business and Computing. He was director of the Rocky Mountain CCDC for ten years while directing the Regis University Center on Information Assurance Studies. He was the PI on significant grants that enabled the Center to educate and train Colorado and the Rocky Mountain region's students, citizens and professionals. He currently leads a technology transfer team in efforts to commercialize the results of their research. His applied research interests are in the application of challenge learning principles to increase student's, citizen's, and societies' communities' awareness of cybersecurity risks. His publications are focused on social behavioral team members and leadership incident response during stable, critical and chaotic events. He is a CISSE board member and is the organization's treasurer serving on the leadership team.

William "Vic" Maconachy

President & Chairman

The Colloquium for Information Systems Security Education

Dr. Maconachy holds a PhD in education from The University of Maryland and has earned several certifications to include Two Professionalization Certifications from The NSA, and appointed a fellow of ISC2. Dr. Machonachy obtained Top Secret clearance while employed with the U.S. Navy and National Security Agency.

Dr. Maconachy is a co-founder and currently the Chairman of Colloquium for Information Systems Security Education. After retiring from federal service, Dr. Maconachy served as Vice President for Academic Affairs/Chief Academic Officer at Capitol Technology University. Dr. Maconachy served our nation by working at The National Security Agency where he held increasing responsibilities. While there he developed the National Centers of Academic Excellence in Information Assurance Education, and led the development of the first national education and training standards in what is now cybersecurity education. Prior to that he served as an education specialist for the United States Navy, developing technical training programs in the cryptology field. Dr. Maconachy taught in Prince George's County Public Schools, Maryland, and Allegany County Public Schools, Maryland.

Dr. Maconachy has over 30 publications and contributing authorships. Dr. Maconachy's, A Model for Information Assurance: An Integrated Approach, was used as a teaching model in several U.S. Military academies. His numerous awards include Department of Defense - Meritorious Service Award, and Secretary of Navy Commendation (for actions overseas).

Dan Manson

Professor Emeritus in Computer Information Systems (CIS)

California State Polytechnic University, Pomona

Dr. Dan Manson is Professor Emeritus in Computer Information Systems (CIS) at California State Polytechnic University, Pomona (Cal Poly Pomona). Dr. Manson led the effort for Cal Poly Pomona to be designated a National Center of Academic Excellence in Information Assurance Education in 2005, 2008 and 2014. From 2008 to 2017. Dr. Manson led the Western Regional Collegiate Cyber Defense Competition and since 2011 has partnered with schools in CyberPatriot. Dan has been Principal Investigator or co-Principal Investigator on six National Science Foundation grants to support workforce, curriculum and professional development in cyber security.

Dr. Manson is currently part of two NSA CAE Program Office grants that cover mapping competencies to competitions and developing K12 Cyber Pathways. For the K-12 Cyber Pathways grant Dan produces a webcast called K-12 CyberTalk. Dr. Manson currently teaches IS Audit for Cal Poly Pomona and Enterprise Security for UNLV.

Luke Martin

Isaac Martinez

Chief Information Officer and Director, G6

Army National Guard

Colonel Isaac B. Martinez began his military career as an ROTC cadet at the University of Northern Colorado (UNC) and earned his commission in May of 1996 as a Second Lieutenant in the Military Police Corps. His education includes, a Bachelor of Arts in Criminal Justice from UNC, a Masters of Education and Human Resources Studies from Colorado State University. His military education includes the Military Police Basic Course, Military Police Advance Course, US Combined Arms and Staff School, and Information Management Systems Manger Course. In 2017 he graduated from the US Army War College with a Master's degree in Strategic Studies. Colonel Martinez, currently serves as the Army National Guard (ARNG) Chief Information Officer (CIO) and Director of the Command, Control, Communications & Computers (C4) Systems Directorate. Colonel Martinez provides direction and guidance to align the ARNG Staff IT portfolio with the Director of Army National Guard strategic priorities. Isaac is charged with setting policy and synchronizing initiatives through coordination with the Army and Joint National Guard.

His early assignments included duties as a platoon leader for the 220th Military Police Company. His first call to action was leading a security detail at Columbine High School after the tragic shootings in 1999. Martinez next served as the Deputy Provost Marshal in Tazar, Hungary from 1999 to 2000, as part of Operation Joint Forge. Shortly after returning home, he led the Colorado Army National Guard's statewide force protection mission to establish airport security immediately following the Sept. 11th attacks in 2001. The following year, Martinez was chosen as The Adjutant General's Aide and just over a year later he assumed command of the 220th Military Police Company and deployed in support of OPERATION IRAQI FREEDOM. His unit was the first Colorado National Guard to support the war effort as part of Operation Iraqi Freedom in 2003. Upon his return, Captain Martinez was assigned as the 891st Troop Command Battalion Logistics Officer (S4). He was recalled to serve as the commander of the 220th MP Co in the aftermath of Hurricane Katrina and guided to New Orleans in 2005.

In 2010, Colonel Martinez was serving as the Executive Officer for the 193rd Military Police Battalion, when they mobilized in support of OPERATION ENDURING FREEDOM. After the deployment in 2012, he was chosen to represent the Colorado National Guard at the State of the State in Colorado's capitol as a special military attendee and personally recognized by Governor John Hicklenlooper. Colonel Martinez would later command the 193rd Military Police Battalion in 2013. Soon after taking command, he immediately was called to support the largest flood relief effort in Colorado history. After command, in Feb 2018, Colonel Martinez also supported response and recovery for the Colorado Department of Transportation Ransomware Cyber Attack. He served as the Liaison Officer to the Incident Command during a significant State cyber response force. Colonel Martinez has recently worked with Colorado Secretary of State with providing cyber security support during three separate Federal elections.

During his career, he earned numerous awards and decorations, most notably, Bronze Star Medal with 1 OLC, Meritorious Service Metal with 2 OLC, the Army Commendation Medal with 2 OLC, Air Force Commendation Medal, the OIF and OEF Campaign Medals. He has earned the Combat Action Badge, German Armed Forces Efficiency Badge and Order of the Marechaussee.

Colonel Martinez has been married to his wife Michelle for 18 years and they have two daughters Alexi and Jasmin. His family are avid baseball fans; they have visited 25 Major League Baseball stadiums in the last 10 years.

Tommy McDowell

Celerium's General Manager and thought leader

Celerium

Tommy McDowell is a seasoned leader in cyber threat intelligence, risk management, and information security who has helped private sector and governmental organizations transform their cybersecurity understanding and practices. As the General Manager of Celerium, McDowell leverages his nearly 20 years of experience, thought leadership and insight in cybersecurity and threat intelligence to help businesses and organizations defend their supply chains.

McDowell came to Celerium from the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC). During his tenure as vice president of intelligence, he overhauled the organization’s intel team and capabilities, significantly increasing intelligence sharing and member engagement. He also served as deputy director of the ISAO (Information Sharing and Analysis Organization) Standards Organization, providing strategic guidance and standards review.

Previously, McDowell was senior director of cyber threat intelligence at a global cybersecurity company. In this capacity, he worked to align security posture and business vision, addressed organizational risk through intelligence-led risk management strategies. He has also designed and evolved cyber security programs and practices for critical infrastructure including the development of standards for control systems security with the National Institute of Standards and Technology (NIST).

McDowell proudly served in the U.S. Army, and also held a position at NCIS.

He holds a Master of Arts degree in Criminal Justice and Psychology, a Master of Science in Computer Information Systems, and post graduate studies in Research Methods and Statistics.

Stephen Miller

Erik Moore

Editor-in-chief of The Journal of The Colloquium

The Colloquium for Information Systems Security Education

Erik Moore is the Editor-in-chief of The Journal of The Colloquium and Chair of the IFIP Working Group 11.8 that holds the World Information Security Education conference. He was a founding Co-Director of the Regis University CAE, the Colorado Front Range Center for Information Assurance Studies. His Ph.D. in Cybersecurity is from the University of Plymouth, UK. His research includes methods of enhancing cyber defense teams and operations. Currently he is the Executive Director of Academic Computing, at a large suburban school district north of Denver, Colorado where he oversees cybersecurity operations along with regional networks, field operations, and datacenters.

Chris Opp

Director of SMB Cybersecurity Solutions

Celerium

Chris Opp, Celerium's SMB Cybersecurity Solutions director, has served in the Air Guard as the Network Manager, Superintendent of the Regional Operations and Security Center (ROSC) managing security for around 40 air wings and their associated remote locations. Chris retired as an E8 (Senior Master Sergeant) after 23 total years of service. His past work experience includes IT Manager and Facility Security Officer at an aerospace and defense company, and, since 2006, Chris has taught IT and Cybersecurity bachelor's courses at higher education institutions. Chris holds a Master's degree in Information Systems and Cybersecurity and is 60% done with his Doctor of Information Technology Information Assurance and Cybersecurity (DIT).

Amar Patra

Yesem Peker

Associate Professor

Columbus State University

I received my B.S. degrees in Computer Engineering and Mathematics Departments from the Middle East Technical University in Ankara, Turkey. I also completed my M.S. in Mathematics in the same university. I received my Ph.D. in Mathematics from Indiana University, Bloomington, IN in the USA. I was fascinated by the beauty and power of mathematical thinking and the theories in mathematics during my undergraduate studies and drawn into applications of these theories in particular to information security in my graduate studies. My dissertation was on key exchange primitives -an area of cryptography where two users agree on a secret value over a public channel such as the Internet. My research focuses on designing cryptosystems whose security relies on hard problems that are different from the problems that the systems in use today rely on.

After completing my PhD I, I went on to teach Mathematics first at Pomona College in Claremont, CA, then at Randolph College, in Lynchburg, VA. I joined the TSYS School of Computer Science in the Spring of 2013. Teaching has always been a passion of mine. I feel that I finally have found the perfect place for me where I get to teach, do research on various applications of mathematical theories, and learn new things everyday!

Ron Pike

Associate Professor of Computer Information Systems

California State Polytechnic University, Pomona

Dr. Ronald Pike is an Associate Professor of Computer Information Systems at Cal Poly Pomona. He spent seventeen years in industry in both the high tech and aerospace industries before moving into academia and currently serves as Director of the Mitchell C. Hill Center for Digital Innovation at Cal Poly Pomona.

Dr. Pike's research and service interests revolve around engaging students in meaningful co-curricular and extra-curricular activities that are highly student directed and integrated with industry. He has published research on cybersecurity and the use of cloud computing as an empowering infrastructure in education. As director of the Mitchell C. Hill Center, Dr. Pike has worked with students to develop a Student-run Data Center and Security Operations Center devoted to developing and operating a modern hybrid-cloud-computing environment to serve education and research.

Joye Purser

Regional Director

CISA

Dr. Joye Purser serves as Regional Director for CISA Region 4 (AL, FL, GA, KY, MS, NC, SC and TN). In this role, she is responsible for the cyber, physical, and chemical security of the homeland in the Region 4 area of responsibility. She works with public sector partners such as state, local, tribal, and territorial governments as well as private-sector entities in the financial, sports, manufacturing, education, health, and other sectors essential to our nation's homeland security.

Prior to her role at CISA, Dr. Purser worked in the private sector at a global management consulting firm, advising the Centers for Disease Control on Continuity of Operations as well as Enterprise Risk Management activities, and with Harris County, Texas, on pandemic recovery operations. Before that, Dr. Purser was employed for nearly two decades in public service leadership positions at the Pentagon, White House, and as a congressional staffer. Her experience also includes stints at a research advocacy nonprofit and as a technical consultant for the Department of Energy. A native of Cochran, Georgia, Dr. Purser has a Bachelor of Sciences degree from Georgia Tech and a Doctorate in Biomedical Sciences from the University of Texas. She resides in Atlanta in the vicinity of CISA Region 4 headquarters.

Cheryl Resch

Chris Simpson

Director of the National University Center for Cybersecurity

National University

Chris Simpson is the Director of the National University Center for Cybersecurity and is the Academic Program Director for the Master of Science in Cybersecurity program at National University. He has developed innovative curriculum and labs in ethical hacking, pentesting, and incident response.

Chris retired from the U.S. Navy in October 2009 after 27 years of service. He has extensive experience as an Information Assurance Manager, including a tour as the Information Assurance Manager (IAM) for the Commander, Combined Forces Command Afghanistan.

Mr. Simpson holds a Bachelor of Sciences degree in Computer and Information Science (CIS) from the University of Maryland and a Master of Science degree in Information Security and Assurance from George Mason University. His certifications include Computer and Information Systems Security Professional (CISSP), GIAC Penetration Tester (GPEN), GIAC Python Coder (GPYC), GIAC Certified Detection Analyst (GCDA), Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK), Navy Master Training Specialist and the KM Institute Certified Knowledge Manager.

Nelbert "Doc" St. Clair

Professor of Cyber Defense

College of Coastal Georgia

Dr. Nelbert St. Clair, preferably known as "Doc", is the first and currently the only Professor of Cyber Defense at the College of Coastal Georgia. He started in June 2019 with the task to build a Cyber Defense program from the ground up. He is also the Director of the Coastal Cyber Center, a non-profit center aimed to provide IT services to non-profit and small businesses. Dr. St. Clair inspires students to begin a career in the field of Information Technology. He brings to the Cyber education world, 23 years of experience in leadership, security and military knowledge (National Guard including two deployments), 14 years in the private sector and 8 years working for the federal government. Dr. St. Clair's main focus is cybersecurity education, but he enjoys recruiting new students and partnering with local businesses, to provide cyber education and services to the community, with the help of his students. In his free time, he enjoys life with his wife, four daughters, and two grandchildren ("Little Man" Lucas and "Little Princess" Naomi).

Michael Stiber

Professor

University of Washington

Dr. Stiber received a BS in Computer Science and a BS in Electrical Engineering from Washington University, Saint Louis and his MS and PhD in Computer Science from the University of California, Los Angeles. He has held industry positions with McDonnell Douglas (St. Charles, Missouri), Texas Instruments (Dallas, Texas), Philips (Eindhoven, Netherlands), and the IBM Los Angeles Scientific Center. He was an Assistant Professor in the Department of Computer Science at the Hong Kong University of Science & Technology and a Research Assistant Professor in the Department of Molecular and Cell Biology at the University of California, Berkeley. Dr. Stiber is a frequent visitor to the Department of Biophysical Engineering at Osaka University (Japan). His research interests include: computational neuroscience, biocomputing, neuroinformatics, simulation, scientific computing, neural networks, scientific data management and visualization, autonomous systems, nonlinear dynamics, and complex systems.

M. Scott Sotebeer

Executive Management Consulting

Sotebeer Management Ventures, LLC and USA Strategics

Scott is the founder and CEO of Sotebeer Management Ventures, LLC and USA Strategics, a leadership and change management consulting company in the Greater Seattle, Washington area. His current engagements include providing subject matter expertise to Next Generation (NG)911 projects at Texas A&M, the University of Illinois Champagne-Urbana, and the University of Washington Applied Physics Cyber Security and Computer Science AI Modeling labs. He is the CFO and a managing member for Nodor Fresh LLC in California and is managing member of ADY Creations LLC in Nevada.

Gregory Surber

Associate Professor & Senior Principle Cybersecurity Engineer

City University of Seattle

Greg Surber has more than 20 years of experience in the cybersecurity field in both public and private industries. He has operated in environments governed by an intricate network of local, state, federal, and international policy, from large-scale educational systems spanning a dozen foreign countries to public utilities operating in multiple jurisdictions. His experience encompasses all aspects of cybersecurity from offensive and defensive techniques to regulatory compliance, system auditing, cyber risk management, and policy creation and enforcement. He received his Bachelor of Arts in Sociology / Criminology from the University of Oklahoma and his Master of Science in Cybersecurity from City University of Seattle. He currently holds Security+, CISSP, and Certified Ethical Hacker (CEH) certifications.

Susan Tisdale

Costis Toregas

National Cyber League

Jonathan Colby Trull

Senior Vice President of Customer Solutions

Qualys

Jonathan Trull is a longtime security practitioner and CISO with over 18 years of experience in the industry and is currently the Senior Vice President of Customer Solutions at Qualys. His career has spanned operational CISO and infosec roles with the State of Colorado, Qualys, and Optiv to running components of the Microsoft security business. Jonathan also led the Microsoft Detection and Response Team whose members responded to cyber security incidents around the globe ranging from cyber espionage initiated by nation-state actors to ransomware attacks. Jonathan also serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with the Cloud Security Alliance, Center for Internet Security, and IANS. He is also an adjunct faculty member at Carnegie Mellon University where he mentors and coaches those attending the CISO Executive Education Program. Jonathan is a frequent speaker at industry conferences such as BlackHat, RSA, and SANS and holds several industry certifications including the CISSP, OSCP, CCSP, and GCFA.

Michael Tsikerdikis

Prem Uppuluri

Nancy Willard

Samuel Williams

Student, majoring in Cybersecurity

Radford University

Sam Williams is a second-year undergraduate student at Radford University majoring in Cybersecurity. He has completed two grants regarding hacking IoT devices and a current grant regarding attacking Unmanned Aerial Systems. He is currently working for Radford University as a Cybersecurity Researcher. In addition, Sam has worked extensively with the Virginia Cyber Range located at Virginia Tech as a CTF challenge developer. Currently, he is the president of the Cyber Defense Club at Radford and is an avid participant in Capture the flag competitions and has been studying cybersecurity since he was 12. He served as a junior counselor for the Cybersecurity camp hosted by the FBI and Microsoft.

Morgan Zantua

Associate Professor & Information Security Program Director of School of Technology and Computing

City University of Seattle

Morgan Zantua, M.A., is an Associate Professor and the Information Security Program Director of School of Technology and Computing at City University of Seattle (CityU). She earned M.A. in Whole Systems Design Organization Systems Renewal Antioch University - Seattle and her B.S. degree in Communications from University of Illinois, Champaign-Urbana. She earned her CNSS Certificate in Information Security Risk Management from the University of Washington and holds a certificate in Business as An Agent of World Benefit (BAWB) from the Weatherhead School of Management at Case Western University in Cleveland, Ohio. She is the PI for the NCAE Cybersecurity High School Innovations grant and the DoD CySP Capacity Building Cybersecurity Career Retention Model.

David Zeichick

Assistant Professor Computer Science

Cal State Chico

Use the Case Study Methodology to Enhance Student Engagement and Learning

Jonathan Colby Trull

In this presentation, I will share my personal experiences (1) learning via the case study methodology as a student at Harvard Business School and (2) leveraging the case study methodology to coach students as they work to complete the Carnegie Mellon University's CISO Executive Education Program. I will also make the argument that the case study methodology is ideally suited for difficult topics like ethics, privacy, and strategy and risk management and provide best practices for getting started when using this teaching approach.

IAS492A/B: IAS Seminar

Sandra Gorka

Students enrolled in Pennsylvania College of Technology's Information Assurance and Cyber Security program are required to take a two one-credit course sequence called IAS Seminar during their final fall and spring enrolled in the program. The course was designed to be a transition from college to career and discusses topics related to that transition as well as current events. In the fall semester, students complete the typical college to career activities: building a resume and searching for jobs. Discussions include refining their resume, completing a job search, performing a gap analysis between their skills and job ads, then building a professional development plan to remediate those gaps. This activity facilitates selecting projects for a senior research project course during the following semester. In the spring semester, discussions focus on current events and their associated risks and impact to an organization including mitigations and current best practices for managing that risk. Spring course assignments also include building professional contacts, participating in professional development and helping others understand cybersecurity risks and mitigations.

CSC229: Cybersecurity for Non-IT Majors

Sandra Gorka

Cybersecurity for Non-IT Majors is an elective course that satisfies the technological literacy requirement at Pennsylvania College of Technology. The course strives to educate students to identify and understand the risks – to both themselves and the organizations they represent – associated with their actions. Topics are arranged in (mostly) standalone modules that include protecting confidentiality, integrity and availability; network and wireless security; social engineering; policy, legal issues and professionalism; risk and contingency planning. Each module discusses the risk associated with a given situation as well as the controls that can mitigate/reduce the risk. Each module answers the questions: Who cares? Who implements or manages the controls? What is protected? When and where can it be protected? How can it be protected? And Why is it important to protect? When students understand the rationale, they can better understand how their actions can impact themselves and the organizations they represent. This not only equips them to more effectively protect themselves and their employers, but also enables them to continue to adapt and evolve with the ever-changing IT security environment.

The Need for Legal Education within a Cybersecurity Curriculum

Paula deWitte

Anecdotally, most cybersecurity curricula is based on the technical aspects of protecting, defending, and responding to cyber attacks. While these courses establish a solid foundation in the technical aspects of cybersecurity, what is often missing is establishing a foundation in cybersecurity law. Every individual who puts their hands on a keyboard operates within an uncertain ethical and legal framework. What we do not need is the type of education to produce more lawyers, but rather the type of education to produce more legal-savvy technical workers. Technical workers, whether they are employed directly in cybersecurity work roles, are exposed to more personal information as well as intellectual property – both primary targets in cyber attacks. As well, they are expected to protect critical infrastructure and design with security “built in.” Yet, we do a poor job teaching the legal requirements as well as limitations imposed by law on building in privacy protections.

For the past four years, the speaker has taught Cybersecurity Law & Policy to several hundred computer science and engineering students as well as those from business, architecture, technology management, and government policy. I began this course by conducting a data analytics exercise on the NIST NICE Framework to determine what work roles require legal training. The results were quite surprising as even very technical roles such as Threat Analysis and System Architecture require knowledge of laws, policies, and ethics as they relate to cybersecurity and privacy as well as knowledge of investigations. The feedback from graduating students who take on cybersecurity roles is that they are uniquely qualified to understand the necessity of compliance within their respective roles.

This presentation will discuss the basis for legal education as well as a roadmap for how to incorporate such legal education within a cybersecurity curriculum to build the workforce necessary for the current cybersecurity environment.

How to Prepare Cybersecurity Competition Mentors / Coaches

Nancy S. Jones, Chris Simpson, Debra Bowen

Preparing students to participate in cyber competitions has been a challenge. Adding to this is the problem of how to find, select and train mentors and coaches to prepare these cyber teams. National University, a recipient of a NSA Institutional Capacity Building Grant, designed a Mentor / Coach training program that is delivered through the Canvas Free For Teachers LMS to provide training that prepares mentors and coaches at the 7-12 grade and community college levels that may not be discipline experts, to prepare teams for the SoCal Cyber Cup Challenge. The SoCal Cyber Cup Challenge is a cybersecurity competition with teams from five Southern California counties who compete at the Junior/Senior High School or community college levels. This presentation shares information about the recruiting of mentors and coaches as well as an overview of the LMS training materials that was developed to share with other institutions nationally.

Applied Cryptography

Yesem Peker

Teaching cryptography is challenging as it relies on some very involved mathematical theories. In this walkthrough I'd like to share my current syllabus and activities for the Applied Cryptography course that I have been teaching for 7 years now. The course has evolved significantly from the first time I taught it. I believe the current version has the most effective course content and activities for students who do not have the mathematical background required to understand the theory behind cryptographic schemes. The course covers the basic mathematical concepts such as modular arithmetic and focuses on the cryptographic mechanisms that are used to protect computer networks and data.

The Evolution of the Supply Chain and Cybersecurity: What the Next Generation of Practitioners Needs to Know

Tommy McDowell, General Manager at Celerium

The supply chain represents a massive attack surface for attackers given the ability to leverage one vulnerability at one company to impact hundreds or thousands of others. For several decades, supply chain management was focused on cost optimization via practices such as just-in-time inventory management. But today, several forces are impacting supply chain management. One of those forces, the evolving and increasing ransomware threats, is pushing supply chain cybersecurity in new directions. What does this mean for the next generation of cyber practitioners?

This presentation will cover:

  • The emerging forces that are reshaping supply chain cyber risk management
  • The shift from general cybersecurity to a specific focus on ransomware
  • How government is working to address supply chain cybersecurity in key industries through compliance programs, such as the Cybersecurity Maturity Model Certification (CMMC) program in development by the U.S. Department of Defense

High School Cybersecurity? Challenge Accepted - Radford University's RUSecure CTF Contest for High School Students

Joe Chase, Prem Uppuluri

Given the demand for Cybersecurity workforce, the goal of the RUSecure project at Radford University is to increase the pipeline of students who plan to pursue Computer Science/IT as a major with Cybersecurity as their focus. We identified a variety of challenges to the introduction of Cybersecurity topics in high school including lack of qualified teachers, limited number of students motivated to study IT topics, large number of prerequisite topics and scarcity of computing resources required for such topics. For example, in the 20 school districts we surveyed in the state, there was not a single teacher with the skillset to offer a Cybersecurity course. Even an introductory Cybersecurity course requires students to have a wide array of foundational knowledge in topics such as networks. Hence, Cybersecurity programs in schools/colleges are multisemester efforts where the first couple of semesters focus on the foundations – thus only drawing motivated students as it takes multiple semesters before students work on security problems. In response to these challenges, we developed a strategy that is exciting, rigorous and easy to adapt for high school students. This strategy employs active learning in the form of capture-the-flag (CTF) contests to drive learning. Teams of three to five students work on security challenges while competing with teams from around the state, region, and Nation. Foundational knowledge is introduced on a just-in-time basis. This paper describes these contests and their effectiveness.

Using Complexity Theory to Identify K-12+ Pedagogical Misalignment With a Security Mindset

Holly Hanna, Jane Blanken-Webb

The current state of growing connectivity in society calls for a security mindset for K-12+ populations. A security mindset offers an important approach to support security and can usefully be understood through the lens of complexity theory. Complexity theory also provides a helpful framework for approaching a potential paradigm shift in K-12+ education systems to support a security mindset. This paper brings awareness to examples of some of the most prominent, traditional educational practices and frameworks that stand in conflict with the cultivation of a security mindset. These include: rigid, prescriptive curricula; binary thinking, compliance, and standardized assessments; and disciplinary constraints.

Cyber as a second language? A challenge facing cybersecurity education

Ben Scott, Raina Mason

Cybersecurity pedagogical approaches do not address the challenges faced by students with English as an additional language (EAL). Despite EAL students representing a critical labour force for this important global and multidisciplinary industry, there lacks both research and cohesive solutions to address this issue. Via student interviews and semi-thematic analysis, this paper demonstrates that EAL cybersecurity students express challenges with aspects of cybersecurity content. Secondly, it is shown that predominant cybersecurity education bodies of knowledge and frameworks do not address challenges faced by EAL cybersecurity students.

Adapting Process-Oriented Guided Inquiry Learning (POGIL) for Online Teaching in Cybersecurity: Challenges and Recommendations

Yuming He, Wu He, Lida Xu, Xin Tian, Xiaohong Yuan, Li Yang, Jennifer Ellis

The COVID-19 pandemic has required many educators to offer online courses. Given the evidence of the effectiveness of the Process-Oriented Guided Inquiry Learning (POGIL), many educators are interested in implementing POGIL in online environments. This paper first discusses the challenges of using the POGIL approach to teach courses, including face-to-face and online courses. Then we share our experience and our approach in adapting POGIL for teaching cybersecurity topics via the Zoom platform in the online environment. Recommendations for overcoming some of these challenges in leveraging POGIL for online teaching are provided.

Knowledge Gaps in Curricular Guidance for ICS Security

Ida Ngambeki, Sean McBride, Jill Slay

Industrial Control Systems are an essential mechanism to manage complex computer systems necessary for modern life. These include everything from water treatment and transportation to energy systems and manufacturing. These systems are becoming increasingly integrated and more complex, and they are being used to manage even more of the elements that make our everyday lives possible. They are therefore becoming both more attractive to cyber criminals and more vulnerable to cyber-attacks. More attention needs to be paid to increasing resources and capability in industrial cybersecurity (ICSS). A major element of this is to significantly improve both the quality and availability of education in this area. The process of development of these educational initiatives is aided by curriculum guidance documents. Of necessity ICSS has largely evolved in industrial settings. This exploratory study examines the curricular guidance available for ICSS research and compares it to industry requirements to identify gaps in curricular guidance. Specifically, this paper looks at the three leading guiding documents, the NICE Cybersecurity Workforce Framework, the Joint Task Force on Cybersecurity Education curriculum guidance, and the NSA CAE knowledge units. These are then compared to requirements identified from ICSS related job postings. We found that the primary cybersecurity curriculum guidance documents do not sufficiently address industry requirements for ICSS.

Hands-on Educational Labs for Cyber Defense Competition Training

Animesh Pattanayak, Stu Steiner, Daniel Conte de Leo

Cyber Defense Competitions provide students with challenging, hands-on, fun, and close to real world opportunities to learn, practice, and perform tasks that they will be expected to complete as cybersecurity professionals. The current availability of training resources focused on Cyber Defense Competitions is limited. We introduce CYOTEE: CYbersecurity Oriented Training Environment and Exercises. CYOTEE provides a set of nine fully modifiable and freely available hands-on laboratory activities intended to help students gain skills needed to be successful at Cyber Defense Competitions. This article provides details for two of those hands-on labs: (1) Linux Hardening and (2) Windows Active Directory Hardening. CYOTEE lab descriptions and setup scripts may be found on the GitHub repository.

A Vertically Integrated Pathway for Infusing Engineering Technicians with Industrial Cybersecurity Competencies

Sean McBride, Corey Schou, Jill Slay

This paper describes an effort to establish a vertically integrated pathway to identify and develop industrial control systems cybersecurity talent that extends from middle school to graduate degrees, leveraging the unique strengths of career and technical education. Educators and administrators seeking to ignite student interest in cybersecurity at a young age, and to provide a clear curriculum pathway to meet employer needs in the field of industrial cybersecurity may find this effort of use.

Cybersecurity Laboratory Education Research: A Lush Ecosystem or Elephant Graveyard?

Jason Pittman, Reilly Kobbe, Taylor Lynch, Helen Barker

Is cybersecurity laboratory education research a lush ecosystem or an elephant graveyard? The value of such a question cuts to the health of a research field. Further, the health of a research field stems from the lineage of work extending into the past and present. In other words, mature and robust fields of knowledge exhibit interlinked research with dense pockets of follow-up. In contrast, nascent or limited fields lack such linking or association measurable by the frequency of new research extended results. These interlinks and associations are indeed quantifiable through the meta-study of bibliometrics. In fact, prior research discovered that only thirty percent of computer science research- a strongly related field- are extended after publication. However, no work to date has examined cybersecurity laboratory education for the same phenomenon. To that end, this work evaluated 400 articles with the goal of ascertaining to what degree three operationalized follow-up categories occur in the literature. The results indicate 62.5% of articles do not extend existing research. The conclusions and recommendations included at the end of this work offer potential insights into why cybersecurity laboratory education literature exists in such a state.

Cybersecurity Education: A Mandate to Update

Vic Maconachy, Denise Kinsey

Recent cyber events within the U. S. cyber ecosystem present the alarming fact that attacks with both denial of service and kinetic consequences are now prevalent in non-governmental systems. This paper examines the need to expand studies of cyber and other warfare modalities into the cybersecurity curricula now being taught in American universities.

A Roadmap to overcoming the Challenges of Cyber Security and Forensics Education in the age of distance learning and the Covid-19 pandemic

Geoffrey Elliott, Mazhar Malik

This paper focuses on developing a pedagogic roadmap to overcoming the challenges of delivering cyber security and forensics education in colleges and universities through distance learning during the Covid-19 pandemic. The research in this paper identifies the challenges associated with distance learning, teaching and assessment in the Sultan of Oman. The research evidence was gathered through educational practice at the Global College of Engineering and Technology (GCET), in the Sultanate Oman; and this research and pedagogic reflection acts as a case study for developing the pedagogic roadmap. The validation of evidence for the strategies suggested, and outcomes revealed and used at GCET, is through student feedback and questionnaires and satisfaction surveys. The adopted strategies enabled students to continue their learning during the pandemic. The strategies are validated with student satisfaction survey results, independently conducted by the college, which cover teaching and learning methods, assessment strategies, and overall satisfaction.

Intelligent Interaction Honeypots for Threat Hunting within the Internet of Things

Greg Surber, Morgan Zantua

As the Internet of Things (IoT) grows exponentially, security is falling farther and farther behind. Several new initiatives show promise for expanding the privacy and security around these devices in the future. But what about the billions of devices already out there in the wild? Security researchers are responsible for developing the tools and procedures for discovering these devices quickly, understanding the risks they bring with them, and developing tools to mitigate those risks to more manageable levels. Honeypots and honeynets have traditionally supported this work in traditional IT. However, the challenges faced by the highly distributed, incredibly heterogeneous Internet of Things make deploying such tools difficult and costly. Recent research in honeypot architectures explicitly designed for the chaotic nature of the IoT ecosystem brings a new sense of hope that may lead to significant improvements in IoT security. There is still much work to do, but research continues. IoT cybersecurity experts and threat hunters are developing strategies for securing this new frontier of technology. This study will lay the foundations for an intelligent and highly interactive honeypot solution that can scale with the researchers' requirements, providing a much-needed framework for deploying targeted IoT honeypots.

On Teaching Malware Analysis on Latest Windows

Lan Luo, Cliff Zou, Sashank Narain, Xinwen Fu

Microsoft Windows operating systems are the most popular desktop operating systems. 83% of malware attacks target Windows. Windows 10 has a market share of 78.45% out of all Windows versions on market. However, we find security related courses are often taught on Linux or run on older Windows versions. In this paper, we present our practice of teaching malware analysis on the latest Windows (10). We are among the first using the latest Windows (10) for teaching malware analysis. We design the labs and assignments on the pre-configured Windows 10 VM supplemented by the Kali VM. A virtual Cyber Range is created for students to access the two VMs over a cloud. We present our curriculum and learning assessment scheme. Our practice has been validated through surveys on both face-to-face and online classes.

Leveraging Browser-Based Virtual Machines to Teach Operating System Fundamentals

Matt Ruff, Nicklaus Giacobe

This paper presents and demonstrates the use of JavaScript-based operating system interfaces to overcome the limitations of teaching the Linux Operating system. Many of the typical solutions currently in practice are reviewed, such as Type I and II hypervisors, as well as vendor-specific cybersecurity lab ranges. These solutions typically have various problems for academic institutions, such as cost, hardware, ease-of-use, or a mixture of these. This implementation requires no hardware or infrastructure for students besides an Internet-connected device. As such, these labs can be run on a mobile phone, tablet, or computer. With this in mind, the authors detail the usage of Browser-Based Virtual Machines (BBVM). With very little physical infrastructure, programming, and systems administration, an educational institution at any level may implement cybersecurity lab in such an environment. Our examples focus on addressing learning the Linux command line, introducing different Linux commands, and deepen students' understanding of the Linux operating system itself. Problems of cost, ease-of-use, access, configuration, repeatability, assessment, academic integrity/cheating, and other similar constraints are addressed using our polymorphic system design in combination with the browser-based virtual machine environment. Lastly, we include a step-by-step procedure to implement BBVMs and show use-cases for cybersecurity education.

LUCID Network Monitoring and Visualization Application

Claude Turner, Dwight Richards, Rolston Jeremiah, Jie Yan, Ruth Agada

This work presents LUCID Network Monitoring and Visualization Application (LNMVA), a comprehensive visualization software application for cyber security visualization. The application consists of five component types: components for monitoring network traffic, components for reporting various network messages, data storage components plus a visualization component and an automated animation reporting component. LNMVA can serve as an aid in teaching complex concepts in cybersecurity or to visually demonstrate active security events on a network to an audience or participants in the classroom or cyber defense competitions at near real-time speed. Its flexibility enables it to visualize different kinds of cybersecurity concepts, protocols and ideas. LNMVA is a sub-system of LUCID, a visualization and broadcasting system that aims to improve understanding and sense-making to participants or an audience. The system is targeted to intermediary or expert users engaged in cyber security exercises. Preliminary results from subject testing show that LNMVA with embodied virtual commentator provided an engaging environment to improve participants.

Bridging the disconnect within Cybersecurity Workforce Supply Chain

Olatunji Osunji

Within the Cybersecurity workforce supply chain, there continues to be a disconnect between the undergraduate curriculum and industry skill demand. The cybersecurity workforce framework of the National Initiative for Cybersecurity Education can serve as one of the tools to bridge this disconnect. Borrowing from the learnings in the training of students in medical school, this paper performs a qualitative literature review on some of the existing efforts to develop the cybersecurity workforce. By exploring the integration of the cybersecurity workforce framework and the curriculum guideline of the Joint Task Force on Cybersecurity Education, it recommends the introduction of Entrustable Professional Activities and mandatory apprenticeship as part of the curriculum guideline. The Entrustable Professional Activities could be based on workforce tasks defined by NICE and cybersecurity graduates will be expected to demonstrate capability to perform those activities. Industry participation is required across all levels of the supply chain.

Cyberwar and the Solarwinds Sunburst Hack: A Case of Technology, People, and Processes

Pratim Milton Datta

The connected world economy, compounded by the COVID-19 pandemic, has forced countries, companies, and organizations to pivot to digitally transforming their operations. Sophisticated, state-sponsored perpetrators have seized this forced pivot to lay the groundwork for Cyberwarfare with Advanced Persistent Threats (APT). Using the 2020 Solarwinds' Orion Sunburst hack campaign, this research uses a grounded case-study approach to highlight the facets of the Sunburst cyberwarfare campaign. The Sunburst hack prompted organizations to immediately assume technical solutions. Among them, organizations are quick to isolate infected assets and patch infected systems. However, findings suggest that cyberwarfare underscores the need for revisiting organizational processes, culture, and paradigms that are capitalized and leveraged by state-sponsored perpetrators.

Healthcare in the Balance: A Consequence of Cybersecurity

Susan Helser

The mandate for cybersecurity crosses disciplines. The deficit in the number of cybersecurity professionals required to fill current and future positions represents a growing challenge. Cybersecurity readiness presents significant ever-changing issues with possible long-term or perhaps life-threatening consequences. Cybersecurity experts who possess critical knowledge in another field such as healthcare where a combined or blended understanding of key information is integral to the industry are in short supply. In healthcare as is the case in a host of other sectors not only is it necessary that systems and data are protected, but the business must be compliant with existing law as well. It is imperative that action be taken to address the problem in order not to limit access to healthcare. The focus of this research is to study the serious shortage of cybersecurity professionals in the field of healthcare, the impact that this issue has on the availability of healthcare, and to suggest a solution that could provide immediate relief.

Providing A Hands-on Advanced Persistent Threat Learning Experience Through Ethical Hacking Labs

Yen-Hung Hu

Advanced persistent threats are causing several serious cybersecurity events due to their highly stealthy characteristics, advanced technology and tools, and complicated attacking strategies, making them an imminent challenge to cybersecurity professionals. To conquer such a challenge, a thorough and dedicated defense plan must be addressed, and we believe engaging advanced persistent threat learning experiences to computer science and cybersecurity students in the early stages of their college education will be the most important part of the plan. Since there is a lack of promising approaches for engaging students in learning of advanced persistent threats, it is now an emerging issue for cybersecurity educators and researchers to investigate and develop doable and affordable advanced persistent threat learning platforms. Hands-on learning has been adopted by several fields and demonstrated promising performance improvements in the learners. Therefore, integrating hands-on learning knowledge and experiences in advanced persistent threat training for computer science and cybersecurity students will be a potential solution for mitigating such an issue. In this research, we recognize the importance of improving students' learning of advanced persistent threats. To develop a learning platform for students to learn the knowledge, skills, and abilities of advanced persistent threats, we adopt the NDG ethical hacking lab series with appropriate supplemental lectures to each stage of the lifecycle of an advanced persistent threat. We ensure our model could comply with the required knowledge units listed on NICE Cybersecurity Workforce Framework. Students are expected to connect their advanced persistent threat learning experiences to real world cybercrime cases once they have successfully completed the learning process.

Introducing Penetration Test with Case Study and Course Project in Cybersecurity Education

Xinli Wang, Yan Bai

Teaching college students ethical hacking skills is considered a necessary component of a computer security curriculum and an effective method for teaching defensive techniques. However, there is a shortage of textbooks and technical papers that describe the teaching materials and implementation of penetration testing techniques for hands-on exercises. In our teaching practice, we have been using case studies and course projects as a means to help students learn the fundamental concepts of, primary techniques and commonly used tools for penetration testing. We think this is a beneficiary complement of a cybersecurity course that is taught with a defensive approach. Through these activities, students have gained hands-on experience and developed their ethical hacking skills. Feedback from them is positive and student learning outcomes are promising. In this paper, we describe the principles of developing and implementing case studies and course projects along with associated considerations for specified educational objectives when introducing penetration test. An example case study and course project that we have been used in our courses are described to explain the major design ideas and activities to complete them. Experience, lessons and the feedback from students are discussed. Our results will provide a good point of reference for those educators who teach a cybersecurity course at a college or university and would like to offer an introduction to ethical hacking. This work can also be a reference for a college that wants to integrate penetration testing into its cybersecurity curriculum.

A Study of Video Conferencing Software Risks and Mitigation Strategies

Yelena Arishina, Yen-Hung Hu, Mary Ann Hoppa

Due to the recent pandemic, video conferencing platforms – once niche products aimed at limited communities – have become a pervasive way of conducting business and sustaining social connections on a global scale. This project explored cybersecurity vulnerabilities and risks faced by these platforms – their data, their hardware, and the information exchanged during virtual meetings – and explains some ways these issues can be mitigated. Published research was compiled and analyzed to uncover general risks, vulnerabilities and security measures. Then three popular platforms – Zoom, Skype and GoToMeeting – were subjected to closer scrutiny. Findings show that platform vendors, business organizations, education institutions and end users all bear responsibility to train themselves and their constituents on specific cybersecurity steps to enhance video conferencing security. Targeted recommendations are shared, along with some opportunities to build upon this research in the future.

Design Hands-on Lab Exercises for Cyber-physical Systems Security Education

Hongmei Chi, Jinwei Liu, Weifeng Xu, Shonda Bernadin, Jon deGoicoechea

The integration of cyber-physical systems (CPS) has been extremely advantageous to society, it emerges the attention of cybersecurity for vehicles as a timely concern as a matter of public and individual. The failure of any vehicle system could have a serious impact on vehicle control and cause undesired consequences. With the growing demand for security in CPS, there are few hands-on labs/modules available for training current students, future engineers, or IT professionals to understand cybersecurity in CPS. This study describes the execution of a free security testbed to replicate a vehicle's network system and the implementation of this testbed via hands-on lab designed to introduce concepts of vehicle control systems. The hands-on lab simulates insider threat scenarios where students had to use can-utils toolkits and SavvyCAN to send, modify, and capture the network packet and exploit the system vulnerability threats such as replay attacks and fuzzing attacks on the vehicle system. We conducted a case study with 21 university-level students, and all students completed the hands-on lab, pretest, posttest, and a satisfaction survey as part of a non-graded class assignment. Results showed that most students were not familiar with cyberphysical systems and vehicle control systems and never had the chance to do any hands-on lab in this field before. Furthermore, students reported that the hands-on lab helped them learn about CAN-bus and rated high scores for enjoyment. We discussed the design of an affordable tool to teach about vehicle control systems and proposed directions for future work.

DISSAV: A Dynamic, Interactive Stack-Smashing Attack Visualization Tool

Erik Akeyson, Harini Ramaprasad, Meera Sridhar

This paper describes DISSAV: Dynamic Interactive Stack Smashing Attack Visualization, a program visualization tool for teaching stack smashing attacks. DISSAV is a web-based application built with ReactJS. DISSAV provides a simulated attack scenario that guides the user through a three-part stack smashing attack. Our tool allows the user to create a program, construct a payload for it, and execute the program to simulate an attack scenario. We aim to improve student learning of advanced cyber security topics, more specifically, stack smashing attacks, by increasing student engagement and interaction. We incorpo rate previously researched techniques of Program Visualization tools such as dynamic user input and interactive views to achieve these goals.

Galore: A Platform for Experiential Learning

Abhishek Parakh, Mahadevan Subramania

The use of customizable learning objects in multiple different formats such as visual, auditory, text, interactive widgets and newly defined learning objects called gamelets have a potential to tremendously enhance experiential learning. A parameterized environment, called Galore, that integrates such learning objects into a seamless experience based on student learning styles and preferences for teaching difficult counter and intuitive concepts in quantum communications is described. Index Terms—Learning objects, gamelets, experiential learning, quantum computing, quantum cryptography.



Last modified on Monday, 04 October 2021 09:00

The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

As a 501(c)(3), CISSE relies on member support. If you value our mission of service, please consider making a donation.

Donate Today

Recent Posts