Broadening the Path to the STEM Profession
through Cybersecurity Learning
- Another Perspective
Xiangyang Li
Johns Hopkins University Information Security Institute
(JHUISI)
Cybersecurity+ Liberal Arts Workshop, June 1-2, 2017, Charleston
Outline
Unique Challenges to Cybersecurity Education
– Offering Rounded Cybersecurity Education
– Chasing Talents in Liberal Arts Majors
Our Approach and Solutions
– Designing Broad Educational Paths
– Developing Experiential Learning Modules
– Developing General Education Modules
Developing Educational Materials
– Experimenting Topics
June 1-2, 2017
1
Gaps in Raising Cybersecurity Talents
Quantity
– Well-documented shortage numbers
Quality and Diversity
– Technical Proficiency
– Ethical, Privacy, Legal, Political, Management, etc.
– Human Aspects
– Cyber physical systems and IoT
– NSF SaTC Program
June 1-2, 2017
2
Efforts
NSA/DHS Center for Academic Excellence in
Information Assurance
Different Cybersecurity Educational Programs
and Tracks
Different Courses
June 1-2, 2017
3
Master of Science in Security
Informatics (MSSI) at Hopkins
Technology & Research
Track
 5 Technology : at least 4
Core courses and 1
Cryptography;
 3 Core
Policy/Health/Manageme
nt: at least 1 Policy and 1
management;
 Two additional courses;
 One Capstone Project.
June 1-2, 2017
Policy & Management
Track
 3 Technology: at least 2
Core courses and 1
Cryptography;
 5 Core/Foundational
Policy/Health/Manageme
nt: at least one from each
category;
 Two additional courses;
 One Capstone Project.
4
MSSI Technology Courses
 EN.601.642 Modern Cryptography
 EN.601.643 Security and Privacy in
Computing
 EN.601.742 Advanced Topics in
Cryptography
 EN.601.743 Advanced Topics in
Computer Security
 EN.650.601 Introduction to Information
Security
 EN.650.621 Critical Infrastructure
Protection
 EN.650.624 Network Security
 EN.650.631 Ethical Hacking
 EN.650.633 Embedded Computer
Systems - Vulnerabilities, Intrusions,
and Protection
 EN.650.645/EN.601.645 Practical
Cryptographic Systems
June 1-2, 2017
 EN.650.656 Computer Forensics
 EN.650.658 Introduction to
Cryptography
 EN.650.660 Software Vulnerability
Analysis
 EN.650.661 Human Factors in
Information Security
 EN.650.663 Cloud Computing Security
 EN.650.671 Cryptography and Coding
 EN.650.672 Security Analytics
 EN.650.654 Computer Intrusion
Detection
 EN.650.724 Advanced Network Security
 EN.650.757 Advanced Computer
Forensics
5
MSSI Non-Technology Courses









Core Policy
EN.650.614 Rights in the Digital Age
EN.650.640 Moral and Legal Foundations
of Privacy
EN.650.681 Global Cybersecurity
EN.660.311 Law and the Internet
Core Management
 EN.650.653 Financial Issues in Managing a
Secure Operation
 EN.650.655 Implementing Effective
Information & Security Programs
Core Health
AS.280.340 Intro to Health Policy and
Management
ME.600.900 Health Information Systems:
Design to Deployment
ME.600.901 Health Sciences Informatics:
Knowledge Engineering and Decision
Support
ME.600.903 Introduction to Biomedical
and Public Health Informatics
ME.600.906 Real Time Disease
Surveillance

June 1-2, 2017






Foundational Management
EN.663.644 Writing Articles and Technical
Reports
EN.663.645 Improving Presentation Skills for
Scientists and Engineers
EN.663.660 Managing People and Resolving
Conflict
EN.663.670 Project Management
EN.663.671 Leading Change
EN.663.673 Leading and Managing Teams in
Virtual, Local and Global Settings
EN.663.674 Fundamentals of Management
6
CMU CyLab/INI/Management
June 1-2, 2017
7
CMU MSISTM and MSISPM
 MSISTM at Information
Networking Institute (INI)
– 3 semesters;
– 12 courses, 144 units;
– 1 required
policy/management course
(2 modules); up to 4
possible;
– Options of project,
practicum, or courses (3
courses);
– Cyber Forensics and
Incident Response track.
June 1-2, 2017
 MSISPM at Heinz College
(Management and IS)
– 4 semesters;
– 16 courses, 192 units;
– Mostly
policy/management;
several having light
technical flavor;
– 1 required project or thesis
(2 courses);
– 25 cohorts.
8
Challenges to Research Universities
Engineering and other majors are very
specialized.
– Actually hard for them to work together.
Cybersecurity programs such as MSSI cannot
find enough students
– With diverse background
– US domestic
Where is the help?
June 1-2, 2017
Look externally
9
But How?
June 1-2, 2017
10
Student Research Project
(Note: MSSI Students in Fall 2016)
Tea
Student Members
m
1
Payal Gupta, Kaustubh
Sarkar, Rahanik Vora
2
Zhenyu Liu, Bohan Li, Hana
Aljarwan
3
Rono Dasgupta, Aditya Patil,
Gijs Van Laer
4
Moriyike Mejabi, Srishti
Bhargava
5
Jiazhen Fan, Qingying Hao,
Jiaqin Zhou
Supriya Muthal, Yuan Huang,
Sen Li
Chen Cao, Xiao Chong Chua
Mentor
Other Personnel
Coffman,
Joel
Coffman,
Joel
Green,
Matt
Kociemba, Maria Vachino
Mike
(DHS/APL)
Title
Cyber Resiliency through Diversity: Evaluating Software
Diversity
Cloud-Based Distribution for Diversified Software
Harden Zero Knowledge Password Proofs Against Offline
Dictionary Attacks
Feasibility, Security and Privacy Analysis of Bluetooth Low
Energy (BLE) Beacon Technology in Improving Location and
Proximity User Experiences
Data Visualization of Windows Security Logs
Leschke,
Timothy
6
Li,
Nathan Bos (APL) A Cognitive Solution to Study Human Behavior towards
Xiangyang
Making Informed Security Decisions
7
Luo, Song David Silberberg Malware Detection through Data Analytics
(APL)
8
Asmaa Aljohani, Yue Zhu,
Nielson,
Maria Vachino
Identity-Enabled Transactions Based on the EMVCo Payment
Gyan Namdhari
Seth
(DHS/APL)
Tokenization Specification
9
Jingmiao Wang, Yuanqi Zhu, Nielson,
Darren Lacey
Detecting XSS attacks using BRO IDS
Harshneel More
Seth
(JHU)
10 Kevin Manzotti, Kashif
Nielson,
David Minch (APL) Replication of CryptoDrop - Ransomware Detection
Memon, Rahul Durgad
Seth
11 Rahul Nair, Chinmohan Nayak Watkins,
Industrial Control System Inference-Based Intrusion Detection
Lanier
System (ICS-iBiDS)
12 Ren Hao
Watkins, David Stone
Application Level Risk Scoring Framework Based on CWSS
Lanier
(Lenovo)
13 Jessica Vallejo, Juan Ramos, Watkins,
Penetration Testing of WiFi Controlled UAV
Lanier
June 1-2,Gaetano
2017 Snow
11
Standalone Module
Legal issues in
CySec
Management
Human Factors
Attacks and
Defense
Cryptography
Network
components and
traffic
Type
Case study, essay,
discussion
Topics
HIPPA/FERPA, Computer
Security Act, Laws and
Authorities, US Patriot Act
Case study, essay,
Strategic Plan and
discussion
Management, Business
Continuity / Disaster
Recovery
Case study, essay,
Privacy, Passwords, Usable
discussion, hands on Security
exercise
GENI experiment
IDS, Traffic, Log Analysis,
performance
Hands on exercise
Cryptograms, ciphers,
encryption, decryption
GENI experiment
Traffic and performance
analysis, protocol
introduction
PUI/LIA Curriculum
Political Science
International Studies
Social Science
Economics
Leadership
Social Science
Humanities
Social Science
Technology
Technology
Technology
Political Science Module
Lecture slides on cyber warfare and
international conflicts
Case study assignment
– Ukraine power grid attack
– Role play and analysis
June 1-2, 2017
13
Finance Module
Module design
Lecture slides
– financial investment basics
– cybersecurity investment specific materials
Case study on Target breach
There are other resources!
– Gordon-Loeb Cybersecurity Investment Model
June 1-2, 2017
14
QUESTIONS?
June 1-2, 2017
15