Remote Controlled Cyber: Toward Engaging and Educating a Diverse Cybersecurity Workforce
Authors: 
Curtice Gough, Carl Mann, Cherrise Ficke, Maureen Namukasa, Meredith Carroll, TJ OConnorAuthors Info & Claims
Curtice Gough, Carl Mann, Cherrise Ficke, Maureen Namukasa, Meredith Carroll, TJ OConnorAuthors Info & ClaimsPages 394 - 400
Abstract
Cybersecurity education has grown exponentially to support the need for a skilled cybersecurity workforce. Further, capture-the-flag competitions have popularized cybersecurity by engaging and recruiting students while exposing them to cybersecurity workforce competencies. However, the heavy reliance on competition-based educational approaches may contribute to the lack of diversity in cybersecurity programs. Cybersecurity competitions are the primary catalyst to expose and recruit students from both high school and collegiate cybersecurity education programs. In response, we propose a collaborative, experiential learning approach that leverages hackable Internet of Things (IoT) toys as a pedagogical tool for cybersecurity education. We share our detailed design, activities, experiences, and lessons learned for others to build on our initial success.
References
[1]
ACM Committee on Computing Education. 2020. Cybersecurity Curricular Guidance. http://ccecc.acm.org/files/publications/Cyber2yr2020.pdf.
[2]
Air Force Association. 2022. Cyber Patriot XV National Youth Cyber Defense Competition Registration Report 2023--2023. https://www.uscyberpatriot.org/Documents/Fact%20Sheets/CP15%20Registration%20Report%202022--2023.pdf
[3]
Omer Akgul, Taha Eghtesad, Amit Elazari, Omprakash Gnawali, Jens Grossklags, Daniel Votipka, and Aron Laszka. 2020. The hackers' viewpoint: Exploring challenges and benefits of bug-bounty programs. In Proceedings of the 2020 Workshop on Security Information Workers, ser. WSIW, Vol. 20. Usenix, Virtual Event, bibinfonumpages7 pages.
[4]
John Aycock, Andrew Groeneveldt, Hayden Kroepfl, and Tara Copplestone. 2018. Exercises for teaching reverse engineering. In Conference on Innovation and Technology in Computer Science Education. ACM, Larnaca Cyprus, 188--193.
[5]
César Morillas Barrio, Mario Mu noz-Organero, and Joaqu'in Sánchez Soriano. 2015. Can gamification improve the benefits of student response systems in learning? An experimental study. IEEE Transactions on Emerging Topics in Computing, Vol. 4.3 (2015), 429--438.
[6]
Raymond W Blaine, Jean RS Blair, Christa M Chewar, Rob Harrison, James J Raftery Jr, and Edward Sobiesk. 2021. Creating a Multifarious Cyber Science Major. In Technical Symposium on Computer Science Education (SIGCSE). ACM, Virtual Event, 1205--1211.
[7]
Barry W. Boehm. 1988. A spiral model of software development and enhancement. Computer, Vol. 21, 5 (1988), 61--72.
[8]
Sergey Bratus. 2007. Hacker curriculum: How hackers learn networking. IEEE Distributed Systems Online, Vol. 8, 10 (2007), 2--2.
[9]
Lorenz Breidenbach, Phil Daian, Florian Tramèr, and Ari Juels. 2018. Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 1335--1352.
[10]
David Bruley. 2018. How the Best Hackers Learn Their Craft. https://www.youtube.com/watch?v=6vj96QetfTg.
[11]
Tanner J Burns, Samuel C Rios, Thomas K Jordan, Qijun Gu, and Trevor Underwood. 2017. Analysis and Exercises for Engaging Beginners in Online CTF Competitions for Security Education. In 2017 USENIX Workshop on Advances in Security Education (ASE 17). USENIX, Vancouver, BC, Canada, bibinfonumpages9 pages.
[12]
Peter Chapman, Jonathan Burket, and David Brumley. 2014. $$PicoCTF$$: A $$Game-Based$$ Computer Security Competition for High School Students. In Summit on Gaming, Games, and Gamification in Security Education (3GSE 14). USENIX, San Diego, CA, bibinfonumpages10 pages.
[13]
Tom Chothia and Chris Novakovic. 2015. An offline capture the flag-style virtual machine and an assessment of its value for cybersecurity education. In 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15). USENIX, Washington, D.C, bibinfonumpages8 pages.
[14]
Thomas Cook, Gregory Conti, and David Raymond. 2012. When good Ninjas turn bad: Preventing your students from becoming the threat. Colloquium for Information System Security Education, Vol. 16 (2012), 61--67.
[15]
Seth T Hamman, Kenneth M Hopkinson, Ruth L Markham, Andrew M Chaplik, and Gabrielle E Metzler. 2017. Teaching game theory to improve adversarial thinking in cybersecurity students. IEEE Transactions on Education, Vol. 60.3 (2017), 205--211.
[16]
Maurice Hendrix, Ali Al-Sherbaz, and Bloom Victoria. 2016. Game based cyber security training: are serious games suitable for cyber security training? International Journal of Serious Games, Vol. 3.1 (2016), 53--61.
[17]
Sylvia Hurtado, Nolan L Cabrera, Monica H Lin, Lucy Arellano, and Lorelle L Espinosa. 2009. Diversifying science: Underrepresented student experiences in structured research programs. Research in Higher Education, Vol. 50 (2009), 189--214.
[18]
Blake Janes, Heather Crawford, and TJ OConnor. 2020. Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices. In IEEE Security and Privacy SafeThings Workshop (SafeThings). IEEE, Virtual Event.
[19]
Ralph Langner. 2011. Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy, Vol. 9, 3 (2011), 49--51.
[20]
Kees Leune and Salvatore J Petrilli Jr. 2017. Using capture-the-flag to enhance the effectiveness of cybersecurity education. In Proceedings of the 18th Annual Conference on Information Technology Education. ACM, Bologna, Italy, 47--52.
[21]
Tzu-Chiang Lin, Ying-Shao Hsu, Shu-Sheng Lin, Maio-Li Changlai, Kun-Yuan Yang, and Ting-Ling Lai. 2012. A review of empirical evidence on scaffolding for science education. International Journal of Science and Mathematics Education, Vol. 10 (2012), 437--455.
[22]
Henry Lowood and Raiford Guins. 2016. Debugging game history: A critical lexicon. MIT Press.
[23]
Donatello Luna, Luca Allodi, and Marco Cremonini. 2019. Productivity and patterns of activity in bug bounty programs: Analysis of HackerOne and Google vulnerability research. In Proceedings of the 14th International Conference on Availability, Reliability and Security. ACM, Virtual Event, 1--10.
[24]
Xenia Mountrouidou, David Vosen, Chadi Kari, Mohammad Q Azhar, Sajal Bhatia, Greg Gagne, Joseph Maguire, Liviana Tudor, and Timothy T Yuen. 2019. Securing the human: a review of literature on broadening diversity in cybersecurity education. In Proceedings of the Working Group Reports on Innovation and Technology in Computer Science Education. ACM, Aberdeen, UK, 157--176.
[25]
NSA. 2022. Academic Requirements for Designation as a CAE in Cyber Operations Fundamental. https://www.nsa.gov/Resources/Students-Educators/centers-academic-excellence/cae-co-fundamental/requirements/
[26]
TJ OConnor. 2022. HELO DarkSide: Breaking Free From Katas and Embracing the Adversarial Mindset in Cybersecurity Education. In Technical Symposium on Computer Science Education (SIGCSE). ACM, Providence, RI, 710--716.
[27]
TJ OConnor, Dane Brown, Jasmine Jackson, Suzaana Schmeelk, and Bryson Payne. 2023 a. Compete to Learn: Toward Cybersecurity As A Sport. In Journal of Cybersecurity Education, Research and Practice (JCERP). Kennesaw State University.
[28]
TJ OConnor, William Enck, and Bradley Reaves. 2019. Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things. In Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). ACM, Miami,FL.
[29]
TJ OConnor, Dylan Jesse, and Daniel Camps. 2021. Through the Spyglass: Toward IoT Companion App Man-in-the-Middle Attacks. In Cyber Security Experimentation and Test (CSET). USENIX, Virtual Event.
[30]
TJ OConnor, Dylan Jessee, and Daniel Campos. 2023 b. Towards Examining The Security Cost of Inexpensive Smart Home IoT Devices. In International Workshop on Consumer Devices, Systems, and Services (CDS 2023). IEEE, Torino, IT.
[31]
TJ OConnor, Carl Mann, Tiffanie Petersen, Isaiah Thomas, and Chris Stricklan. 2022. Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course. In Innovation and Technology in Computer Science Education (ITiCSE). ACM, Dublin, Ireland, 442--448.
[32]
TJ OConnor, Alex Schmith, Chris Stricklan, Marco Carvalho, and Sneha Sudhakaran. 2024. Pwn Lessons Made Easy With Docker: Toward an Undergraduate Vulnerability Research Cybersecurity Class. In Technical Symposium on Computer Science Education (SIGCSE TS). ACM, Portland, OR.
[33]
TJ OConnor and Chris Stricklan. 2021a. Teaching a Hands-On Mobile and Wireless Cybersecurity Course. In Innovation and Technology in Computer Science Education (ITiCSE). ACM, Virtual Event, 296--302.
[34]
TJ OConnor and Chris Stricklan. 2021b. Towards Binary Diversified Challenges For A Hands-On Reverse Engineering Course. In Innovation and Technology in Computer Science Education (ITiCSE). ACM, Virtual Event.
[35]
Maria Chaparro Osman, Maureen Namukasa, Cherrise Ficke, Isabella Piasecki, TJ OConnor, and Meredith Carroll. 2023. Understanding how to diversify the cybersecurity workforce: A qualitative analysis. In Journal of Cybersecurity Education, Research and Practice (JCERP). Kennesaw State University.
[36]
Rodney Petersen, Danielle Santos, Matthew Smith, and Gregory Witte. 2020. Workforce Framework for Cybersecurity (NICE Framework).
[37]
W Michael Petullo. 2022. Courses as Code: The Aquinas Learning System. Proceedings of the 15th Workshop on Cyber Security Experimentation and Test (2022).
[38]
Phillip Porras, Hassen Saidi, and Vinod Yegneswaran. 2009. Conficker C analysis. SRI International, Vol. 1 (2009), 1--1.
[39]
Summer Rebensky, Maria Chaparro, and Meredith Carroll. 2020. Optimizing the Learning Experience: Examining Interactions Between the Individual Learner and the Learning Context. In Advances in Human Factors in Training, Education, and Learning Sciences: Conference on Human Factors in Training, Education, and Learning Sciences. Springer, AHFE, Virtual Event, 10--16.
[40]
James R Rest. 1994. Background: Theory and research. Moral development in the professions: Psychology and applied ethics (1994), bibinfonumpages26 pages.
[41]
Wei-Cheng Milton Shen, De Liu, Radhika Santhanam, and Dorla A Evans. 2016. Gamified technology-mediated learning: The role of individual differences. In Pacific Asia Conference on Information Systems (PACIS). Association For Information System, Chiayi, Taiwan.
[42]
Jacob Springer and Wu-chang Feng. 2018. Teaching with angr: A Symbolic Execution Curriculum and $$CTF$$. In 2018 Workshop on Advances in Security Education (ASE 18). USENIX, Baltimore, MD, bibinfonumpages8 pages.
[43]
Kevin A Stein and Matthew H Barton. 2019. The "Easter egg" syllabus: Using hidden content to engage online and blended classroom learners. Communication Teacher, Vol. 33, 4 (2019), 249--255.
[44]
Valdemar vS vábenskỳ, Jan Vykopal, and Pavel vC eleda. 2020. What Are Cybersecurity Education Papers About? A Systematic Literature Review of SIGCSE and ITiCSE Conferences. In 51st ACM Technical Symposium on Computer Science Education. ACM, Portland, OR, 2--8.
[45]
Valdemar vS vábenskỳ, Jan Vykopal, Milan Cermak, and Martin Lavs tovivc ka. 2018. Enhancing cybersecurity skills by creating serious games. In 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education. ACM, Larnaca Cyprus, 194--199.
[46]
Clark Taylor, Pablo Arias, Jim Klopchic, Celeste Matarazzo, and Evi Dube. 2017. CTF: State-of-the-Art and Building the Next Generation. In 2017 USENIX Workshop on Advances in Security Education (ASE 17). USENIX, Vancouver, BC, Canada, bibinfonumpages11 pages.
[47]
Holly Tootell, Mark Freeman, and Alison Freeman. 2014. Generation alpha at the intersection of technology, play and motivation. In 2014 47th Hawaii international conference on system sciences. IEEE, Waikoloa, HI, 82--90.
[48]
Jan Vykopal, Valdemar vS vábenskỳ, and Ee-Chien Chang. 2020. Benefits and pitfalls of using capture the flag games in university courses. In Technical Symposium on Computer Science Education (SIGCSE). ACM, Virtual Event, 752--758.
[49]
David C Webb, Alexander Repenning, and Kyu Han Koh. 2012. Toward an emergent theory of broadening participation in computer science education. In Technical Symposium on Computer Science Education (SIGCSE). ACM, Raleigh, NC, 173--178.
[50]
SeongIl Wi, Jaeseung Choi, and Sang Kil Cha. 2018. Git-based CTF: A Simple and Effective Approach to Organizing In-Course Attack-and-Defense Security Competition. In 2018 USENIX Workshop on Advances in Security Education (ASE 18). USENIX, Baltimore, MD, bibinfonumpages9 pages.
[51]
Rushan Ziatdinov and Juanee Cilliers. 2022. Generation Alpha: Understanding the next cohort of university students. io
Index Terms
- Remote Controlled Cyber: Toward Engaging and Educating a Diverse Cybersecurity Workforce
Recommendations
PWN Lessons Made Easy with Docker: Toward an Undergraduate Vulnerability Research Cybersecurity Class
SIGCSE 2024: Proceedings of the 55th ACM Technical Symposium on Computer Science Education V. 1Developing expertise in vulnerability research is critical to closing the cybersecurity workforce shortage. However, very few institutions have adopted vulnerability research into their cybersecurity curriculum, and fewer have examined how to teach this ...
Shaping Curricular Guidelines for Associate-Degree Cybersecurity Programs
SIGCSE '19: Proceedings of the 50th ACM Technical Symposium on Computer Science EducationAs projections of the shortage of cybersecurity workers grow [4], the spotlight is on cybersecurity education. In December of 2017, the Joint Task Force on Cybersecurity Education published Cybersecurity Curricula 2017: Curriculum Guidelines for Post-...
A Capstone Design Project for Teaching Cybersecurity to Non-technical Users
SIGITE '16: Proceedings of the 17th Annual Conference on Information Technology EducationThis paper presents a multi-year undergraduate computing capstone project that holistically contributes to the development of cybersecurity knowledge and skills in non-computing high school and college students. We describe the student-built Vulnerable ...
Comments
Information & Contributors
Information
Published In
March 2024
1583 pages
ISBN:9798400704239
DOI:10.1145/3626252
- General Chairs:
- Ben Stephenson,
- Jeffrey A. Stone,
- Program Chairs:
- Lina Battestilli,
- Samuel A. Rebelsky,
- Libby Shoop
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 March 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- ONR
Conference
SIGCSE 2024
Sponsor:
SIGCSE 2024: The 55th ACM Technical Symposium on Computer Science Education
March 20 - 23, 2024
OR, Portland, USA
Acceptance Rates
Overall Acceptance Rate 1,595 of 4,542 submissions, 35%
Upcoming Conference
SIGCSE TS 2025
- Sponsor:
- sigcse
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 212Total Downloads
- Downloads (Last 12 months)212
- Downloads (Last 6 weeks)39
Reflects downloads up to 25 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in