Cybersecurity Education Roundtable

Wednesday, November 16, 2:00 pm in Hariri Institute

Click above to watch a recording of the event


  • Ran Canetti, Professor, Boston University
  • Agnes H. Chan, Professor, Associate Dean, College of Computer and Information Science, Northeastern University
  • David Clark, Professor, MIT
  • Roberto Tamassia, Professor, Chair Computer Science Department, Brown University
  • Craig Wills, Professor, Chair Computer Science Department, WPI
  • Richard M. George, Technical Director, National Security Agency (retired)
  • Paul Mesterhazy, Deputy Director, National Cyber Security Division
  • Montana Williams, Director, Cyber Education Office,  NICE/NIST

Context: In less than ten years cybersecurity and by implication cybersecurity education moved from a narrow and rather obscure area of computer studies to front page news. The educational part rapidly expanded to include degrees with a technical (computer science, engineering) or policy/managerial (management information systems, information assurance) focus, training and professional development programs for the cybersecurity workforce, awareness programs for the general public.  The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) was created to “establish an operational, sustainable and continually improving cybersecurity education program for the nation to use sound cyber practices that will enhance the nation’s security.” This is an extensive mandate with sub-areas yet to be crisply defined and structured. We address a narrower subject.


Focus and Student Audiences: The roundtable will focus on technical degrees in research universities for two audiences of cyber professionals:

i.            the information security engineer with a CS/ENG/IT degree at the BS/MS level who can meet the growing needs of industry and government; and

ii.            the information security scientist at the doctoral level who can conduct research and teach in academia or work in industry/national research labs.


Format: We are fortunate to have eight panelists who are leaders in research and education and have extensive knowledge of academia, government and industry.  The format is a free flowing discussion around key topics (as opposed to formal statements from each panelist at the start).   I will introduce each topic with a couple of sentences (less than 1 min) and will open it for discussion to the panel.   We have chosen three major topics (below)—core curriculum principles, program design, and industry relevance—and have approximately 40 min per topic (including questions and comments from the audience).


Discussion Topics:

  • Core curriculum principles: What are the core principles of a cyber security curriculum? Except for cryptology this is an open question. All agree that securing today’s complex and interconnected socio-technical systems (defense, finance, healthcare, social networks, voting, critical infrastructure, etc.) requires not just technical but also social, legal, regulatory knowledge. How do we include these aspects without watering down the technical core?
  • Program design: How should we shape the curriculum and more generally the education at the professional and research level?  When is an integrative/intrinsic approach, i.e. cyber security concentrations in the existing degrees, and when is an extrinsic, i.e. creating new degrees in information security/assurance better suited.
  • Industry relevance: How are industry needs factored into the curriculum so that students are well versed in current technologies without compromising academic preparation for training in the latest technology fads?

Outcomes: The ultimate goal of the roundtable is that, as we address each of the discussion topics, we aim at

  • producing ideas on evolving the core knowledge and curriculum; and
  • suggesting next steps for effective collaboration (e.g. workshops/symposium series, co-teaching, repositories of teaching materials, data, tools, videos, games, simulations, etc. )

The field is so broad that it is next to impossible for a single institution to develop strengths in all aspects.  Typically all programs include crypto, network security, digital forensics and some electives (e.g. biometrics, policies and procedures) depending on faculty interests. Finding effective ways to collaborate has the potential of enriching the programs.