SlideShare a Scribd company logo

Software Security Education at Scale

Download as PPTX, PDF
Chris Theisen
Chris Theisen

The document discusses research into scaling software security education online to help retrain professionals in the workforce. It describes flipping a university class into online video lectures and using the videos to create an online course. The research questions examine why software engineers enrolled, how their performance compared to university students, and feedback on the online format. Challenges discussed include technical issues, varying participant backgrounds, and underestimating time commitments. Improving future courses involves addressing these challenges, iterating based on lessons learned, and exploring additional online platforms.

Education
1 of 15
Software Security Education At Scale Chris Theisen, Laurie Williams, Emerson Murphy-Hill, Kevin Oliver {crtheise, lawilli3, emurph3, kevin_oliver}@ncsu.edu North Carolina State University National Science Foundation Grant Number 4900-1318428.
Introduction • Cisco 2014 Annual Security Report: Worldwide shortage of 1 million security professionals • Educating students is no longer enough! • How do we help retrain people who are currently in the workforce? 2Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Solution: Online Coursework 3Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
“Flipping” A University Class • Students watch video lectures, listen to Silver Bullet Podcast before the class takes place, take a quiz • Class time devoted to exercises, discussion, etc. • Videos can then be reused for online course 4Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
5
6
Research Questions • RQ1: Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 7Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Research Questions • RQ1: Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 8Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Time Commitment 9Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • For students: even asking 2-3 hours a week is a lot. • Specific assignment deadlines should be relaxed. • For instructors: Take your first guess, double it. • Video editing, message boards, technical problems, email, language barriers, etc…
Technical Issues 10Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Issues with Course Builder – Quizzes stopped working night before we launched – Slow response times of the site itself – Fixed in latest version • Peer review project had to be scrapped – Should have required it be complete before course launched
Consider Your Audience 11Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Wider spread of participants means… – Can’t assume background knowledge • Participants included: – Administrative assistant working with sec. professionals – High school teacher teaching a CS class with minimal background
Discussion Video 12Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Iterate and Improve 13Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Rerun the online course (tentatively this fall) • OpenEDx, new Google Course Builder…? • Better idea of what works/what doesn’t for videos • Professionally shot videos for lectures/discussion
14
Conclusion 15Introduction | Methodology | Lessons Learned | Next Steps | Conclusion @crtheisen crtheise@ncsu.edu theisencr.github.io

Recommended

Developing Support Skills in Student Workers
Developing Support Skills in Student WorkersDeveloping Support Skills in Student Workers
Developing Support Skills in Student WorkersJeremy Anderson
 
NCASA
NCASANCASA
NCASACraven Community College
 
Video assignments - managing large submission files using Blackboard and Plan...
Video assignments - managing large submission files using Blackboard and Plan...Video assignments - managing large submission files using Blackboard and Plan...
Video assignments - managing large submission files using Blackboard and Plan...Chris Boon
 
Anna Levick, New College Pontefract alternative approaches to assessing & p...
Anna Levick, New College Pontefract alternative approaches to assessing & p...Anna Levick, New College Pontefract alternative approaches to assessing & p...
Anna Levick, New College Pontefract alternative approaches to assessing & p...JISC Regional Support Centre
 
Jisc M@1 Presentation V2
Jisc M@1 Presentation V2Jisc M@1 Presentation V2
Jisc M@1 Presentation V2HAROLDFRICKER
 
Impact of COVID-19 on Education
Impact of COVID-19 on EducationImpact of COVID-19 on Education
Impact of COVID-19 on EducationHarisRiaz25
 
If Dle Is The Answer What Is The Question
If Dle Is The Answer What Is The QuestionIf Dle Is The Answer What Is The Question
If Dle Is The Answer What Is The Questionlegal5
 
E learning
E learningE learning
E learningFarid Ahmad
 

Recommended

Developing Support Skills in Student Workers
Developing Support Skills in Student WorkersDeveloping Support Skills in Student Workers
Developing Support Skills in Student WorkersJeremy Anderson
 
NCASA
NCASANCASA
NCASACraven Community College
 
Video assignments - managing large submission files using Blackboard and Plan...
Video assignments - managing large submission files using Blackboard and Plan...Video assignments - managing large submission files using Blackboard and Plan...
Video assignments - managing large submission files using Blackboard and Plan...Chris Boon
 
Anna Levick, New College Pontefract alternative approaches to assessing & p...
Anna Levick, New College Pontefract alternative approaches to assessing & p...Anna Levick, New College Pontefract alternative approaches to assessing & p...
Anna Levick, New College Pontefract alternative approaches to assessing & p...JISC Regional Support Centre
 
Jisc M@1 Presentation V2
Jisc M@1 Presentation V2Jisc M@1 Presentation V2
Jisc M@1 Presentation V2HAROLDFRICKER
 
Impact of COVID-19 on Education
Impact of COVID-19 on EducationImpact of COVID-19 on Education
Impact of COVID-19 on EducationHarisRiaz25
 
If Dle Is The Answer What Is The Question
If Dle Is The Answer What Is The QuestionIf Dle Is The Answer What Is The Question
If Dle Is The Answer What Is The Questionlegal5
 
E learning
E learningE learning
E learningFarid Ahmad
 
Planning for Technology Integration in the Classroom
Planning for Technology Integration in the ClassroomPlanning for Technology Integration in the Classroom
Planning for Technology Integration in the ClassroomTheophilus1213
 
Formative assessment
Formative assessmentFormative assessment
Formative assessmentmstephens66
 
Capilano U - Why use screencasting?
Capilano U - Why use screencasting?Capilano U - Why use screencasting?
Capilano U - Why use screencasting?Brian Bailey
 
Technology Infusion Presentation
Technology Infusion PresentationTechnology Infusion Presentation
Technology Infusion Presentationbbeach84
 
PowerPoint Show
PowerPoint ShowPowerPoint Show
PowerPoint ShowVideoguy
 
E assessment
E assessmentE assessment
E assessmentMad Buny
 
Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...William Welder
 
Edu 225 week 7 assignment benchmark
Edu 225 week 7 assignment benchmarkEdu 225 week 7 assignment benchmark
Edu 225 week 7 assignment benchmarkben george
 
E portfolio presentation
E portfolio presentationE portfolio presentation
E portfolio presentationTalal Alhashemi
 
Unit 1:Defining the Field
Unit 1:Defining the FieldUnit 1:Defining the Field
Unit 1:Defining the FieldBrenda Carmon
 
Posing questions and addressing challenges about e learning
Posing questions and addressing challenges about e learningPosing questions and addressing challenges about e learning
Posing questions and addressing challenges about e learningAndrew Fluck
 
Cs 643 syllabus
Cs 643 syllabusCs 643 syllabus
Cs 643 syllabusSuneetha Prabhu
 
Model Technology Enhanced Classrooms
Model Technology Enhanced ClassroomsModel Technology Enhanced Classrooms
Model Technology Enhanced ClassroomsBCcampus
 
Instructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Instructional Analysis for Emotional Intelligence for EDCI 57500 WebinarInstructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Instructional Analysis for Emotional Intelligence for EDCI 57500 WebinarAlex Criswell, M.A. & M.S. Ed
 
Myron Agyiri
Myron AgyiriMyron Agyiri
Myron AgyiriHandheldLearning
 
Webinar REC:all
Webinar REC:allWebinar REC:all
Webinar REC:allSylvia Moes
 
Mega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital ageMega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital ageJisc
 
Working with iPad Class Sets
Working with iPad Class SetsWorking with iPad Class Sets
Working with iPad Class SetskForgard
 
Using staff and student technology enhanced learning (TEL) narratives to info...
Using staff and student technology enhanced learning (TEL) narratives to info...Using staff and student technology enhanced learning (TEL) narratives to info...
Using staff and student technology enhanced learning (TEL) narratives to info...Jisc
 
Effective Assistive Technology.Bkrd
Effective Assistive Technology.BkrdEffective Assistive Technology.Bkrd
Effective Assistive Technology.BkrdJennifer Courduff
 
Attack Surface Analytics [ISSRE-DSW 15]
Attack Surface Analytics [ISSRE-DSW 15]Attack Surface Analytics [ISSRE-DSW 15]
Attack Surface Analytics [ISSRE-DSW 15]Chris Theisen
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual TestingDenim Group
 

More Related Content

What's hot

Planning for Technology Integration in the Classroom
Planning for Technology Integration in the ClassroomPlanning for Technology Integration in the Classroom
Planning for Technology Integration in the ClassroomTheophilus1213
 
Formative assessment
Formative assessmentFormative assessment
Formative assessmentmstephens66
 
Capilano U - Why use screencasting?
Capilano U - Why use screencasting?Capilano U - Why use screencasting?
Capilano U - Why use screencasting?Brian Bailey
 
Technology Infusion Presentation
Technology Infusion PresentationTechnology Infusion Presentation
Technology Infusion Presentationbbeach84
 
PowerPoint Show
PowerPoint ShowPowerPoint Show
PowerPoint ShowVideoguy
 
E assessment
E assessmentE assessment
E assessmentMad Buny
 
Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...William Welder
 
Edu 225 week 7 assignment benchmark
Edu 225 week 7 assignment benchmarkEdu 225 week 7 assignment benchmark
Edu 225 week 7 assignment benchmarkben george
 
E portfolio presentation
E portfolio presentationE portfolio presentation
E portfolio presentationTalal Alhashemi
 
Unit 1:Defining the Field
Unit 1:Defining the FieldUnit 1:Defining the Field
Unit 1:Defining the FieldBrenda Carmon
 
Posing questions and addressing challenges about e learning
Posing questions and addressing challenges about e learningPosing questions and addressing challenges about e learning
Posing questions and addressing challenges about e learningAndrew Fluck
 
Model Technology Enhanced Classrooms
Model Technology Enhanced ClassroomsModel Technology Enhanced Classrooms
Model Technology Enhanced ClassroomsBCcampus
 
Instructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Instructional Analysis for Emotional Intelligence for EDCI 57500 WebinarInstructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Instructional Analysis for Emotional Intelligence for EDCI 57500 WebinarAlex Criswell, M.A. & M.S. Ed
 
Mega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital ageMega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital ageJisc
 
Working with iPad Class Sets
Working with iPad Class SetsWorking with iPad Class Sets
Working with iPad Class SetskForgard
 
Using staff and student technology enhanced learning (TEL) narratives to info...
Using staff and student technology enhanced learning (TEL) narratives to info...Using staff and student technology enhanced learning (TEL) narratives to info...
Using staff and student technology enhanced learning (TEL) narratives to info...Jisc
 
Effective Assistive Technology.Bkrd
Effective Assistive Technology.BkrdEffective Assistive Technology.Bkrd
Effective Assistive Technology.BkrdJennifer Courduff
 

What's hot (20)

Planning for Technology Integration in the Classroom
Planning for Technology Integration in the ClassroomPlanning for Technology Integration in the Classroom
Planning for Technology Integration in the Classroom
 
Formative assessment
Formative assessmentFormative assessment
Formative assessment
 
Capilano U - Why use screencasting?
Capilano U - Why use screencasting?Capilano U - Why use screencasting?
Capilano U - Why use screencasting?
 
Technology Infusion Presentation
Technology Infusion PresentationTechnology Infusion Presentation
Technology Infusion Presentation
 
PowerPoint Show
PowerPoint ShowPowerPoint Show
PowerPoint Show
 
E assessment
E assessmentE assessment
E assessment
 
Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...
 
Edu 225 week 7 assignment benchmark
Edu 225 week 7 assignment benchmarkEdu 225 week 7 assignment benchmark
Edu 225 week 7 assignment benchmark
 
E portfolio presentation
E portfolio presentationE portfolio presentation
E portfolio presentation
 
Unit 1:Defining the Field
Unit 1:Defining the FieldUnit 1:Defining the Field
Unit 1:Defining the Field
 
Posing questions and addressing challenges about e learning
Posing questions and addressing challenges about e learningPosing questions and addressing challenges about e learning
Posing questions and addressing challenges about e learning
 
Cs 643 syllabus
Cs 643 syllabusCs 643 syllabus
Cs 643 syllabus
 
Model Technology Enhanced Classrooms
Model Technology Enhanced ClassroomsModel Technology Enhanced Classrooms
Model Technology Enhanced Classrooms
 
Instructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Instructional Analysis for Emotional Intelligence for EDCI 57500 WebinarInstructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Instructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
 
Myron Agyiri
Myron AgyiriMyron Agyiri
Myron Agyiri
 
Webinar REC:all
Webinar REC:allWebinar REC:all
Webinar REC:all
 
Mega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital ageMega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital age
 
Working with iPad Class Sets
Working with iPad Class SetsWorking with iPad Class Sets
Working with iPad Class Sets
 
Using staff and student technology enhanced learning (TEL) narratives to info...
Using staff and student technology enhanced learning (TEL) narratives to info...Using staff and student technology enhanced learning (TEL) narratives to info...
Using staff and student technology enhanced learning (TEL) narratives to info...
 
Effective Assistive Technology.Bkrd
Effective Assistive Technology.BkrdEffective Assistive Technology.Bkrd
Effective Assistive Technology.Bkrd
 

Viewers also liked

Attack Surface Analytics [ISSRE-DSW 15]
Attack Surface Analytics [ISSRE-DSW 15]Attack Surface Analytics [ISSRE-DSW 15]
Attack Surface Analytics [ISSRE-DSW 15]Chris Theisen
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual TestingDenim Group
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementCodenomicon
 
Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Chris Theisen
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackImperva
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Yuji Kosuga
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityImperva Incapsula
 
Autonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and DefenseAutonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and DefensePriyanka Aash
 
Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012DefCamp
 
DefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network securityDefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network securityDefCamp
 
Automated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksAutomated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksLionel Briand
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceAlienVault
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitecturePriyanka Aash
 

Viewers also liked (13)

Attack Surface Analytics [ISSRE-DSW 15]
Attack Surface Analytics [ISSRE-DSW 15]Attack Surface Analytics [ISSRE-DSW 15]
Attack Surface Analytics [ISSRE-DSW 15]
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day Management
 
Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
Autonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and DefenseAutonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and Defense
 
Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012
 
DefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network securityDefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network security
 
Automated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksAutomated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection Attacks
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat Intelligence
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response Architecture
 

Similar to Software Security Education at Scale

Sims.cur532.asynchronoustrainingprogram.week6
Sims.cur532.asynchronoustrainingprogram.week6Sims.cur532.asynchronoustrainingprogram.week6
Sims.cur532.asynchronoustrainingprogram.week6Becki Dwyer Sims
 
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...sondramilkie
 
ITC12 Five Effective Practices for eLearning Professional Development
ITC12 Five Effective Practices for eLearning Professional DevelopmentITC12 Five Effective Practices for eLearning Professional Development
ITC12 Five Effective Practices for eLearning Professional DevelopmentBarry Dahl
 
6b. sample of a study guide
6b. sample of a study guide6b. sample of a study guide
6b. sample of a study guideGambari Isiaka
 
ITLA Presentation at AACTE 2013
ITLA Presentation at AACTE 2013ITLA Presentation at AACTE 2013
ITLA Presentation at AACTE 2013Boakes, Norma
 
Online Onboarding: Increasing the efficiency and effectiveness of library wor...
Online Onboarding: Increasing the efficiency and effectiveness of library wor...Online Onboarding: Increasing the efficiency and effectiveness of library wor...
Online Onboarding: Increasing the efficiency and effectiveness of library wor...Dr. Monica D.T. Rysavy
 
Mini_Project_Modified_WBBM_Proposal_Presentation.pptx
Mini_Project_Modified_WBBM_Proposal_Presentation.pptxMini_Project_Modified_WBBM_Proposal_Presentation.pptx
Mini_Project_Modified_WBBM_Proposal_Presentation.pptxMELVINTAURO201112
 
Instructional Designer Support Model Faculty Development Model - Competency-B...
Instructional Designer Support Model Faculty Development Model - Competency-B...Instructional Designer Support Model Faculty Development Model - Competency-B...
Instructional Designer Support Model Faculty Development Model - Competency-B...Becky Lopanec
 
E-lives Good Practies Summary
E-lives Good Practies Summary E-lives Good Practies Summary
E-lives Good Practies Summary Manuel Castro
 
Defining future learning - the City of Wolverhampton College way
Defining future learning - the City of Wolverhampton College wayDefining future learning - the City of Wolverhampton College way
Defining future learning - the City of Wolverhampton College wayJisc
 
How to maximise your survey response rates webinar 4 march 2020 vr3
How to maximise your survey response rates webinar 4 march 2020 vr3How to maximise your survey response rates webinar 4 march 2020 vr3
How to maximise your survey response rates webinar 4 march 2020 vr3jisc_digital_insights
 
IHC Faculty Development Program Plan AY 2013-14
IHC Faculty Development Program Plan AY 2013-14IHC Faculty Development Program Plan AY 2013-14
IHC Faculty Development Program Plan AY 2013-14Michael Dobe, Ph.D.
 

Similar to Software Security Education at Scale (20)

It traning program
It traning programIt traning program
It traning program
 
Sims.cur532.asynchronoustrainingprogram.week6
Sims.cur532.asynchronoustrainingprogram.week6Sims.cur532.asynchronoustrainingprogram.week6
Sims.cur532.asynchronoustrainingprogram.week6
 
E learning ns mani
E learning ns maniE learning ns mani
E learning ns mani
 
Course (Re)design
Course (Re)designCourse (Re)design
Course (Re)design
 
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
 
ITC12 Five Effective Practices for eLearning Professional Development
ITC12 Five Effective Practices for eLearning Professional DevelopmentITC12 Five Effective Practices for eLearning Professional Development
ITC12 Five Effective Practices for eLearning Professional Development
 
Sad planning phase
Sad planning phaseSad planning phase
Sad planning phase
 
6b. sample of a study guide
6b. sample of a study guide6b. sample of a study guide
6b. sample of a study guide
 
ITLA Presentation at AACTE 2013
ITLA Presentation at AACTE 2013ITLA Presentation at AACTE 2013
ITLA Presentation at AACTE 2013
 
Online Onboarding: Increasing the efficiency and effectiveness of library wor...
Online Onboarding: Increasing the efficiency and effectiveness of library wor...Online Onboarding: Increasing the efficiency and effectiveness of library wor...
Online Onboarding: Increasing the efficiency and effectiveness of library wor...
 
Project template
Project templateProject template
Project template
 
Mini_Project_Modified_WBBM_Proposal_Presentation.pptx
Mini_Project_Modified_WBBM_Proposal_Presentation.pptxMini_Project_Modified_WBBM_Proposal_Presentation.pptx
Mini_Project_Modified_WBBM_Proposal_Presentation.pptx
 
Instructional Designer Support Model Faculty Development Model - Competency-B...
Instructional Designer Support Model Faculty Development Model - Competency-B...Instructional Designer Support Model Faculty Development Model - Competency-B...
Instructional Designer Support Model Faculty Development Model - Competency-B...
 
E-lives Good Practies Summary
E-lives Good Practies Summary E-lives Good Practies Summary
E-lives Good Practies Summary
 
Defining future learning - the City of Wolverhampton College way
Defining future learning - the City of Wolverhampton College wayDefining future learning - the City of Wolverhampton College way
Defining future learning - the City of Wolverhampton College way
 
Basics of e learning
Basics of e learningBasics of e learning
Basics of e learning
 
Flipped class collaborative learning-kaliappan-rit
Flipped class collaborative learning-kaliappan-ritFlipped class collaborative learning-kaliappan-rit
Flipped class collaborative learning-kaliappan-rit
 
How to maximise your survey response rates webinar 4 march 2020 vr3
How to maximise your survey response rates webinar 4 march 2020 vr3How to maximise your survey response rates webinar 4 march 2020 vr3
How to maximise your survey response rates webinar 4 march 2020 vr3
 
Itec410 lec01
Itec410 lec01Itec410 lec01
Itec410 lec01
 
IHC Faculty Development Program Plan AY 2013-14
IHC Faculty Development Program Plan AY 2013-14IHC Faculty Development Program Plan AY 2013-14
IHC Faculty Development Program Plan AY 2013-14
 

More from Chris Theisen

Public Key Cryptosystems and RSA
Public Key Cryptosystems and RSAPublic Key Cryptosystems and RSA
Public Key Cryptosystems and RSAChris Theisen
 
Metrics for Security Effort Prioritization
Metrics for Security Effort PrioritizationMetrics for Security Effort Prioritization
Metrics for Security Effort PrioritizationChris Theisen
 
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...Chris Theisen
 
Prioritizing Security Efforts with a Risk-Based Attack Surface Approximation
Prioritizing Security Efforts with a Risk-Based Attack Surface ApproximationPrioritizing Security Efforts with a Risk-Based Attack Surface Approximation
Prioritizing Security Efforts with a Risk-Based Attack Surface ApproximationChris Theisen
 
Science of Security Industry Day - October 2015
Science of Security Industry Day - October 2015Science of Security Industry Day - October 2015
Science of Security Industry Day - October 2015Chris Theisen
 
Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]Chris Theisen
 

More from Chris Theisen (6)

Public Key Cryptosystems and RSA
Public Key Cryptosystems and RSAPublic Key Cryptosystems and RSA
Public Key Cryptosystems and RSA
 
Metrics for Security Effort Prioritization
Metrics for Security Effort PrioritizationMetrics for Security Effort Prioritization
Metrics for Security Effort Prioritization
 
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...
 
Prioritizing Security Efforts with a Risk-Based Attack Surface Approximation
Prioritizing Security Efforts with a Risk-Based Attack Surface ApproximationPrioritizing Security Efforts with a Risk-Based Attack Surface Approximation
Prioritizing Security Efforts with a Risk-Based Attack Surface Approximation
 
Science of Security Industry Day - October 2015
Science of Security Industry Day - October 2015Science of Security Industry Day - October 2015
Science of Security Industry Day - October 2015
 
Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]
 

Recently uploaded

Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxleah joy valeriano
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 

Recently uploaded (20)

Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 

Software Security Education at Scale

  • 1. Software Security Education At Scale Chris Theisen, Laurie Williams, Emerson Murphy-Hill, Kevin Oliver {crtheise, lawilli3, emurph3, kevin_oliver}@ncsu.edu North Carolina State University National Science Foundation Grant Number 4900-1318428.
  • 2. Introduction • Cisco 2014 Annual Security Report: Worldwide shortage of 1 million security professionals • Educating students is no longer enough! • How do we help retrain people who are currently in the workforce? 2Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 3. Solution: Online Coursework 3Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 4. “Flipping” A University Class • Students watch video lectures, listen to Silver Bullet Podcast before the class takes place, take a quiz • Class time devoted to exercises, discussion, etc. • Videos can then be reused for online course 4Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 5. 5
  • 6. 6
  • 7. Research Questions • RQ1: Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 7Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 8. Research Questions • RQ1: Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 8Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 9. Time Commitment 9Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • For students: even asking 2-3 hours a week is a lot. • Specific assignment deadlines should be relaxed. • For instructors: Take your first guess, double it. • Video editing, message boards, technical problems, email, language barriers, etc…
  • 10. Technical Issues 10Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Issues with Course Builder – Quizzes stopped working night before we launched – Slow response times of the site itself – Fixed in latest version • Peer review project had to be scrapped – Should have required it be complete before course launched
  • 11. Consider Your Audience 11Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Wider spread of participants means… – Can’t assume background knowledge • Participants included: – Administrative assistant working with sec. professionals – High school teacher teaching a CS class with minimal background
  • 12. Discussion Video 12Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 13. Iterate and Improve 13Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Rerun the online course (tentatively this fall) • OpenEDx, new Google Course Builder…? • Better idea of what works/what doesn’t for videos • Professionally shot videos for lectures/discussion
  • 14. 14
  • 15. Conclusion 15Introduction | Methodology | Lessons Learned | Next Steps | Conclusion @crtheisen crtheise@ncsu.edu theisencr.github.io

Editor's Notes

  1. Michael Brown, CEO of Symantec, says that shortfall could increase up to 1.5 million by 2019.
  2. Online classwork and MOOCs have emerged as one way to train busy professionals. Typically taken at your own pace or at a relaxed pace compared to usual coursework Can take the courses from your couch, no brick-and-mortar requirements
  3. “Flipping” a course The question; how do the two courses compare? Exact same for both offerings for online and in-person
  4. The syllabus for the course. Course is about security management and prevention, with an introduction to specific types of exploits More about prevention than exploitation Not a crypto class
  5. Google Coursebuilder, running on google app engine (circa late 2014, been updated since) Quizzes via Google Forms (built in quiz functionality broke, more on that later) Navigate via next page Embedded videos and quizzes
  6. Going to focus on RQ3 for this talk, preview RQ1 and RQ2: RQ1: Variety of reasons, slight bias toward retraining/filling in gaps Interesting participants: high school teacher who was dropped into teaching a computer science course, and administrative assistant who works with security professionals RQ2: 450 people signed up online, 60 finished. 120 signed up for NCSU course, 115 finished. Compared both sets of students on common multiple choice; online students performed about 10% worse than the brick-and-mortar students
  7. Going to focus on RQ3 for this talk, preview RQ1 and RQ2: RQ1: Variety of reasons, slight bias toward retraining/filling in gaps Interesting participants: high school teacher who was dropped into teaching a computer science course, and administrative assistant who works with security professionals RQ2: 450 people signed up online, 60 finished. 120 signed up for NCSU course, 115 finished. Compared both sets of students on common multiple choice; online students performed about 10% worse than the brick-and-mortar students
  8. Most frequently quoted reason for dropping out: not enough time to complete. Even though we specifically set out to set the bar as low as we could! By relaxing assignment deadlines, we helped improve retention. Estimation of effort is always hard. We were warned it would take more time than we thought, tried to overestimate, STILL wasn’t enough. Death by a thousand cuts: so many individual things adds up to a lot of time. Also means that divide and conquer could work well.
  9. One of the biggest timesinks was dealing with pop up technical issues. Quizzes weren’t retaining scores the night before we launched, slowness on App Engine was a constant issue (Some of this is apparently resolved in the newer version, but scalability testing before your launch is important, even for a smaller course). We had a peer review project component being run by another group, but group didn’t finish until right before the week we were going to launch it; launch had a ton of problems ended up having to scrap it. Not a good look from a PR perspective, plus a huge headache
  10. Interesting participants: high school teacher who was dropped into teaching a computer science course, and administrative assistant who works with security professionals How do we consider these folks when designing our lectures and assignments? Can’t make the same assumptions about prior knowledge
  11. (Video starts automatically, plays silently, I talk over it and explain what’s going on, since we can’t guarantee sound in presentations) One of the things that worked great: videos about current events in software security! Example topics: walking through breaches, how they happened, how they could have been prevented, what they’re doing now Discussed Heartbleed, Home Depot breach, the White House breach We always had something to discuss! This was the most well received part of the course, quote: “I felt like the discussion videos made it more of a personal experience”
  12. So what’s next? We’re running the course again this fall. Moving to OpenEDx or the new iteration of Coursebuilder We have a better idea on what works/what doesn’t and will incorporate the lessons learned into the new course Videos will be professionally shot, rather than by us.
  13. Course is also running on-demand on DigitalChalk Can take it for a certificate or just for knowledge Targeted towards corporate group buys of the course
  14. Here’s my contact info, thanks for coming, any questions? 