To: Bill Newhouse, President, National Institute of Cybersecurity Education
From: Christopher Cianchetta, Student, University of Maryland University College
Subject: Proposal for Collaborative Hands-On Cybersecurity Curriculum
Date: December 4, 2014
Cyber Security is needed now more than ever with this new revolution of IoT (Internet of Things). According to Go-Gulf.com “Cyber Crimes are growing and by 2017, the global Cyber Security market is expected to skyrocket to 120.1 billion” (2013). The current cybersecurity programs are not adequate for preparing students entering the IT Security field. It should have more emphasis on hands on learning with team collaboration between the different subjects needed to master the sciences of cyber security.
Cybersecurity is one of the most critical issues the United States faces today. It is an ongoing battle and security professionals are currently on the losing side. In 2011 Symantec reported blocking 5.5 billion malicious attacks which is an 81% increase from 2010. The Ponemon Institute, 2013 Cost of Cyber Crime Study, found that the average annualized cost of cybercrime incurred by a benchmark sample of U.S. organization was $11.56 million. That statistic represented a 78% increase since the initial study was conducted four years prior. Every year more attacks are being recorded, and the growing amount of attacks have direct correlation of the rising cost of cybercrime to the United States.
The chart below is provided by statista.com (n.d.) comparing cost of cybercrime damage since 2001:
Both Cybercrime and cost are exponentially on the rise, and the addition of more devices being interconnected will make security a greater challenge than ever before. Now with more devices interlinked to one another attackers will have even more ways of entering networks giving them a broader attack surface for finding vulnerabilities.
Curriculum Deficiencies
Current cybersecurity training degree programs do not support the types of knowledge skills and abilities (KSAs) that a security technician should possess entering the work field. Ira Winkler of computerworld.com states “I sincerely believe that cybersecurity degree programs are producing graduates inadequately prepared for the positions they believe they are training for, and quite possibly compromised in their ability to get any job at all” (2011). General institutions can easily put together a more technical program teaching students more about the technology that they desire to learn.
Within the current curriculums there is too much of an emphasis on writing and oral presentations, and traditional classroom lectures. That basic need for the general knowledge could easily be addressed and satisfied with earlier prerequisite classes as well as a collaborative team environment inviting professional interaction within a new curriculum. However, in an IT setting where technical knowledge is needed, there is no need for the consistent assignments of dry oral presentations and 1,000 – 2,000 page written papers due weekly. The valuable time missed could be applied to critical hands on training and real world scenario collaborative learning. “Research has proven that students who are taught using hands-on teaching methods with manipulatives outperform those who are not” (hand2mind.com, n.d.). Hands-on learning has been proven to increase student outcomes. Cyber security majors would heavily benefit from the addition of more hand-on type of activity, in real world scenarios.
The current curriculums do offer wide ranges of classes. However these classes are extremely surface and the majority of the hands on training are cookbook type of labs that are done once and moved on from. Research has shown “that important characteristics of experts’ superior performance are acquired through experience and that the effect of practice on performance is larger than earlier believed possible” (Ericsson, Krampe,