The objectives of this project (SISMAT) are to combine research, training, and outreach to help further the understanding of the complex information security problems and to nurture the expertise and talent of students capable of confronting these challenges. The team proposes to create a structured, in-depth, and hands-on course material in real-world information security problems like penetration testing and real-time intrusion analysis, defense, and recovery.
The project plans to eliminate a gap between the types of active learning environments needed to help undergraduates understand complex attacks and the static trace captures used in current labs. The team plans to investigate the network, systems, and management aspects of a standard for describing and encoding high-interaction hands-on information security training scenarios, and of a simulated network environment capable of supporting simulations of complex enterprise-class networks.
SISMAT contains a comprehensive outreach program. It creates a repository of projects undertaken by SISMAT participants that is freely shared with the public. It also directly engages security researchers and industry experts as faculty mentors. Project personnel and student participants help forming a community of academics, professionals, and practitioners by supporting conferences like Annual Conference on Education in Information Security.
(SISMAT) program is to assist efforts to identify and train new cybersecurity professionals by (1) giving undergraduates an immersive crash-course in information security, (2) helping to coordinate a security-related internship, and (3) guiding them through an experience in doing a mentored research project with a professor from their home institution. SISMAT has also worked to foster the infusion of security teaching at the students' home institutions by, some years, incorporating a faculty mentor workshop into the SISMAT program. The mentor workshop was designed to build faculty expertise and confidence in teaching cybersecurity topics; it focused on curriculum development and adoption issues and also provided an opportunity for students and mentors to brainstorm possible research project topics. Through SISMAT, we have furthered faculty development efforts by enabling opportunities for shared experiences and discussions; we established a faculty listserv, invited comments on curriculum and participated in multiple conferences. Project outcomes. The SISMAT program at Dartmouth College has operated since 2008. Since then, the program has had 62 student participants (nine international students and 26 women and minority students) from 25 undergraduate institutions from around the United States and two international universities. Besides the immersion crash-course training in the SISMAT program, almost all attendees completed information security internships at a variety of locations, including college and university IT services, the Federal PKI Policy Authority, a university trust fund, a financial services company, a US FFRDC research lab, university research labs, an Internet measurement company, and a regional medical center, among others. Students have gone on to jobs and graduate programs in information security (e.g., Drexel, GMU, CMU, SMU, UCDavis); many have expressed their belief that their SISMAT experience had a significant influence on their ability to move into a subsequent position dealing with information security (as opposed to a more general information technology job), and identified SISMAT as a core influence on their career decisions. We have published two academic papers on the SISMAT program and structure, published another paper about teaching security labs, held two BoFs related to undergraduate cybersecurity education at ACM's SIGCSE, and organized a Working Group on the Hacker Curriculum at CISSE 2009. Through these experiences, we made contact with other faculty, researchers, and educators working in this area; we plan to continue developing these relationships to help coordinate efforts more efficiently and support each other in our common goals. Faculty members associated with SISMAT have gone on to apply SISMAT material into both existing and new courses (five that we know of to date). Over the past six years, we have created a community of students and educators that are engaged on this topic, and who will help further develop its reach and recruit student participants and internship contacts. In fact, two of the current SISMAT faculty mentors became engaged as a result of their students attending SISMAT and their interest in information security education. Publicly available materials. The hackercurriculum.org website helps to provide some basic organization to the hacker literature (which can be daunting for unguided undergraduates to read). This site also features an annotated bibliography of some key hacker and industry publications. Finally, a lab manual covering all of SISMAT's hands-on activities and exercises is in preparation for print.
