The problem with teaching Cyber security

Slides:

Advertisements

Similar presentations

Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Advertisements

The Evolutionary Progression of a Windows Forensics Analyst Up from the slime… Field Observations by cyber-sociologists Ed Skoudis and Rob Lee.

Learning in ECE 156A,B A Brief Summary Li-C. Wang, ECE, UCSB.

Ethnographic Fieldwork at a University IT Security Office Xinming (Simon) Ou Kansas State University Joint work with John McHugh, S. Raj Rajagopalan, Sathya.

Teaching Creativity AJ Nafziger. PERSPECTIVES AND DEFINITIONS OF CREATIVITY Merriam-Webster ▫“The ability to make new things or think of new ideas” Mihaley.

Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Enterprise search: 2010 & beyond Nick Patience Research Director, Information Management The 451 Group.

Merit Annual Meeting Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group

Dr Ian Abrahams Combining randomised control trials with qualitative research approaches: The best of both worlds York

Where did this practice come from? Gerda Sula, M. Ed. Step by Step Center, Albania.

Using Anthropology to study Security Incident Response Raj Rajagopalan Xinming Ou Honeywell Kansas State U FIRST 2014 June 25, 2014.

Introduction to Software Testing Chapter 9.3 Challenges in Testing Software Test Criteria and the Future of Testing Paul Ammann & Jeff Offutt

S OUTH C AROLINA I NFORMATION E X CHANGE Law Enforcement Information Data Warehouse.

Reflection (Winograd) A workshop initiated the book. –more workshops ongoing A list of questions:

EMNLP Industry Panel Comments © 2001, David A. Evans, Clairvoyance Corporation 1June 4, 2001 The Rubber and the Road Industrial Perspectives on NLP EMNLP.

Secure Software Development Security Operations Chapter 9 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.

MB 802: Managing Organizational Change Course Evaluations Prof. Brad Harrington Boston College.

Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar Aneela Laeeq

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Capabilities Briefing

Using Virtual Worlds to Build Professional Proficiency William Eastwood, Ph.D. Oakland University Empowering Students to Learn: 8.

Service Learning for Communicators and Other Fields with a Mission Pamela Morris, John Goheen Loyola University Chicago FOTL January 12, 2015.

S OUTH C AROLINA I NFORMATION E X CHANGE Law Enforcement Information Data Warehouse NGA Meeting Atlanta. Georgia.

Computing Students: Group Mentors - Influencing and Embedding the Curriculum Group Mentors: Daniel Devlin, Adrian Hannigan, Carrie-Lyn Kane, David McFaul.

“R&D has been a costly and inexact process for a long time. Now some companies are trying a radical new approach, giving customers the tools to design.

LILAC 2008 Perceptions of information: The Net Generation Marian Smith and Dr. Mark Hepworth.

Introduction to Software Testing Chapter 9.3 Challenges in Testing Software Test Criteria and the Future of Testing Paul Ammann & Jeff Offutt

Interviewing CIS 331. Required Skills of the Systems Analyst Technical knowledge and skills – Computer hardware, software, databases, and related devices.

11 Canal Center Plaza, Alexandria, VA T F Enterprise Computing Conference (ECC) Workshop Alma R. Cole,

Science of Security Experimentation John McHugh, Dalhousie University Jennifer Bayuk, Jennifer L Bayuk LLC Minaxi Gupta, Indiana University Roy Maxion,

Tools of the Trade: Construction CECS 5030: Introduction to the Internet Dr. Cathleen Norris & Jennifer Smolka.

Action Research – Chapter 7 Qualitative Research Methods for the Social Sciences – Bruce Berg Presenters: Kenneth Kim Kyla Huska.

Lecture 1 The University of Lahore Software Engineering Saeed Akhtar

Cybersecurity: Think Globally, Act Locally Dr. Peter Freeman NSF Assistant Director for CISE Educause Net2003 April 30, 2003.

1 Software Engineering Ian Sommerville th edition Instructor: Mrs. Eman ElAjrami University Of Palestine.

The study of Knowledge-sharing in CSIRTs using Anthropology Raj Rajagopalan Xinming Ou Honeywell Kansas State U FIRST 2014 (DRAFT)

1 Chapter 3 1.Quality Management, 2.Software Cost Estimation 3.Process Improvement.

Matthew Birtel EDUC 503 FALL 2012 November 27, 2012.

Sample Presentation Headline REPRESENTATIVE SUBHEAD TO SUPPORT SUBJECT Presenter’s Name Presenter’s Title Presentation Date DeterLab A Tool for Cybersecurity.

Problem Paramount to the success of your effort stated precisely address an important question advance knowledge.

BELL WORK Give an example of a situation where you or someone you know presented good character. Then give an example of someone showing bad character.

Information Technology Acceptable Use Policy The acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree.

Center for Cybersecurity Research and Education (CCRE)

Presented by Prof. Danilo Gligoroski MSc in Telematics Specialization in Information Security.

Roles of a Facilitator and Required Competencies Training Management and Facilitation Workshop Mekong Institute, Khon Kaen,

What is assessment for learning?

Vale Inco's commitment to product stewardship and the environment reflects the ongoing and innovative development of new and safe uses for nickel by society.

Secure Software Development Security Operations Chapter 9 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.

Transition Math Project Fall Workshop Retreat Case Writing as Tool for Math Teacher Professional Development Rainbow Lodge, Mt. Si, WA November 7, 2008.

Fostering Sustained Impact: Lessons Learned from Geoscience Faculty Workshops Ellen Roscoe Iverson, Cathryn A. Manduca, Science Education Resource Center,

Object-Oriented and Classical Software Engineering Seventh Edition, WCB/McGraw-Hill, 2010 Stephen R. Schach

Meg Attwood The Value of Practitioner Research. Introduction Work in FE college Programme Leader - Foundation Degree in Early Years.

Chapter 7- Thinking Like an Assessor Amy Broadbent and Mary Beck EDU 5103.

University of California, San Diego Beth Simon Sr. Associate Director of Learning Sciences and Technology, Center for Teaching Development and Lecturer.

4th School on High Energy Physics Prepared by Ahmed fouad Qamesh Cairo university HIGGS BOSON RECONSTRUCTION.

Case 4: ‘Margin Call’ Film Group MembersMatrix Number Elizabeth Cheng Siew ChienBB Ho Tet SengBB Mohd Zainuddin bin Mat UsengBB

Anthropology Grad student 1 What kind of teaching do we aspire to at DU? ◦“Engaged teaching” ◦“Less emphasis on student-focused discussion and more even.

My career compas to becoming a mechanic. Brief description of a Mechanics Job  As a mechanic, I would be repairing and maintaining mechanical equipment.

LSRN Discussion Workshop: 24 November 2016

Juliet MacKenzie Exploring Routes to Understanding Geography Learning So, just how is it students learn Geography? Juliet.

Stimulating Critical Thinking, Creativity, and Active Learning

SNS College of Engineering Coimbatore

Cyber Warrior Princess ™

Business Growth Through Apprenticeships

Introduction to Software Testing

Daniel Walczyk, Ph.D., P.E. Professor of Mechanical Engineering and Director, Center for Automation Technologies and Systems (CATS)

אסדרת מקצועות סייבר בישראל

Cybersecurity: Tried and True Tactics for Assessing and Managing Risks, Employee Training and Program Testing Brian Rubin, Partner, Sutherland Tee Meeks,

LO1 - Know about aspects of cyber security

The six vocations of Technology Transfer

Presentation transcript:

The problem with teaching Cyber security Raj Rajagopalan Honeywell Research (siva.rajagopalan@honeywell.com) Oct 7, 2013

My Position With a few exceptions, the following groups of people have no clue about the needs of security practice:

My Position With a few exceptions, the following groups of people have no clue about the needs of security practice: Academicians

My Position With a few exceptions, the following groups of people have no clue about the needs of security practice: Academicians Corporate Researchers

My Position With a few exceptions, the following groups of people have no clue about the needs of security practice: Academicians Corporate Researchers Software manufacturers

How do I know? Using Anthropology to improve Technology Charles Leinbach and Ron Sears studied the needs of RV users using anthropological techniques Helped create one of the most popular RV designs of all time Study in progress on Security Incident Response and Forensics using Anthropological techniques1 Grad student “embedded” in the KSU Security Operations Center (SOC) for the past six months Observing and understanding the needs, pressures, and drivers of security analysts What we have learned so far Incident response is as much a people problem as it is a technical problem Product manufacturers do not have basic familiarity in security Even after so many interviews with the analyst some of the knowledge is hard for him to explain It is important to extract this knowledge if researchers want to develop useful forensic tools 1With Xinming Ou, John McHugh, and Mike Wesch. supported by NSF Grant No. CNS-1314925 with KSU and RedJack, LLC.

Anthropology-guided Cybersecurity Research Social acceptance by the community of practice Apprenticeship Models, Algorithms,Tools Widen the workforce by enabling less skilled people to do the mundane jobs. E.g. K-State SOC has pushed this to NOC. Make best use of the time of skilled labor. Questioning, Reflection, and Reconstruction

Golden Observations We need humility and empathy to understand security practitioners. We have to want to learn their perspective. Our theories about real security will necessarily be messy. We have to learn to embrace imperfection in our models. We have to be honest about the mistakes and flaws in our tools. “Field work” is essential to know what the real problems and constraints are.