1. Teaching Network Security - Lessons Learned Homeland Defense and Security Education Summit February 27 &28, 2007 Margaret Leary Associate Professor Northern Virginia Community College Information Systems Technology Alexandria Campus mleary@nvcc.edu http://www.nvcc.edu/home/mleary

2. Program History –NVCC planning began and grant was funded in 1999 Network security courses developed and prototyped - Fall 2000 Industry asked to validate requirements - Fall 2001 Certificate offered at two (out of five) campuses - Fall 2001 –CyberWATCH (Cybersecurity: Washington Area Technician and Consortium Headquarters) established and funded by NSF from 2005 through 2009. Development of IST Network Security Degree Program – Fall 2006 Curriculum mapping to NSTISSI 4011 standards – Spring 2007

3. Program Approach –Tailored to industry needs Vendor neutral Concepts/theory supplemented with hands-on lab exercises Assume students have networking and TCP/IP foundations Offered alternatively in on-line and hybrid formats Network Security Program - “not an ethical hacking program”

4. Network Security –Network security curriculum ITN260 - Network Security Basics ITN261 - Network Attacks, Computer Crime and Hacking ITN262 - Network Communication, Security and Authentication ITN 263 - Internet/Intranet Firewalls and E-Commerce Security ITN266 - Network Security Layers ITN267 – Cyberlaw ITN293 - Studies in Network Security (Capstone) ITN 295 – Topics In Network Security

5. Network Security Labs –Challenges Funding – initial investment per lab of $100,000 (not including labor) –Containment versus need to explore security tools necessitates more costly lab setups and is more complex to support –Lab support –setup, prep time, and support requires dedicated personnel No student skill baseline –Home Labs for on-line learners Adjuncts versus full-time faculty issues Educate IT staff on requirements and security mitigations

6. Faculty Training –Faculty skills Faculty must be qualified. Vetting program may be necessary Practitioner-based versus concepts and theory. Requiring past experience Leverage adjuncts working in the field Professional Development Initiative - $165K in last 2 years Faculty externships and relevant work industry work efforts –CyberWATCH faculty development Training at partner institutions Graduate certificate programs CISSP certification training and exam funding

7. Establish Industry & Academic Partners –Resource funding, advising, and program support CyberWATCH consortium partnership – resource sharing Montgomery College Virtual Lab Assistance with course mapping (NSA) Free to lowered costs for faculty skills updating and education Numerous internship opportunities for students Externship opportunities for faculty

8. Curriculum Consistency All Five Campuses –Mapping to NSA 4011 standards (www.nvcc.edu/cyberwatch) Develop mapping matrices of Course Content Summaries to Adopted Texts and perform gap analyses Provide central repository for course resources and discussions among faculty Provide sample syllabi to faculty Provide guidance to faculty on managing student expectations

9. Moving Forward –Developing labs and case studies for partners Conduct aggressive awareness (marketing) campaign to area businesses and students Work with 4-year institutions to develop articulation agreements Create Virtual Lab at NVCC and strengthen online/hybrid course offerings