This Cybersecurity and Infrastructure Security Agency (CISA)-funded project will design and develop carefully chosen, state-of-the-art, National Initiative for Standards and Technology (NIST) framework-aligned curriculum resources for deployment in any IT and/or cybersecurity education program, including CISA training programs.
In close collaboration with CISA, the Critical Infrastructure Resilience Institute (CIRI) - a Dept. of Homeland Security (DHS) Center of Excellence - along with partner institutions (Auburn Univ., Prince George’s Community College, Purdue Univ., Wilkes Univ. and Univ. of Nebraska Omaha) will design the framework for a hybrid curriculum development strategy which will lead to a growing pipeline of cybersecurity professionals able to staff both technical and managerial positions in the government and private sector.
Prince George’s Community College Courses
Foundations in Computing
Using competency-based mastery learning (CBML) instructional design techniques, this course library will contain instruction on threshold concepts that must be mastered to be ready to prepare for the CompTIA IT Fundamentals Plus (ITF+) certification exam and effectively engage in learning concepts in the Foundations in Secure Networking for Cyber-Social Systems course (Figure 2 below).
Foundations in Information Technology
Using competency-based mastery learning (CBML) instructional design techniques, this course library will contain instruction on threshold concepts that must be mastered to be ready to prepare for the CompTIA A+ certification exam and effectively engage in learning concepts in the Foundations in Secure Networking for Cyber-Social Systems course (Figure 2 next).
University of Illinois Urbana-Champaign Courses
Foundations in Secure Networking for Cyber-Social Systems
This course will introduce learners to the notion of cyber-social systems, where humans live and work in closely networked relations to computers or machines mediated by computing interfaces across a wide range of social domains and technical infrastructures. We define “cyber-social” as the relationship between computers or computerized machinery and their users. The course will address the question, when and how are such cyber-social system disrupted? What kinds of technical and organizational design most effectively avert disruption? What are the most effective responses? In each of the eight course topics, these questions will be addressed from three perspectives: human, organizational-social, and technical.
Foundations in Secure Administration of Cyber-Social Systems
This course will introduce the learner to the technical, human, and organizational fundamentals of secure systems administration: the installation, configuration, upkeep, and reliable operation of computing systems (especially multi-user systems), both on-premises and in the cloud.
Foundational Technical and Organizational Concepts and Practices in Cybersecurity
This course will introduce the learner to the current risks and threats to an organization’s systems and data, combined with a structured way of addressing the safeguarding of these critical assets. The course also provides a foundation for those new to cybersecurity by delivering the broad-based knowledge and skills necessary to prepare students for further study in other specialized cybersecurity fields/domains.
Purdue University Courses
Critical Infrastructure Security
In this project-based course, students work in small groups to build a model industrial control process. They start from a flat network with few controls in place, and eventually design and implement a network architecture utilizing secure zones and other best practices. Throughout the semester, students build an understanding of the social-political threat context associated with critical infrastructure cybersecurity and of the consequences associated with failure to get it right. Students conduct vulnerability assessments against their hardened systems to iterate through security as a process.
Incident Response Management
This course is a defensive security capstone course, in which partnered students work collaboratively as a small incident response team to protect virtualized and vulnerable critical infrastructure. Students create a contextualized enterprise-level incident response plan and implement the plan in response to attacks against their infrastructure. This context-based approach requires students to align the mission of their critical infrastructure business with the prioritization of assets and the risks against them. It requires the use of a security mindset to recognize the ways in which they are likely to be targeted and to build this understanding into their plan. Students then utilize knowledge of systems administration, computer networking, risk analysis, and cyber forensics to look for indicators of compromise, to implement controls to mitigate, identify, or eliminate threats. Students build out securely provisioned replacements for outdated and unhardened components of their computing systems. As a result of the experiences students have with their attacks, they apply their lessons learned to the revision of their computer incident response plan.
An entry level course with an inquiry-based approach to applied foundational cybersecurity concepts and skills. Students work together to apply technological, operational, and managerial security skills and to communicate their experiences clearly for a variety of audiences. Students construct an understanding of the dialectic nature of cyber threat and response and work towards the development of a security mindset to act as responsible cyber citizens and protectors.
University of Nebraska Omaha Course
Technical Processes for Software Security Engineering
This course focuses on training developers to identify, instantiate, and execute technical processes for software components as part of the systems development lifecycle as defined in NIST 800-160. The course will emphasize a practitioner’s approach and hands-on use of real- world tooling for modern SecDevOps, or Secure (Sec) Development (Dev) and IT operations (Ops).
Auburn University Courses
This course introduces students to cryptographic theory and its application to the security of computer systems.
Cyber Incident Management
This course introduces students to cyber risk management and how to prepare for and respond to a cyber incident.
This course introduces students to the basics of reverse engineering executable programs.
This course introduces students to the hardware, software, and wetware attacks employed by threat actors to exploit vulnerabilities and identify countermeasures used by ethical hackers to reduce organizational surface area through vulnerability mitigation. During this course, students will conduct numerous security assessments in which they will discover system resources, conduct security research, identify vulnerabilities, test exploits, and mitigate exploitable vulnerabilities using proper security controls.
Secure Software Construction
This course introduces the student to practices and processes for engineering secure software.
Wilkes University Courses
The primary aim of this course is to immerse and engage students in ethical thinking pertaining to case studies in cybersecurity, to develop students as ethical agents. The approach taken, will ask students to begin by tending to immediate and raw ethical intuitions - the not-fully-thought-out and indeed, preconscious whispers that inevitably do play a significant (and often underestimated) role in determining subsequent conduct. It is here, in this more intuitive and receptive mode that allows for an opening into enduring ethical growth and development. From there, ethical judgment and reasoning can be formulated and communicated with a kind of intimate potency and cohesiveness that stands to endure as the field moves forward and confronts new ground.
Cybersecurity for Educational Leaders
The concept of a security mindset serves an anchoring point throughout the course, integrating technical and human-centered aspects of cybersecurity in a way that fosters “thinking like a hacker,” to better understand the threat landscape. Ultimately, the course aims to empower educational leaders to formulate effective responses to issues that emerge at the intersection of cybersecurity and society.
University of Nebraska Omaha Course
Management Processes for Software Security Engineering
This course focuses on training near-team technical managers to identify, implement, and monitor the technical management processes in a software development lifecycle as defined in NIST 800-160. The course will use scenario-driven styles and an emphasis on effective collaboration with development teams to achieve learning outcomes.