Teaching Network Security - Lessons Learned
Homeland Defense and Security Education Summit
February 27 &28, 2007
Margaret Leary
Associate Professor
Northern Virginia Community College
Information Systems Technology
Alexandria Campus
[email protected]
http://www.nvcc.edu/home/mleary
Program History
– NVCC planning began and grant was funded in 1999
• Network security courses developed and prototyped - Fall 2000
• Industry asked to validate requirements - Fall 2001
• Certificate offered at two (out of five) campuses - Fall 2001
– CyberWATCH (Cybersecurity: Washington Area Technician
and Consortium Headquarters) established and funded by
NSF from 2005 through 2009.
• Development of IST Network Security Degree Program – Fall 2006
• Curriculum mapping to NSTISSI 4011 standards – Spring 2007
Program Approach
– Tailored to industry needs
•
•
•
•
•
Vendor neutral
Concepts/theory supplemented with hands-on lab exercises
Assume students have networking and TCP/IP foundations
Offered alternatively in on-line and hybrid formats
Network Security Program - “not an ethical hacking program”
Network Security
– Network security curriculum
•
•
•
•
•
•
•
•
ITN260 - Network Security Basics
ITN261 - Network Attacks, Computer Crime and Hacking
ITN262 - Network Communication, Security and Authentication
ITN 263 - Internet/Intranet Firewalls and E-Commerce Security
ITN266 - Network Security Layers
ITN267 – Cyberlaw
ITN293 - Studies in Network Security (Capstone)
ITN 295 – Topics In Network Security
Network Security Labs
– Challenges
• Funding – initial investment per lab of $100,000 (not including
labor)
– Containment versus need to explore security tools necessitates
more costly lab setups and is more complex to support
– Lab support –setup, prep time, and support requires dedicated
personnel
• No student skill baseline
– Home Labs for on-line learners
• Adjuncts versus full-time faculty issues
• Educate IT staff on requirements and security mitigations
Faculty Training
– Faculty skills
• Faculty must be qualified. Vetting program may be necessary
• Practitioner-based versus concepts and theory. Requiring past
experience
• Leverage adjuncts working in the field
• Professional Development Initiative - $165K in last 2 years
• Faculty externships and relevant work industry work efforts
– CyberWATCH faculty development
• Training at partner institutions
• Graduate certificate programs
• CISSP certification training and exam funding
Establish Industry & Academic Partners
– Resource funding, advising, and program support
•
•
•
•
•
•
CyberWATCH consortium partnership – resource sharing
Montgomery College Virtual Lab
Assistance with course mapping (NSA)
Free to lowered costs for faculty skills updating and education
Numerous internship opportunities for students
Externship opportunities for faculty
Curriculum Consistency
All Five Campuses
– Mapping to NSA 4011 standards
(www.nvcc.edu/cyberwatch)
• Develop mapping matrices of Course Content Summaries to
Adopted Texts and perform gap analyses
• Provide central repository for course resources and discussions
among faculty
• Provide sample syllabi to faculty
• Provide guidance to faculty on managing student expectations
Moving Forward
– Developing labs and case studies for partners
• Conduct aggressive awareness (marketing) campaign to area
businesses and students
• Work with 4-year institutions to develop articulation agreements
• Create Virtual Lab at NVCC and strengthen online/hybrid course
offerings