Transcription
The Hampton Roads Cybersecurity Education,Workforce, and Economic Development AllianceHRCyber Steering Committee MeetingJuly 20, 2017, 11:00-2:00, Old DominionUniversity, Norfolk, VAMid-Project ReviewHRCyber Website - http://securitybehavior.com/hrcyber1
Meeting AgendaITEMWelcome RemarksIntroductionsLUNCHBooz Allen Intern Project DemonstrationProject Status UpdatesVSGC ActivitiesArticulation AgreementsCurricula UpdatesCybersecurity SurveyProject Azimuth CheckPRESENTERProvost Augustine O. AghoDanielle SantosBrian PayneBooz Allen InternsBrian PayneMary SandyBrian PayneBrian PayneTancy Vandecar-BurdinJohn CostanzoVirtual LabChunsheng XinVirginia Beach Schools Internships and STEM Tri-FectaSara LockettGO VirginiaMike RobinsonHRCyber Cybersecurity Workforce SummitJohn CostanzoWay ForwardBrian PayneTour of ODU Center for Cybersecurity Education & ResearchMichael Wu2
HRCyber Project Status UpdateGoal 1: Coordinate educational pathways between public highschools, community colleges, and four year institutionsGoal 2: Gather information from the regional workforce aboutthe knowledge units taught in cybersecurity programs andrevise those curricula where needed.Associated Activities with Goal 1Associated Activities with Goal 2StatusConduct monthly steering committee meetingsConduct two focus groups with employers todetermine their views on cybersecurity(Completed October 2016)Develop at least two articulation agreementsComplete cybersecurity workforce survey(TCC-ODU agreement completed Dec 2016)(TNCC-ODU agreement completed April 2017)Identify curricula revisions(1st meeting held April 7, 2017)Conduct DACUM workshop and chartCreate virtual labAssess curricula revisionsReview and/or revise articulation agreementsComplete cybersecurity educational surveyNot started25% completeStatus(Completed February 2017)50% complete75% completeComplete3
HRCyber Project Status UpdateGoal 4: Strengthen the cybersecurity capabilities of theregional workforce.Goal 3: Coordinate academic programming betweeneducational institutions and workforce.Associated Activities with Goal 3Associated Activities with Goal 4StatusConduct cybersecurity counselor workshopDevelop and produce at least four cybersecuritycareer awareness videosCreate HRCyber homepageConduct cybersecurity Saturday series for highschool students and parents (March 2017)(completed Feb 23, 2017)(Completed October 2016)StatusHost a cybersecurity workforce development summitin fall 2017Train faculty on virtual labDevelop marketing material(ODU trained TNCC faculty on virtual lab)(HRCyber Brochure completed April 2017)Train college counselors/academic on cybersecurityprogramsParticipate in regional cybersecurity summits andconferencesAttend NICE conferences (2016/2017)(Attended 2016 NICE Conference)Provide Virginia Beach high school Interns toregional cybersecurity employersNot started25% complete50% complete75% completeCompleteProvide internships and apprenticeships to regionalcybersecurity employers4
Project Status ReportOther Completed Activities/Event by HRCyber PartnersActivity/Event1. Cyber Protection Resources (CPR) a HRCyber partner completes the Virginia Cyber Convention & Expo(October 5-6, 2016, Virginia Beach Convention Center, Virginia Beach, VA)2. Thomas Nelson Community College a HRCyber partner completes the 2016 Cyber Security Conference(October 7, 2016, Peninsula Workforce Development Center, Hampton, VA)3. TCC announces CyberCorps Scholarship for Service program with NSU (November 15, 2016)4. NICE Webinar – “Building your cybersecurity team with apprenticeships.” HRCyber partners Leigh Armistead (PeregineTechnical Solutions) and William Clement (Tidewater Community College) discuss apprenticeship opportunities.(November 16, 2016)5. TCC-ODU Cybersecurity Articulation Agreement Signing Ceremony, February 8, 2017, 10:30 am, Richmond, VA6. Peregrine Technical Solutions has hired two cybersecurity apprentices (Jan/Feb 2017) – one is working in Juneau, AK andthe other is in Alexandria, VA. They are completing their course work through TCC via distance learning.7. Dan Bowden, VP & CISA Sentara Heathcare, “Cyber Student Staffing Program”, 7 interns have been identified to work inSchoolMajorSourceYear Working Titlethe ISO office in May 2017 – 5 from ODU, 1 from Regent, and 1 from TCC. ODUCyberCISO ContactFrJr Cyber Risk SCISO ContactCISO ContactCSIIPCSIIPCSIIPCSIIPFrSoJrJrSoSoJr Cyber Risk AnalystJr Cyber Risk AnalystJr Cyber Security AnalystJr Cyber Security AnalystJr Cyber Security AnalystJr SecDevOps Analyst5
Project Status ReportOther Completed Activities/Event by HRCyber PartnersActivity/Event8. TNCC-ODU cybersecurity articulation agreement signing ceremony – April 21, 2017, 9:00am, TNCC Moore Hall9. Cyber Business Roundtable III meeting – March 28, 2017 – meeting with regional business leaders on cyber issues. Foradditional information visit this webpage. formationservices/Pages/cyber.aspx10. ODU trains TNCC faculty on virtual lab – May 9, 201711. Cybersecurity course curricula review meeting – April 7, 201712. ODU receives 3-year NSF REU cybersecurity grant – Link to article NSF REU Cybersecurity Grant13. ODU Cybersecurity Student Association named Student Organization of the Year for 2017.14. Participated in VB Economic Development Cybersecurity panel discussion – June 1, 201715. VBCPS hosts STEM Trifecta http://www.vbstemtrifecta.com/about.html - June 8, 20176
Hampton Roads Cyber AllianceVirginia Space Grant Consortium DACUM (Developing a Curriculum)Panel Cyber Counselor Workshop Cyber Saturday Events Cybersecurity Internships Cybersecurity Video Series7
Hampton Roads Cyber AllianceVirginia Space Grant Consortium Team Mary Sandy, Director, Co-I Chris Carter, Deputy Director Debbie Murray, Manager, Internships andResearch Experiences Kirsten Manning, STEM Education Specialist Brennan Griffith, Media Specialist8
Hampton Roads Cyber AllianceDACUM (Developing a Curriculum) PanelDecember 12-13, 2016 Dr. Gregory Braxton, Newport News ShipbuildingKane Crisler, Packet ForensicsJoshua Cox, Towne BankEric Hacecky, Thomas Jefferson NationalAccelerator FacilityColleen Lammers, Booz Allen HamiltonJim Newman, PeregrineRichard Severinghaus, CRTN Solutions, LLCStephen Watkins, G2 Ops, Inc.Major Dennis A. Adezas, Joint Forces Staff CollegeJenniffer Romero, CISSP, AERMOR, LLC9
Hampton Roads Cyber AllianceDACUM Chart – Cybersecurity AnalystDuties Assess Cyber Risks Protect Information Assets Detect Cybersecurity Events React to Cybersecurity Events Restore Secure Environment Increase Security Awareness Maintain Professional Knowledge10
Cyber Counselor WorkshopHosted by VSGCFebruary 23 27 counselors, Career andTechnical Education (CTE)teachers Education pathways leading toa career in cybersecurity (TNCC,TCC, NSU, ODU) Pilot showing of Cyber Videoseries for feedback Sentara, Newport NewsShipyard NNPS, HCPS, VBPS, ESPS Dumpster Diving/ IdentityTheft Activity11
Dumpster Diving ActivityPart 1: Diving for information Teams of 4 or 5 participants sort throughtrash bags and become familiar with thecontents. Based on the contents of the trash bag, eachteam constructs an “identity” for the personwho threw out the trash. Teams share out their respective identities.Part 2: Develop a plan to steal the identity How will you enter the home or business? What will you be looking for? What information was used to help you stealthe identity?Part 3: Activity wrap up Summarize what is “identity theft”. Discuss prevention techniques.Parents at TNCC participating inthe Dumpster Diving Activity.12
Cyber SaturdayThomas Nelson Community CollegeMarch 11 43 high school students, 22parents Shared Videos 1,2,3, and 5 Parent Track and Student TrackProf. MichaelMann, TNCC,leads theIntermediateStudent Track.Ms. JerriNewsong talkswith parentsabout admissionsat TNCC.13
Cyber SaturdayTidewater Community CollegeMarch 25 56 high school students, 19parents Shared Videos 1,2,3, and 5 Parent Track and StudentTrackStudents work on a footprinting activity.14
Student TracksBeginner Tracks Raspberry Pi from Scratch, Seth Black, HCPS Footprinting and Port Scanning, Terrell Jones, NNS Cyber Physical Systems and Drones, Michael Wuand Chunsheng Xin from ODU, and Scott Bellowsfrom VSGCIntermediate Tracks Exploring LAN Technologies, Michael Mann, TNCC Capture the Flag, Robert Guess and Joel Kirch,TCC Protecting Your System, John Nelson, VBPSAdvanced Tracks Wi-Fi Password Cracking led by Peng Jiang, ODU Real World Applications, Kane Crisler, PacketForensicsStudents fly drones throughan obstacle course.15
Parent Tracks Darren Spencer, FBI Norfolk Dan Bowden, Sentara Terrell Jones, Newport NewsShipbuilding Jerri Newsong, TNCC Steve Foster, TNCC Ian Cawthray, VSGC Tyler Zernicke, Sera-BrynnTerry Eusebio, TCCKim Perez, TCCVanessa Torres, FBI NorfolkJoyce Kuberek, VSGCDan Bowden speaks to parents aboutcybersecurity career opportunities.16
HR Cyber InternshipsCommonwealth STEM Industry Internship Program (CSIIP) HR Cyber Alliance internship support 15 spring/summer 2017 placementssurpassing the proposal goal of 10 13 – Sentara; 1 Newport News Shipbuilding; 1 Sera-Brynn Anticipate additional placements forfall 2017 Continuing to work with all HR Cyber member companies Plan to continue effort beyond December contract end dateSera-Brynn, LLC17
https://youtu.be/5f8zMWvGCtY?list PLKrkeCUPIKhuJxqo-CCSdKT35Qa568Vil
Articulation Agreement – UpdateBrian Payne Thomas Nelson CC Articulation Agreement Complete.Signing Ceremony, April 21, 2017, 9:00am, Thomas Nelson CC TCC – ODU Cybersecurity Articulation Agreement Complete Signing Ceremony, Richmond, VA, February 8, 2017 ODU exploring online articulation agreement with NOVA. Links to articles related to the Articulation Agreements News@ODU, ODU-TCC Cybersecurity Education Agreement Formalized in RichmondAbout TCC, New TCC and ODU agreement gives cybersecurity students seamless path to bachelor’s. Feb 9, 2017Governor of Virginia flickr – Photos of signing ceremonyVirginia Pilot Guest Columnist – Brian Payne & Daniel DeMarte: Joining forces to secure cyber infrastructure. Feb 19, 2017https://www.odu.edu/news/2017/4/tncc cyber agreement#.WP9nFU11o w – ODU@News article.https://www.odu.edu/news/2017/4/cyber agreement#.WP9pBU11o w – ODU@News article.http://www.dailypress.com/news/education/ - Includes a video of the 1-photogallery.html Photo gallery of the event22
Cybersecurity Curriculum ReviewBrian Payne Enterprise cybersecurity major Required internship Hands-on experiences expanded Laboratory enhancements Cyber operations major created Cybersecurity Risk Management course, Dr. Ariel Pinto,Engineering Management and Systems Engineering23
Cybersecurity Workforce and Educational Survey –UpdateTancy Vandecar-Burdin24
Cybersecurity Workforce and Educational Data CollectionPresented by Tancy Vandecar-BurdinFocus GroupsRecruitment: Recruiters, college fairs,internship programs,veteran sources (TAP),direct referrals, andnetworking within personalnetworks. Other “traditional” methodssuch as job boards orclassified postings weredeemed by some as notvery helpful.Priority Skill/Knowledge Areas: Prior programming experience,vulnerability assessment, riskmanagement, networkdetection and analysis, andpenetration testing. Other more basic skills: lifelonglearners who are passionateabout cybersecurity,technical/proposal writing skills,soft skills/communication skillsand customer service skills, anda general knowledge of how ITrelates to businessgoals/strategies.25
Focus group – highlighted results, cont.: Difficulty Finding Qualified Applicants: The general consensus was that it is difficult for a variety ofreasons. Conventional recruitment methods do not always work rely on personal networks to hire. Others reported seeing “paper tigers”. Smaller orgs/municipal orgs reported not being able tocompete with salaries offered by private firms or DOD. DOD needs people with security clearances. Many applicants with the necessary technical/cyber skillsdo not have good communication skills.26
Business and Educational Partner Web Surveys The feedback from the focus groups was used to informquestions and response options for web-based surveys ofbusiness representatives and educational partners. The survey was disseminated to over 200 business contactsasking about the cybersecurity workforce and theirrecruitment and hiring needs. Businesses were alsoencouraged to share the survey link with other businesscontacts who rely on the cybersecurity workforce. The educational survey was sent to 35 educationalcontacts in Hampton Roads.27
Business Representative Web Survey Results28
Business Representative Web Survey ResultsTop rated skills when hiring (very/somewhat important): General problem solving (94%)Communication skills (94%)Writing (85%)Customer service/Technical Support (82%)Risk Management (82%)Networking (79%)Network detection and analysis (79%)29
Business Representative Web Survey ResultsMost difficult knowledge skills to find in applicants: Communication skills (32%)General problem solving (21%),Penetration testing (21%),CISSP certification (21%),Understanding the business environment (18%)Security clearances (18%)Code debugging (18%)30
Business Representative Web Survey ResultsEducation/TrainingRate the quality of cybersecurity education available from educational institutions in Hampton %25%13%Public SchoolCommunity Colleges4-Year Colleges/Universities31
Not many excellentratings – most werein the “fair”categoryProtecting anddetecting hadhighest % of “good”ratingsIdentifying had thehighest % of “poor”ratings.32
Business Representative Web Survey ResultsGaps in the educational preparation of the cyber workforce andspecific actions that local educational institutions can take to betterprepare the cyber workforce:Creative thinking skills are lacking. We can teach technology.we can't teach deductive reasoning.Students are not taught how things work and how to problem solve today. They are generally rushed through avery basic curriculum.It is not a continuum. We need to start at K-12 and go from there. We must drive interest, not just expertise.Educational institutions can work together to create an educational process or path that will work towardsdeveloping a cybersecurity professional from entry level to senior manager/leader.We need to create large scale platform and large number of practical hands-on labs to strengthen theknowledge of students obtained from lectures.Good news – HRCyber is working on all of these .33
Educational Partner Web Survey ResultsImportance of skills/knowledge areas for students enteringthe workforce(very/somewhat important): Security clearances (15)Understanding the business environment (15)Penetration testing (15)Writing skills (15)Code debugging (15)General problem solving skills (15)34
Educational Partner Web Survey ResultsMost difficult knowledge/skills areas to find qualifiedprofessors/instructors to teach: Software reverse engineering (8)Security clearances (5)Penetration (5)Security Certification (3)35
Educational Partner Web Survey Results How well prepared recent cybersecurity graduates are inworkplace competencies (very/somewhat prepared): Teamwork (14) .compared to 79% business Security provision system (13) . compared to 73% business Creative thinking (13) .compared to 68% business Problem solving and decision making (13) compared to 44%businesses – not well/not at all prepared Operate and maintain IT security (13) .compared to 70%business36
Educational Partner Web Survey ResultsExcellent/GoodEducational Partners(n/%)Excellent/GoodBusinesses(%)Public schools6/40%21%Community Colleges12/80%58%4-Year Colleges/Universities11/73%63%Quality Rating of CybersecurityEducation that is availablefrom The educationalpartners ratedthe quality ofeducationhigher than didthe businessrepresentatives37
Educational Partner Web Survey Results Ongoing training in technology and communication skills needed Tough to grow programs without qualified educators More time spent working with cybersecurity tools hands-on versusmemorizing Start early in K-12 to teach programmatic logic and thinking.Identify those with aptitude and/or passion Come together as a group and outline courses from K1 throughcollege Hands-on virtual labs Strengthen partnerships with local business, industry, military andgovernment to offer internship opportunities to cybersecuritystudents.38
Educational Partners – Student Placement Data is early and incomplete One public school system – (recent data) nearly 100% of cyber studentsgo on to two year- or four-year program (1 year post-graduation) Community college – implementing a management system to better trackstudents from admissions through graduation and post-graduation. Articulation agreement with ODU “has been paramount” to increasing the interestof students in cyber programs. For profit - 85% of AS/BS students placed in the field within 6 months Prior military experience makes many of these students attractive to employers ODU – too early to tell – students haven’t yet graduated Internship now mandatory**Better data/tracking systems for students post-graduation needed at alllevels**39
Project Azimuth CheckJohn Costanzo A total of 27 stakeholders completed the survey.Suggestions for improving impact on cybersecurityworkforce in the region: Continue the current efforts/work - (6) More marketing/”get the word out” – (5) Engage with others (workforce, educationalpartners, employers) – (4) Curricular suggestions – (2) Seek more funding – (1) Other – (3)40
HRCyber Partner Azimuth Check SurveyResults 89% of partners believe that HRCyber is an initiative that should becontinued past the initial 18 month grant ending in Dec. 2017 Most significant benefit HRCyber has provided to partners (selected comments): “Access to trained workforce”“Articulation/transfer between TCC and ODU”“Awareness and connectivity with HRCyber community leaders”“Clear and consistent collaboration with a variety of cyber industry representatives in theregion”“Educational transfer pathways”“Provided a view into what academia is trying to coordinate in the region”“Shared knowledge and resources”“Visibility into the state of CS educational and workforce development capability/offeringsacross our region”41
Virtual LabChunsheng Xin Purchase request for 3 Dell computers submitted Update on status of access Faculty training sessions TNCC faculty training session – May 9, 2017 TCC faculty training session High School cybersecurity, information technology andcomputer science teacher demonstration and training session Virtual Lab website – www.move.odu.edu42
VBCPS STEM TrifectaVBCPS STEM Trifecta2017 STEM Robotics, Maker, & Cyber Security ChallengeJune 8, 2017, 10AM-4PM Virginia Beach Convention CenterHRCyber provided 500 to the winning cybersecurityChallenge team. Two teams tied for first place –Ocean Lakes HS and the Advanced Technology CenterFor details visit their websitehttp://www.vbstemtrifecta.com/about.html43
Go Virginia Opportunity A Business-Led Statewide Initiative Promote regional collaboration on economic development FY 2017 State budget includes 27.5 million in funding Building the Go Virginia Cyber grant proposal Three Pillars Supporting technical advancement: Cyber Arena Promoting increased sharing, networking, and training of professionalcommunity: Cyber Trail Workforce growth and Economic Development: Cyber Entrant Program Complimenting existing programs Virginia cybersecurity Public Service Scholarship Program TCC Registered Cyber Security Apprenticeship Veterans Special Employer Incentives programs Create more, higher paying jobs through incentivized collaborationand investment44
HRCyber Workforce and Economic DevelopmentSummitJohn CostanzoSave the Date – October 27, 2017 When – October 27, 2017 Where – Virginia Beach Higher Education Center Purpose. To highlight the achievements of HRCyber, its partners andprovide information to the public on cybersecurity educationprograms and employment. Speakers/Presentations to be determinedOther upcoming Cybersecurity conferences/events ODU Cyber Student Association Research Symposium/Business Expo, September 22-23, 2017, Norfolk VAThomas Nelson Community College, 2017 Regional Cybersecurity Conference: Cybersecurity and the Internet ofEverything, October 13, 2017, Hampton, VA45
NSF Proposal from ODU Capacity building focused on: Service learningInternsUndergraduate ResearchePortfoliosLearning communities46
HRCyber NSA Proposal To be submitted next week with focus on: Cyber law and policy, high school, community college, university, and beyond Similar process being proposed: DACUMCyber Law SaturdaysVideo seriesWorkshops for professionals, educators, and advisors Differences: More curricula development as part of the proposal47
Way ForwardBrian Payne Additional funding sources Mission and goal of HRCyber after December 201748
Steering Committee Meeting Schedule(3rd Thursday of the month from 11:00-1:00)MonthDate/TimeWhoCommentsJanuary 201719th/11:00-1:00All HRCyber membersIn-person meeting – ODU Peninsula CenterFebruary 201723rd /11:00-1:00Steering CommitteeTeleconferenceMarch 201716th/11:00-1:00Steering CommitteeTeleconferenceApril 201721th/8:30-12:00All HRCyber membersIn-person meeting – Thomas Nelson Community CollegeMay 201718th/11:00-1:00Steering CommitteeTeleconferenceJune 201715th/11:00-1:00Steering CommitteeTeleconferenceJuly 201720th/11:00-2:00All HRCyber membersIn-person meeting – ODU Norfolk – Note change in date for thismeeting. This will be an extended meeting withrepresentatives from NICE coming down to visit.August 201717th/11:00-1:00Steering CommitteeTeleconferenceSeptember 201714th/11:00-1:00Steering CommitteeTeleconferenceOctober 201727th /9:00-4:00All HRCyber membersHRCyber Workforce and Economic Development SummitNovember 201716th/11:00-1:00Steering CommitteeTeleconferenceDecember 201714th/11:00-1:00All HRCyber membersIn-person meeting49
ODU CS CSIIP So Jr Cyber Security Analyst TNCC CS CSIIP So Jr SecDevOps Analyst 5. Project Status Report Other Completed Activities/Event by HRCyber Partners. Activity/Event: 8. TNCC-ODU cybersecurity articulation agreement signing ceremony - April 21, 2017, 9:00am, TNCC Moore Hall. 9. Cyber BusinessRoundtable III meeting - March 28, 2017 .
