So glad you are working on this, given the crazy year we have had with cyber and ransomeware attacks. Are you developing a curriculum the includes SE or an online learning tool? What are some of the ways that you are engaging the the community to ensure equal accessibility to cybersecurity education? I am particularly interested what you are doing to diversify the pool of students learning about SE and gaining an interest in a cybersecurity career.

Thank you so much for visiting our page/video! We have many SE course projects on our website that are free to download: https://sites.temple.edu/care/resources/ These have also been mapped to the NIST NICE Framework.

Access equity strategy #1: All of our resources are free (including the course project).

 

Diversifying pool of candidates strategy #1: We have summer SE competitions open to students across ALL domains (not just technical fields). https://sites.temple.edu/care/se_pentest/

Diversifying pool of candidates strategy #2: The summer SE competitions are open to students at all levels (high schools, undergrads, grads, adult learners, etc.). 

Diversifying pool of candidates strategy #3: The summer SE competition is open internationally  - we have 9 international teams competing (more details will be announced next week). Bringing in cultural context and diversity is important when studying SE.

Access equity strategy #2: The summer SE competitions are virtual, so students from all over the US and abroad can engage. Students from smaller schools (not just ivy league schools) who may not have funds to travel to compete in competitions can compete in our events.

I hope this helps!

I was interested in your programs metrics. How many schools are participating, numbers of outreach to date so far, and what kinds of things are you planning to scale up this project for further outreach? 

I think this idea for a program is super interesting and also wanted to know what you thought was the greatest personal threat to peoples cyber security at any given time. 

Thanks for your insights 

Thank you for visiting our page/video! And thank you for your interest, question and kind words!

We have three events for this NSF grant, and I am providing metrics for each:

1. Educator workshop (June 7)

https://sites.temple.edu/care/educator-workshop/

We have 10 educators from high schools, 17 from community colleges and universities, some STEM non-profit members, and librarians from all over the country.

2. Summer SE Pen Test Competition

https://sites.temple.edu/care/se_pentest/

We have 29 teams competing (details will be released next week on our website), 11 graduate teams, 15 undergraduate teams, and 2 high school teams. 9 of the 29 teams are international.

3. CollegiateSECTF

http://sites.temple.edu/socialengineering

We have just opened the applications for this (it is open only to undergraduate students, and is international in scope). It is too early to list metrics for this, but last year was the inaugural event. We received 25 applications.

Potentially scaling up

We have been asked this question, and at the moment, we are just ensuring that can in fact implement these events in a safe and ethical manner. There are MANY steps that go into planning these events, especially the competitions: getting ethics review/approval, background checks for working with minors, waivers with risk management, etc. Our typical rule is can to have three successful iterations before moving forward.

We want to make things easier for potential partners. More importantly, we want to bring Liberal Arts into the picture as technical fields have already dominated the space of cybersecurity education, which while important, unfortunately portrays the stereotype that one must be technical to contribute to cybersecurity.

We are open to feedback as we are learning through this process!

Hi, team!

I'm curious to know more about what these trainings and/or student-directed curriculum and activities look like. For example, I've taken courses for work that introduce me to "how to spot a fishing e-mail," where there are clickable activities in which I have to find suspicious info. Are your activities also primarily student-computer interaction-based? Or, are there whole-group, non-computer activities, too? (I tried clicking on the links in the above discussion, but they mostly took me to PD applications, from what I could tell).

Greetings and thank you so much for visiting us!

I was just having this conversation yesterday with a collaborator. Most of the SE/phishing trainings we have seen fall into three broad categories (i) online quiz, (ii) talks about latest trends, and (iii) gamification (which is what you mention).

Ours are structured differently. For instance, our Lab is the 'target'. Students have to (i) conduct reconnaissance (OSINT) to understand our lab activities and employees (me and my grad students), (ii) use their Lab OSINT and any external OSINT to develop  believable pretexts/backstories that most likely to 'hook' us, (iii) embed the pretexts into a convincing phishing email and use psychological persuasion techniques to convince us to do something (ex: send a file), and (iv) be ready to adapt to any pushback employees might given them.

So as you can see, the phishing experience is target-specific, demonstrates the many factors that go into a phishing email (psychology, OSINT, pretext development), and also  offers realistic adaptation capabilities. We offer a human-centric experience. Also, this entire exercise, while still not representative of reality, is a great simulation and makes the student think about the non-technical aspects of phishing.

Almost all of our activities are structured like this. Hands-on, in-person (pre-COVID days!), solo or group-based. We try to get as close to reality as we can in a safe and ethical manner. All of our projects have been vetted by the ethics board. You can see the projects here: https://sites.temple.edu/care/resources/. We have made these resources free for download. They come complete with instructions and rubrics. The only thing you would have to do is get ethics approval at your end (and we can help with that too).

I hope this helps. I'm happy to discuss further if you like!

Thanks, Aunshul! (I requested to see one of the projects by filling out the form, but it looks like it needs to get approved). I also tried clicking on the mapping for each course project, but I'm getting a 404. 

Hmm - that's odd. Can you please try accessing the mapping document again? It's working for me. If it still doesn't work, each one has been mapped on the actual webpage anyway. 

Yes, we have received the request for the project download, and usually get back within 24-48 hours. I'll see if I can get to it later today though!

This is such an important topic. We briefly introduce social engineering to 3rd-5th graders in our CrypoComics curriculum and I really appreciate the scope of your lab's efforts. Keep up the great work. 

Thank you so much for stopping by, and yes, we agree!

I'd love to connect with you to discuss how you are engaging with 3rd-5th graders on this topic. We have just started branching into the high school space, and are open to learning and partnering with others.