Posts tagged ‘cybersecurity’

Why don’t high schools teach CS: It’s the lack of teachers, but it’s way more than that (Miranda Parker’s dissertation)

Back in October, I posted here about Miranda Parker’s defense. Back then, I tried to summarize all of Miranda’s work as a doctoral student in one sentence:

Readers of this blog will know Miranda from her guest blog post on the Google-Gallup polls, her development of SCS1 as a replication of a multi-lingual and validated measure of CS1 knowledge, the study she did of teacher-student differences in using ebooks, and her work exploring the role of spatial reasoning to relate SES and CS performance (work that was part of her dissertation study).

That was a seriously run-on sentence for an impressive body of work.

On Friday, December 13, I had the great honor of placing an academic hood on Dr. Parker*.

I haven’t really talked too much about Miranda’s dissertation findings yet. I really want to, but I also don’t want to steal the thunder from her future publications. So, with her permission, I’m going to just summarize some of my favorite parts.

First, Miranda built several regression models to explain Georgia high schools teaching computer science in 2016. I predicted way back at her proposal that the biggest factor would be wealth — wealthy schools would teach CS and poorer schools wouldn’t. I was wrong. Yes, that’s a statistically significant factor, but it doesn’t explain much.

The biggest factor is…teaching computer science in 2015. Schools that taught CS in 2015 were many times more likely to be teaching in 2016. Schools have to get started! Hadi Partovi made this argument to me once, that getting started in schools was the biggest part of the battle. Miranda’s model supports his argument. There’s much more to the story, but that’s the biggest takeaway for me on the quantitative analysis.

But her model only explains a bit over 50% of the variance. What explains the rest? We figured that there would be many different factors. To make it manageable, Miranda chose just four high schools to study as case studies where she did multiple interviews. All four of the schools were predicted by her best model to teach computer science, but none of the did.

Yes, as you’d expect, access to a teacher is the biggest factor, but it’s not as simple as just deciding to hire a CS teacher or train an existing teacher to teach CS. For example, one principal laid out for Miranda who could teach CS and who would take their class, and how to fill that gap in the schedule, and so on. In the end, he had a choice of offering choir or offering CS. There were students in choir. CS was a gamble. It wasn’t even a hard decision for that principal.

Here is the story that most surprised me. At two of the schools Miranda studied, they teach lots of cyber security classes, but no computer science. As you would expect, there was a good bit of CS content in the cybersecurity classes. They had the teachers. Why not then teach CS, too?

Because both of these schools were near Fort Gordon which has a huge cybersecurity district. Cybersecurity is a community value. It’s a sure thing when it comes to getting a job. What’s “computer science” in comparison?

In my opinion, there is nothing like Miranda’s study in the whole world. There are the terrific Roehampton reports that give us a quantitative picture about CS in all of England. There are great qualitative studies like Stuck in the Shallow End that tell us what’s going on in high schools. Miranda did both and connected them — the large scale quantitative analysis, and then used that to pick four interesting high schools to dig into for qualitative analysis. It’s a story specific to Georgia, and each US state is going to be a different story. But it’s a whole state, the right level of analysis in the US. It’s a fascinating story, and I’m proud that she pulled it off.

Keep an eye out for her publications about this work over the next couple years.

* By the way, Dr. Parker is currently on the academic job market.

December 16, 2019 at 8:00 am 8 comments

How do we create cyberattack defenders?

 

Roger Schank (famous AI and cognitive science researcher, the guy who coined the term “learning sciences”) is putting his expertise to the task of creating cyberattack defenders.  The description of his process (linked below) is interesting.  It has all the hallmarks of his work — innovative, informed by research, driven by concrete tasks.  Notice the strong claim that I quoted below.  We shouldn’t be aiming for general cyber attack defense skills.  These skills are going to be industry-by-industry specific.  He’s directly informed by the research that suggests that these skills are unlikely to generalize.

One of the big questions is: where are we going to get the students?  How do we recruit students into this kind of program?

How can we help? The cyber attack course Socratic Arts is building for the DOD will be modified to make the projects specific to particular industries. The banks’ problems are obvious: hackers might want to steal money. Pharma’s problems are obvious: hackers might want to steal secrets. We intend to put out versions of our cyber attack course for each industry. These courses will take 6 months for a student to complete. We are not interested in giving an overview in the typical one week course that is no more than an intro. We want to train real cyber attackers who can help. The only way to learn is by practice (with advice). That’s how you learn to ride a bike and that’s how you learn to do anything.

Source: Cyber Attack Academy

May 24, 2017 at 7:00 am 1 comment

Cybersecurity as a motivation for drawing high schoolers into CS

We’ve talked about the UK and the US worrying about having enough cyberwarriors to deal with future cybersecurity issues.  CMU is helping to build a game to entice high school students into computing, with cybersecurity as the focus.

Carnegie Mellon University and one of the government’s top spy agencies want to interest high school students in a game of computer hacking.

Their goal with “Toaster Wars” is to cultivate the nation’s next generation of cyber warriors in offensive and defensive strategies. The free, online “high school hacking competition” is scheduled to run from April 26 to May 6, and any U.S. student or team in grades six through 12 can apply and participate.

David Brumley, professor of computer science at Carnegie Mellon, said the game is designed to be fun and challenging, but he hopes participants come to see computer security as an excellent career choice.

via Carnegie Mellon, NSA seek high school hackers – Yahoo! News.

March 28, 2013 at 1:37 am Leave a comment

CERIAS: Some thoughts on “cybersecurity” professionalization and education

Relates to the issue of when an employee needs college, and when they don’t.  For Cybersecurity, they do.  Relates to the growing needs in cybersecurity in the UK and in the US.

Too many (current) educational programs stress only the technology — and many others include significant technology training components — because of pressure by outside entities, rather than a full spectrum of education and skills. We have a real shortage of people who have any significant insight into the scope of application of policy, management, law, economics, psychology and the like to cybersecurity, although arguably, those are some of the problems most obvious to those who have the long view. (BTW, that is why CERIAS was founded 15 years including faculty in nearly 20 academic departments: “cybersecurity” is not solely a technology issue; this has been recognized by several other universities that are treating it more holistically.) These other skill areas often require deeper education and repetition of exercises involving abstract thought. It seems that not as many people are naturally capable of mastering these skills. The primary means we use to designate mastery is through postsecondary degrees, although their exact meaning does vary based on the granting institution.

via CERIAS : Some thoughts on “cybersecurity” professionalization and education.

March 25, 2013 at 1:40 am Leave a comment

IT skills shortage hampers UK response to cybersecurity needs

From the US yesterday to the UK today, there’s a similar theme connecting computing education and cybersecurity. Maybe the next round of government investment in computing education is going to happen with a goal of providing more warriors (and defenders) in the cybersecurity wars.  The UK is worried (below) that the lack of computing education in schools means that not enough kids are getting interested in computing to work in cybersecurity.

A new report by the National Audit Office claims the IT security skills gap will take up to 20 years to close, and leave UK PLC at risk of attack.

The IT security skills shortage could hamper the UK’s ability to protect itself from cyber threats, as the “decade-long decline” in computer science teaching in schools and universities takes its toll.

via IT skills shortage hampers UK response to cyber threats | IT PRO.

March 1, 2013 at 1:28 am 4 comments

IT Research Hearing Focuses on Security and Computing Education

A congressional committee heard about the importance of computing research, and what the committee members responded with was a need for more cyber-security and more computing education.

Lazowska spoke about the NITRD program’s history and the role of computing in the US economy. He showed an NRC chart on research and IT sectors with billion dollar markets. Lazowska also talked about the need to integrate security into the building of systems and not added on at the end as a defensive measure when questioned about cybersecurity by Congressman Steven Stockman R-TX. Stockman, who credits support from the fiscally-conservative Tea Party for his election, had the quote of the hearing, when after having pressed Lazowska for an order-of-magnitude estimate on how much additional investment in fundamental cyber security research would move the needle seemed surprised that the number PITAC requested back in 2005 was “only” $90 million. “Well, I’m interested in getting you billions, not millions,” he said, indicating he was very concerned about the U.S. vulnerability to cyber attack.The Subcommittee members were very interested in how to tackle the education problem in computing as well as how they could help researchers address cybersecurity moving forward.

via IT Research Hearing Focuses on Security, Education.

February 28, 2013 at 1:26 am 6 comments

NSA Built Stuxnet, but Real Trick Is Building Crew of Hackers – US News and World Report

If the reporter really understood NSA’s strategies for building up their cybersecurity workforce, they would said “personpower” instead of “manpower.”  NSA is a big supporter of the Anita Borg Institute and the Grace Hopper Conference.  They recognize that they’ll need women to help fill those cybersecurity ranks.

When Stuxnet—a massive computer worm that damaged a uranium enrichment plant in Iran—was discovered in 2010, cybersecurity experts marveled at its intricacy and power.

But maybe just as impressive as the exploit itself was the fact that the National Security Administration was able to find the manpower needed to design the attack.

That’s because the NSA, CIA, the Army’s Cyber Command, and private companies are quickly learning there aren’t enough cybersecurity experts steeped in the skills needed to wage cyberwarfare.

Experts have suggested that the United States government will need to hire at least 10,000 cybersecurity experts over the next several years, while the private sector will need even more. While most of those jobs are in defense, there’s also a growing need for people who are able to hack into complicated networks.

via NSA Built Stuxnet, but Real Trick Is Building Crew of Hackers – US News and World Report.

February 1, 2013 at 1:20 am 3 comments


Enter your email address to follow this blog and receive notifications of new posts by email.

Join 10,184 other subscribers

Feeds

Recent Posts

Blog Stats

  • 2,054,191 hits
March 2023
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

CS Teaching Tips