As educators blend classroom and online learning for safe fall course experiences, Project Ares helps get the balance right for teaching cyber security. Whether instructing cyber security courses remotely or in-person, Information Security and Cyber Security educators must make learning engaging and relevant to best prepare students for careers in the field. Circadence can help educators transform existing cyber security curriculum to support teaching challenges with the Project Ares online learning tool.
Financial services companies and departments are experiencing increased cyber-attacks, leaving their data and personnel at high risk. Mitigate risk using Project Ares to train professionals persistently and hands-on manner to stop threats coming into the company purview.
Circadence CEO Michael Moniz shares thoughts in Forbes magazine, on how gamification can positively impact the trajectory of cyber training today.
We are continuously reminded of the stark reality that higher education teaching and learning is indeed different today than it was a few months ago. Since Circadence is committed to cyber security education and training, we try to stay on top of the latest developments with distance learning so that we can think through how to keep supporting cyber and information security teachers during this unprecedented pandemic time. We often hear from higher education partners and customers how much of a challenge distance learning and teaching can be, so we sat down with our own Dr. Bradley Hayes to hear firsthand what his experience has been like. Brad is the Chief Technology Officer at Circadence, and Assistant Professor in the College of Engineering and Applied Science, Director of the Collaborative AI and Robotics Lab at the University of Colorado, Boulder. We also solicited the perspectives of several other higher education teachers who were willing to share their thoughts on the challenges and opportunities to adapt to this ‘new normal’ of teaching and learning.
We hope by sharing his story with you, our readers, it can help ignite conversation and ideas that make teaching cyber security better for both educator and student.
How has distance learning requirements impacted you as a professor? Your class? Your teaching style?
Distance learning has been a massive shift for many of us, and certainly requires a different approach: preparing for it and delivering lectures as if it were an in-person class does not work! For many professors, the lack of in-person social cues is the most noticeable change, especially if students aren’t sharing their video. Delivering a lecture to a computer monitor is difficult enough, and removing the implicit feedback mechanisms of in-person instruction can exacerbate issues that wouldn’t normally be problematic in lecture delivery.
I teach a graduate class on the Algorithmic Foundations of Human-Robot Interaction in the Spring, which has been quite different now that there is greatly reduced human interaction (and no human-robot interaction!). I’ve certainly learned a lot, as I had to quickly transition to using robotics simulation environments (instead of having students use physical robotics platforms) and set student project teams up for effective remote collaboration on very short notice. Ultimately, I find that remote instruction is no substitute for in-person instruction, but it does encourage a more scalable mindset to assignments and mentoring that could have real benefit when we resume in-person classes.
Switching to remote lecturing has had substantial impacts on my teaching style as well. The following observations have risen to the top as key learnings:
- I tend to be very animated when teaching, which doesn’t particularly work as well over video and I feel has been detrimental to student engagement.
- I have found it takes extra effort to engage students with the material, particularly if they’re in an environment that isn’t conducive to focused learning.
- Encouraging more hands-on exercises can go a long way toward bringing their focus and attention back to the material, but this takes more advance preparation work than if it were an in-class exercise.
How are your students responding to the remote learning shift?
It’s been difficult for them, but to their credit, they’ve done a great job adapting to it. Social distancing and quarantine guidelines in general have caused a lot of upheaval in their lives, adding stress and instability that may not be outwardly obvious to us as their professors, which has necessitated a recalibration of expectations regarding coursework. One of the most important changes to keep productivity high was the adoption of real-time collaboration tools to facilitate group-work and bring more course material-relevant conversations into a more visible medium for others to benefit from and participate in. Even though most students were able to continue attending class synchronously (i.e., joining the video conference at our normal time), most of the interaction that would’ve traditionally happened in the classroom shifted into our online collaboration tools.
To be an online learner, one needs to be independent, disciplined, organized and communicative with questions, responses and/or if issues exist. What can be a little frustrating is reaching out to students with no response…not knowing how they are doing; being worried about them, hoping they are ok – it is a TEAM approach in all aspects. The students are paying for their education, thus, the importance of high communication and engagement from both student and instructor is paramount. ~ Julie A. Shay, MBA-HIN, RHIA, Program Director for Health Information Technology Programs/Lead Faculty/Professor – Santa Fe College
What was needed to make the transition to full remote teaching?
A chat-based online collaboration tool was absolutely essential, as this became the new forum for conversations that would naturally occur at the conclusion of the lecture when students would typically walk up to the lectern with questions or ideas to discuss.
These informal interactions can be approximated with post-class discussion through collaboration tools, though there’s an additional activation cost that requires priming from the instructor to kick things off. Another important consideration is the space from which you’ll be delivering your lecture: having a professional-looking environment with adequate lighting makes a big difference and can have a positive effect on student engagement.
What challenges came with transitioning to a remote classroom?
Since we go through a decent amount of complex mathematical derivations in my course, I had to weigh the advantages and difficulties of using a virtual whiteboard versus moving everything into slide format.
- Personally, I’ve found the move away from the whiteboard to be advantageous in terms of clarity for the students.
- It forced me to explicitly describe each step of what we’re going through in a clear, permanent way on slides that can be easily distributed.
- Unfortunately, this makes it a lot more difficult to step through equations by letting students lead the process, as the smaller the ‘minimum revealing step’ in each equation is (e.g., do you reveal one character at a time, or one whole term at a time?) the more difficult and time-consuming it is to prepare in advance.
The biggest challenge has been tracking student engagement and understanding of the material. In the absence of social cues, the feedback loop becomes much longer, as assignments or tangible work products from student projects become the only measurable signal. Learning to properly take advantage of remote collaboration tools has also been a difficult process, as many of us are adapting on-the-fly, leading to trial and error that puts additional hardship on the students.
Understand that teaching in a remote environment will require a different leadership style and, in my opinion, that style is Transformational Leadership. In essence, this leadership style will require [the professor] to motivate and transform the mindset of the student to perform at a higher academic level…yet, remotely! ~ Dr. Eric Todd Hollis
What have you learned/observed throughout this distance learning process?
By far, the most important aspect of making distance learning work for students who are used to in-person instruction is to stay in communication with them, soliciting and listening to their feedback. Maintaining student engagement and keeping your students interested in the course material is more difficult from a distance learning perspective, and requires more effort than you may be used to! There is a common tendency to disengage entirely when feeling lost or demoralized by a class that is greatly exacerbated by the distance learning experience — it is critical to budget extra time and put in extra effort to connect with students who are at risk of disengaging.
Since in-class group exercises may not be an option anymore (especially depending on how lectures are being delivered), additional resources, creativity, and preparation are necessary. Specifically, this past semester has really underscored the importance of providing ‘hands-on’ learning experiences to foster engagement in lecture and encourage retention of the material. The addition of a simulation environment that students could interact with was a game-changer not just in terms of making concepts ‘real’, but also in terms of giving students the tools they needed to really apply and experiment with what they were learning. Once there is an opportunity to explore the course material in an interactive environment, I’ve found that students are far more likely to bring up new ideas for discussion or implementation, reinforcing their interest in the course content and leading to better outcomes.
What is one thing you’d advise other educators who are struggling to sustain distance learning for foreseeable future?
Learn how to set up and use established online collaboration tools and learning environments! This will save you a lot of time and headache over cobbling together your own while also trying to develop an adapted curriculum. Establish a cooperative atmosphere by being transparent with your students when trying a new pedagogical approach, and regularly solicit their feedback to refine your strategy.
We thank Dr. Hayes for taking the time to share his personal successes and challenges with us and the great higher education community of teachers. To hear Dr. Hayes in ‘virtual’ person, we’ve extended this topic of distance learning challenges and tools into a live webinar panel discussion in partnership with Microsoft. Join us June 9, as we dig into the state of distance learning today and introduce technologies that can help educator’s adapt to a blended classroom teaching experience as we head into the Fall semester season.
Distance Learning Today
Practically overnight distance learning has become the ‘new norm’ for academic institutions. Educators worldwide are figuring out what Emergency Remote Teaching (ERT) means for their specific courses and subject matter for summer term and likely fall term 2020. And while the immediate remote learning requirements for pandemic mitigation will eventually recede, there is a growing awareness that online and blended learning options in Higher Education curriculum will likely be a strategic part of the post-pandemic norm.
“Every faculty member is going to be delivering education online. Every student is going to be receiving education online. And the resistance to online education is going to go away as a practical matter,” James N. Bradley, chief information officer at Texas Trinity University, wrote in a LinkedIn post.
Job opportunities in the cyber security field
Let’s take a specific look at higher education programs for Information Technology and the related cyber security discipline. For starters, they can’t graduate students fast enough to fill the existing job openings in the cyber security field. Even before the pandemic, there was a well-documented talent gap between the growing number of open cyber security jobs and skilled applicants to fill them. In November 2019, ISC2 calculated that the cyber workforce would need to increase by more than 145% to fill gaps in talent across the U.S. Cyberseek.org tracks this unique employment landscape and states that “the average cybersecurity role takes 20% longer to fill than other IT jobs in the U.S.” because employers struggle to find workers with cyber security-related skills.
The dynamics of this gap have probably gotten worse. Today’s stay-at-home world has cyber security vulnerability written all over it. Online activities have exploded with remote work access, distance learning, telemedicine, video conferencing, online shopping, gaming, media streaming, and more all happening at once….and creating a world of opportunity for threats to identity, systems and data. And, in the post-pandemic world that we are looking forward to, many of the new and unexpectedly ‘proven’ activities like distance learning and telemedicine will likely stay with us to some extent as part of the ‘new norm’.
The result is that behind the physical coronavirus crises is the shadow of a virtual cyber virus crisis. And it means that cyber security is quickly moving to the frontlines of mission-critical skillsets for healthcare, higher education, retail, and every employer that enabled work-from-home for the safety of their workforce. Now, more than ever, organizations and institutions need to stop thinking in terms of IF they are breached and start planning in terms of WHEN they are breached.
Does that sound ominous? It is! But buried in the dramatic shortage of cyber skills, is opportunity. Opportunity for STEM/IT focused students (high school and collegiate) to specialize in cyber security and find jobs upon graduation. And opportunity for higher education institutions to ramp up their cyber security program enrollment.
- In March 2019, Cyber Crime Magazine reported that only 3% of U.S. Bachelor’s Degree graduates had a skill set in cyber security.
- And in another 2019 report, Burning Tree Technologies learned that while federal data showed the number of postsecondary programs in key cyber security areas had increased 33%, the ratio of currently employed cyber security workers to job openings, had hardly budged since 2015. In other words, the pool of available talent has remained proportionally the same.
Developing the cyber security skills that employers are desperate for is a multi-faceted challenge. Employers want to bring in new hires who have both a strong foundation in basic security principles and concepts as well as practical job role specific skills like networking protocols, scripting, regular expressions, kill chain and network defense, etc. And maybe most importantly, employers categorize top talent as those applicants with power skills like strategic thinking, problem-solving, teamwork and collaboration.
Distance learning and the IT / cyber security discipline
At Circadence, we specialize in cyber security learning, specifically through an immersive learning platform that provides hands-on experience and strategic thinking activities for students working towards careers in the field of cyber security.
Today’s educators are looking for engaging student activities that teach designated core curriculum topics to meet learning objectives. And, it is equally critical to assess student comprehension of learned material and measure progress to ensure the effectiveness of the curriculum and teaching approach. These challenges can be met head-on with Circadence’s Project Ares in the online classroom. Project Ares is a browser-based learning platform specifically designed for teaching cyber security in a hands-on, applied manner.
It can help transform existing cyber security curriculum to support current distance learning challenges as well as integrate into future course design.
For cyber security instructors:
• The built-in learning exercises can augment existing syllabi.
• Anytime access enables flexible asynchronous delivery to support current circumstances for instructors and students.
• Self-directed student learning opportunities are supported through hints, Q&A chat bot, and session playback and review.
• Optional live observation or interaction within the exercises supports tutoring as well as assessment.
• Immersive, gamified environment sustains student engagement with scores and leaderboards to incent practice and improvement.
• Global chat enables peer-to-peer community and support for students.
Additional Distance Learning & Teaching Resources
As higher education instructors shift to deliver, proctor and advise online, we anticipate teaching strategies continuing to adapt to use new and immersive tools that enable alternative online courses to positively impact student learning now and into the future. Circadence is excited to be a part of this shift in learning and proud to partner with today’s cyber security educators that prepares tomorrow’s much-needed workforce of cyber defenders.
For more information, check out these resources:
• Microsoft technology helps enable remote classrooms https://www.microsoft.com/en-us/education/remote-learning?&ef_id=EAIaIQobChMIjrP4qvSQ6QIVlxatBh347wMJEAAYASAAEgL-VvD_BwE:G:s&OCID=AID2000043_SEM_6M11V6Kq&utm_source=google&gclid=EAIaIQobChMIjrP4qvSQ6QIVlxatBh347wMJEAAYASAAEgL-VvD_BwE
• Circadence White Paper Teaching Cyber Security Remotely: Online Learning with Project Ares https://marketing.circadence.com/acton/media/36273/whitepaper-rise-of-distance-e-learning-in-higher-education
• Project Ares Curriculum Example. Building an Immersive Cyber Curriculum with Project Ares: A use case from a public research institution in the Western U.S. https://marketing.circadence.com/acton/media/36273/immersive-cyber-curriculum-with-project-ares-use-case
• Cyberdegrees.org provides a comprehensive directory of colleges and universities offering cyber security degrees, as well as a wealth of information on career paths within the cyber security field, security clearances, the range of professional security certifications available.
If there is one thing that this pandemic has taught us all, is that out of chaos arises opportunity: Opportunity to be better professionals, better neighbors, better defenders, and overall, better people. We hope each of you continues to stay safe and secure during this time.
Cyber Risk means different things to different people in an organization. Deloitte distinguishes it well: A CEO might worry about the expected financial loss related to cyber risk exposure; while the CFO is challenged to show the value of security while managing the associated costs. The CMO might worry about the impact to the brand if a breach to the company occurs; while the CISO is thinking about which key initiatives to prioritize to maximize risk buy down. But one thing that savvy executives agree on is that cyber security is a business risk that should be included in corporate risk mitigation strategy and processes.
Cyber Risk Mitigation focuses on the inevitability of disasters and applies actions and controls to reduce threats and impact to an acceptable level.
Lisa Lee, Chief Security Advisor for Financial Services in Microsoft’s Cybersecurity Solution Group, partnered with Circadence in April 2020 to talk about this topic in a webinar. Originally broadcast for a financial risk mitigation audience, the practical advice Lisa offers in 6 areas of cyber risk mitigation is broadly applicable.
Cyber Risk Insurance
Insurance can help to reduce the financial impact of an incident, but it does NOT mitigate the likelihood of a cyber breach happening – in the same way that having car insurance helps with the financial consequences of an accident but cannot in anyway prevent an accident from occurring.
Identity and Access Management
Microsoft recommends making “Identity” the security control plane. Employees use multiple devices (including personal devices), networks, and systems throughout their lifecycle with a company. The explosion of devices and apps and users makes security built around the physical device perimeter increasingly complex. At the same time, access to on-premise systems and cloud systems are shifting to transform to meet business needs. Partners, vendor/consultants, and customers might also all require varying degrees of access. A strongly protected, single user identity at the center of business for each of these constituents can exponentially improve the efficiency and efficacy of the overall security posture of the company.
Configuration and Patch Management
This is IT or cyber security 101. Everyone should be doing it on a consistent basis. But 20% of all vulnerabilities from unpatched software are classified as High Risk or Critical. The Center for Internet Security is an excellent resource for more information on best practices.
Asset Protection (devices, workload, data)
There is a massive amount and diversity of signal data coming in from the network and there are many tools on the market to help assist in the collection, management, and assessment. Lisa advised not to spend too much time trying to evaluate and select the best of breed tool in each category. Rather, find a suite that works well together so that you don’t have to spend time on integration. Beyond devices, also consider your security policies and practices to ensure visibility for workloads across on-prem, cloud, and hybrid cloud environments. And finally, consider protecting the information directly so that wherever data elements go, even outside the company, they carry protection with them. The key to this is encryption.
Monitoring and Management
These two concepts are seemingly more about ‘risk management’ vs. ‘risk mitigation’. But monitoring helps you to ‘know what you don’t know’ in order to adapt and improve mitigation strategies. And today, many of the monitoring tools from Microsoft and other vendors have features that enable cyber analysts to take action, i.e analysts can use the same tool that helps identify a vulnerability to then resolve it.
Cyber Security Training
Security is an ever-changing situation because bad actors are always developing new attacks. Therefore, training and education is an ongoing requirement for cyber professionals. Circadence’s Project Ares is a cloud-based learning platform specifically designed for continuous cyber security training and upskilling. IT and cyber organizations that invest in on-going training for their people are making as strong an investment in mitigation as in the tool stack that the analysts use on-the-job.
With consideration in all 6 of these areas, you will be able to architect and compose a comprehensive cyber mitigation strategy.
Here’s a link to the full webinar. It’s only 45 minutes long and Lisa provides more detail in each of these categories.