ICEW Schedule

Home   ·   Schedule   ·   Location   ·   Register   ·   Resources   ·   2014

Innovations in Cybersecurity Education 2015

University of Maryland, Baltimore County – South Campus

Friday, June 12, 2015


9:00am-9:30am Doughnuts and coffee

9:30am-9:40am Welcome remarks


9:40am-11:00am Session 1 (80 min)

Captain Paul Tortora and Chris Hoffmeister, USNA, Teaching Cybersecurity to All Midshipmen

CAPT Paul Tortora is the Director of the Center for Cyber Security Studies at the United States Naval Academy. He is an active duty naval Officer in the Information Dominance Community, he has previously served in the Office of the Director of National Intelligence and Deputy Chief of Naval Operations for Operations, Plans and Policy. Before becoming a member of the Information Dominance Community he was a nuclear Submarine Officer.

LCDR Chris W. Hoffmeister, USN  is a Military Instructor, Junior Permanent Military Professor, in the Cyber Science Department at the United States Naval Academy.  He earned a M.S. in Computer Science at the Naval Postgraduate School, a M.S. in Defense Technology and Systems at the National University of Singapore, and a B.S. in Computer Science at Texas A&M University.  The USNA will begin construction of a new facility to house the Center for Cyber Security Studies in the coming year.


11:10am-12:30pm Session 2 (80 min)

Steve Morrill, Loyola Blakefield High School, Maryland, Transforming America’s Students into the Next Cyber Generation

Educating our students about the digital world has become just as important as teaching the core subjects. We will describe how Loyola Blakefield started a Cyber program with six students that has now grown into 86; all as an after school extracurricular program.  Cyber has become part of the STEM umbrella but is not well understood by many in the classroom. Steve Morrill and Patrick Lagator (Loyola student) will show through competition, certification, and good instruction how we can have students develop a passion for the subject area.  Not all students will want to be technical wizards, but all students should have fluency on how our digital world works. This is intended to be an interactive forum on how we can try to solve the “Cyber Problem” through education.

Steve Morrill is currently the Director of Technology and Cyber Science at Loyola Blakefield in Towson Maryland.  Prior to joining Loyola Blakefield, he spent 13 years managing and teaching technology in the higher education space.  He is also the founder of the Loyola Cyber Science Program, which has had great success in the past two years winning the SAIC Global Cyber Challenge in July 2013 and the Maryland (MDC3) Cyber Challenge in October 2013 & 2014. Most recently Loyola teams finished 1st and 3rd in Maryland and 16th, 19th, and 21st nationally for the AFA Cyber Patriot Competition.  Steve has been a presenter at the US News STEM Solutions conference and the National Initiative for Cyber Education (NICE) conference speaking on the role of education in Cyber Security. Over the past two years Steve has also been invited to speak at schools helping to raise awareness, but not paranoia, in the use of social media.  His presentations are tailored for the specific audience to help each group understand both the benefits and dangers of our modern on line world.


1:00-1:30 lunch (30 min), and 4:30-5pm (30min)

Game session for SecurityEmpire

Marc Olano, Alan Sherman, Linda Oliva, Ryan Cox, Deborah Firestone, Oliver Kubik, Milind Patil, John Seymour, Isaac Sohn, Donna Thomas

SecurityEmpire is a new multiplayer computer game to teach cybersecurity concepts to high school students. We describe the design and implementation of SecurityEmpire, explain how it teaches security concepts, share preliminary evaluative data from students and teachers, and describe our experiences with developing, fielding, and evaluating this educational game. SecurityEmpire challenges each user to build a green energy company while engaging in sound information assurance practices and avoiding security missteps. Sound information assurance practices include: not clicking on unsafe links, encrypting auction bids, authenticating software downloads, performing integrity checks of system software, keeping antivirus protection up-to-date, and choosing strong passwords. In contrast with traditional teaching methods, educational games hold promise for greater student engagement and learning. We pilot tested an initial version of the game in computer science classes at partner high schools and in an undergraduate gaming class at our university. The preliminary data suggest that the game is engaging and increases awareness of cybersecurity practices.


1:30pm-2:20pm and 2:30pm-3:20pm Session 3

Two identical presentations, each 50 min

Marcelle Lee, Leveraging Cyber Competitions to Build Your Resume

Cyber competitions are not only fun, they are also a great way to gain experience that students can use on their resumes!  They also provide a means to learn new technical skills and gain the attention of recruiters.  This talk will include a review of the different types of competitions, skills and knowledge needed, and tips on how to get involved.

Marcelle Lee is an analyst with the federal government and an adjunct professor at Anne Arundel Community College.  Marcelle also sits on the board of directors for the Women’s Society of Cyberjutsu, where she leads the women’s education and training initiative. Additionally, Marcelle is a regional director for the Information Systems Security Association Women in Security Special Interest Group.  Marcelle is also co-founder of Fractal Security Group, LLC. Marcelle transitioned to the field of cybersecurity after working in operations and project management in both the public and private sectors.  She holds multiple degrees and is currently working on her MPS in Cybersecurity at UMBC.  Marcelle has also earned several industry certifications including GCIA, GCIH, GCCC, CEH, CCNA, Security+, Network+, and ACE.  She is a cybersecurity competition enthusiast, an active volunteer in outreach to students and the community, and a member of several industry associations.


1:30pm-2:20pm and 2:30pm-3:20pm Session 3

Two identical presentations, each 50 min

Chris Hoffmeister, Lab Exercise: Using a Message Board: Hands On Learning Tool for Cyber Security

End users continually need to be more knowledgeable of cyber security best practices, and risks within the cyber domain. Unknowledgeable end users can lead to breaches in security. We present the use of a simple, configurable HTML message board that can be used as a hands­on tool for educating end   users about various cyber security topics. The message board has been in use since Fall 2011 to teach a general student population of 4800 first year students by 40 faculty members. The message board and activities presented can be incorporated into other introductory security curriculum.  The exercise will include:

  • Message Board Basics (Viewed as critical service (infrastructure) by students)
  • Basic Injection Attacks (Code Inject: HTML, Code Inject: JavaScript)
  • Redirection (Code Inject: JavaScript ­ Redirection, Code Inject: JavaScript ­ XSS)
  • Password Security (Hashing, Salting, Restricting Access)
  • Malware (Virus (msgBd.XSS)


3:30pm-4:30pm Session 4 (60 min)

Alan T. Sherman, UMBC, Educational Cybersecurity Assessment Tools (CATs)

Joint work with Linda Oliva, Dhananjay Phatak, Geet Parekh (UMBC); Ron Dodge (USMA); and Geoffrey Herman (University of Illinois Champaign-Urbana).

We are creating infrastructure for evidence-based improvement of cybersecurity education by developing Cybersecurity Assessment Tools (CATs) including a Cybersecurity Concept Inventory (CCI) and a Cybersecurity Curriculum Assessment (CCA).  The first CAT will be a Cybersecurity Concept Inventory (CCI) that measures how well students understand basic concepts in cybersecurity (especially adversarial thinking) after a first course in the field. The second CAT will be a Cybersecurity Curriculum Assessment (CCA) that measures how well curricula prepared students graduating from college on fundamentals needed for careers in cybersecurity.  Each CAT will be a multiple-choice test with approximately thirty questions.  We will present the results of our fall 2014 surveys of experts to identify important, difficult, and timeless cybersecurity concepts, and we will seek feedback on some draft questions.

Dr. Alan Sherman is a researcher and educator in cryptology.  He has developed hands-on exercises for information assurance and a multiplayer computer game (SecurityEmpire) for teaching cybersecurity concepts to high school students.  He is a professor of computer science at the University of Maryland, Baltimore County (UMBC) in the CSEE Dept. and Director of UMBC’s Center for Information Security and Assurance (CISA).  His main research interest is high-security voting systems.  He has carried out research in election systems, algorithm design, cryptanalysis, theoretical foundations for cryptography, and applications of cryptography.  Sherman earned the PhD degree in computer science at MIT studying under Ronald L. Rivest, the SM degree in electrical engineering and computer science from MIT, and the ScB degree in mathematics, magna cum laude, from Brown University.  Sherman is also a private consultant performing security analyses and an editor for Cryptologia.


4:30-5pm Session 5 (30min)

Game session for SecurityEmpire