Demand for cybersecurity professionals continues to explode nationwide. Irfan Ahmed, Ph.D., assistant professor of computer science in the VCU College of Engineering, has received a $250,000 grant from the National Science Foundation to help meet this need by teaching community college students advanced cybersecurity skills.
The award is part of a $500,000 collaborative project, led by VCU, in which Ahmed and Sajal Bhatia, Ph.D., assistant professor of cybersecurity at Sacred Heart University in Hartford, Connecticut, will work with Piedmont Virginia Community College in Charlottesville, Virginia, and Capital Community College in Hartford to develop curricula and technology resources to train students in digital forensics and network penetration testing.
“Nationally and regionally, there is a tremendous shortage of talent in the cybersecurity area. We need people from all backgrounds and walks of life to get involved in keeping our national electronic infrastructure safe and sound,” said John D. Leonard, Ph.D., professor of computer science and executive dean of VCU Engineering. “With this support from the NSF, our team of researchers and instructors will ensure that these students are at the cutting edge of black- and white-hat security skills”
Digital forensics and network penetration testing, also called “pen testing,” are among the most sought after cybersecurity skill sets. Digital forensics involves recovering and investigating information on computers and other digital technologies such as cell phones and is considered a defensive cybersecurity skill. Pen testing, an offensive skill, evaluates the security of a network by performing an authorized cyberattack on the system.
“Community college students who have taken these two courses are qualified for entry-level jobs in cybersecurity — but you can’t just ‘copy and paste’ university curricula for these classes, give them to community colleges and have it be very effective,” Ahmed said.
This is because students in community colleges come in with a wider range of skill and experience levels than university students, Ahmed said, so lecture-based teaching often fails to meet them where they are. Instead, the researchers and educators in this project will use problems, not lectures, to teach cybersecurity.
“The idea with problem-based learning is that instead of delivering content by flipping [through] slides, the instructor or teacher will give students problems to solve with coaching from the instructor,” Ahmed said. “Students will learn while solving problems.”
In this model, the teacher acts as a mentor rather than the source of a solution, Ahmed said, and “the students are not handed any content, so the learning process becomes more active.” Instead, students explore content suggested by the instructor to find a solution to the problem.
Teaching defensive and offensive cybersecurity processes securely requires enhanced technology, so this grant will also allow for development of a new Cyber Range Infrastructure for Cybersecurity Education using NSFCloud. With this resource, community colleges can use the new training modules without having to purchase expensive computing infrastructure.
Implementation of the new problem-based cybersecurity curriculum will begin at both community colleges in fall of 2021. It will be evaluated throughout the three-year grant period, culminating with a comprehensive review by an external evaluator.
Ahmed said this program, if successful, could be scaled up to address the need for more cybersecurity professionals in the future.
“Right now, our priority is to develop the content, use the cloud infrastructure for free access, help the community college use it and assess student learning,” he said. “That's the key point. If it’s successful, then the follow-up will be seeing if more community colleges can adapt or adopt the content.”