SlideShare a Scribd company logo

Software Security Education at Scale

Download as PPTX, PDF
Chris Theisen
Chris Theisen

The document discusses research into scaling software security education online to help retrain professionals in the workforce. It describes flipping a university class into online video lectures and using the videos to create an online course. The research questions examine why software engineers enrolled, how their performance compared to university students, and feedback on the online format. Challenges discussed include technical issues, varying participant backgrounds, and underestimating time commitments. Improving future courses involves addressing these challenges, iterating based on lessons learned, and exploring additional online platforms.

Education
1 of 15
Software Security Education At Scale Chris Theisen, Laurie Williams, Emerson Murphy-Hill, Kevin Oliver {crtheise, lawilli3, emurph3, kevin_oliver}@ncsu.edu North Carolina State University National Science Foundation Grant Number 4900-1318428.
Introduction • Cisco 2014 Annual Security Report: Worldwide shortage of 1 million security professionals • Educating students is no longer enough! • How do we help retrain people who are currently in the workforce? 2Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Solution: Online Coursework 3Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
“Flipping” A University Class • Students watch video lectures, listen to Silver Bullet Podcast before the class takes place, take a quiz • Class time devoted to exercises, discussion, etc. • Videos can then be reused for online course 4Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
5
6
Research Questions • RQ1: Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 7Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Research Questions • RQ1: Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 8Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Time Commitment 9Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • For students: even asking 2-3 hours a week is a lot. • Specific assignment deadlines should be relaxed. • For instructors: Take your first guess, double it. • Video editing, message boards, technical problems, email, language barriers, etc…
Technical Issues 10Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Issues with Course Builder – Quizzes stopped working night before we launched – Slow response times of the site itself – Fixed in latest version • Peer review project had to be scrapped – Should have required it be complete before course launched
Consider Your Audience 11Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Wider spread of participants means… – Can’t assume background knowledge • Participants included: – Administrative assistant working with sec. professionals – High school teacher teaching a CS class with minimal background
Discussion Video 12Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Iterate and Improve 13Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Rerun the online course (tentatively this fall) • OpenEDx, new Google Course Builder…? • Better idea of what works/what doesn’t for videos • Professionally shot videos for lectures/discussion
14
Conclusion 15Introduction | Methodology | Lessons Learned | Next Steps | Conclusion @crtheisen crtheise@ncsu.edu theisencr.github.io

Recommended

Developing Support Skills in Student Workers
Developing Support Skills in Student WorkersDeveloping Support Skills in Student Workers
Developing Support Skills in Student Workers
Jeremy Anderson
 
NCASA
NCASANCASA
NCASA
Craven Community College
 
Video assignments - managing large submission files using Blackboard and Plan...
Video assignments - managing large submission files using Blackboard and Plan...Video assignments - managing large submission files using Blackboard and Plan...
Video assignments - managing large submission files using Blackboard and Plan...
Chris Boon
 
Anna Levick, New College Pontefract alternative approaches to assessing & p...
Anna Levick, New College Pontefract alternative approaches to assessing & p...Anna Levick, New College Pontefract alternative approaches to assessing & p...
Anna Levick, New College Pontefract alternative approaches to assessing & p...
JISC Regional Support Centre
 
Jisc M@1 Presentation V2
Jisc M@1 Presentation V2Jisc M@1 Presentation V2
Jisc M@1 Presentation V2
HAROLDFRICKER
 
Impact of COVID-19 on Education
Impact of COVID-19 on EducationImpact of COVID-19 on Education
Impact of COVID-19 on Education
HarisRiaz25
 
If Dle Is The Answer What Is The Question
If Dle Is The Answer What Is The QuestionIf Dle Is The Answer What Is The Question
If Dle Is The Answer What Is The Question
legal5
 
E learning
E learningE learning
E learning
Farid Ahmad
 

Recommended

Developing Support Skills in Student Workers
Developing Support Skills in Student WorkersDeveloping Support Skills in Student Workers
Developing Support Skills in Student Workers
Jeremy Anderson
 
NCASA
NCASANCASA
NCASA
Craven Community College
 
Video assignments - managing large submission files using Blackboard and Plan...
Video assignments - managing large submission files using Blackboard and Plan...Video assignments - managing large submission files using Blackboard and Plan...
Video assignments - managing large submission files using Blackboard and Plan...
Chris Boon
 
Anna Levick, New College Pontefract alternative approaches to assessing & p...
Anna Levick, New College Pontefract alternative approaches to assessing & p...Anna Levick, New College Pontefract alternative approaches to assessing & p...
Anna Levick, New College Pontefract alternative approaches to assessing & p...
JISC Regional Support Centre
 
Jisc M@1 Presentation V2
Jisc M@1 Presentation V2Jisc M@1 Presentation V2
Jisc M@1 Presentation V2
HAROLDFRICKER
 
Impact of COVID-19 on Education
Impact of COVID-19 on EducationImpact of COVID-19 on Education
Impact of COVID-19 on Education
HarisRiaz25
 
If Dle Is The Answer What Is The Question
If Dle Is The Answer What Is The QuestionIf Dle Is The Answer What Is The Question
If Dle Is The Answer What Is The Question
legal5
 
E learning
E learningE learning
E learning
Farid Ahmad
 
Planning for Technology Integration in the Classroom
Planning for Technology Integration in the ClassroomPlanning for Technology Integration in the Classroom
Planning for Technology Integration in the Classroom
Theophilus1213
 
Formative assessment
Formative assessmentFormative assessment
Formative assessment
mstephens66
 
Capilano U - Why use screencasting?
Capilano U - Why use screencasting?Capilano U - Why use screencasting?
Capilano U - Why use screencasting?
Brian Bailey
 
Technology Infusion Presentation
Technology Infusion PresentationTechnology Infusion Presentation
Technology Infusion Presentation
bbeach84
 
PowerPoint Show
PowerPoint ShowPowerPoint Show
PowerPoint Show
Videoguy
 
E assessment
E assessmentE assessment
E assessment
Mad Buny
 
Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...
William Welder
 
Edu 225 week 7 assignment benchmark
Edu 225 week 7 assignment benchmarkEdu 225 week 7 assignment benchmark
Edu 225 week 7 assignment benchmark
ben george
 
E portfolio presentation
E portfolio presentationE portfolio presentation
E portfolio presentation
Talal Alhashemi
 
Unit 1:Defining the Field
Unit 1:Defining the FieldUnit 1:Defining the Field
Unit 1:Defining the Field
Brenda Carmon
 
Posing questions and addressing challenges about e learning
Posing questions and addressing challenges about e learningPosing questions and addressing challenges about e learning
Posing questions and addressing challenges about e learning
Andrew Fluck
 
Cs 643 syllabus
Cs 643 syllabusCs 643 syllabus
Cs 643 syllabus
Suneetha Prabhu
 
Model Technology Enhanced Classrooms
Model Technology Enhanced ClassroomsModel Technology Enhanced Classrooms
Model Technology Enhanced Classrooms
BCcampus
 
Instructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Instructional Analysis for Emotional Intelligence for EDCI 57500 WebinarInstructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Instructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Alex Criswell, M.A. & M.S. Ed
 
Myron Agyiri
Myron AgyiriMyron Agyiri
Myron Agyiri
HandheldLearning
 
Webinar REC:all
Webinar REC:allWebinar REC:all
Webinar REC:all
Sylvia Moes
 
Mega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital ageMega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital age
Jisc
 
Working with iPad Class Sets
Working with iPad Class SetsWorking with iPad Class Sets
Working with iPad Class Sets
kForgard
 
Using staff and student technology enhanced learning (TEL) narratives to info...
Using staff and student technology enhanced learning (TEL) narratives to info...Using staff and student technology enhanced learning (TEL) narratives to info...
Using staff and student technology enhanced learning (TEL) narratives to info...
Jisc
 
Effective Assistive Technology.Bkrd
Effective Assistive Technology.BkrdEffective Assistive Technology.Bkrd
Effective Assistive Technology.Bkrd
Jennifer Courduff
 
Attack Surface Analytics [ISSRE-DSW 15]
Attack Surface Analytics [ISSRE-DSW 15]Attack Surface Analytics [ISSRE-DSW 15]
Attack Surface Analytics [ISSRE-DSW 15]
Chris Theisen
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
Denim Group
 

More Related Content

What's hot

Formative assessment
Formative assessmentFormative assessment
Formative assessment
mstephens66
 
Technology Infusion Presentation
Technology Infusion PresentationTechnology Infusion Presentation
Technology Infusion Presentation
bbeach84
 
PowerPoint Show
PowerPoint ShowPowerPoint Show
PowerPoint Show
Videoguy
 
Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...
William Welder
 
Unit 1:Defining the Field
Unit 1:Defining the FieldUnit 1:Defining the Field
Unit 1:Defining the Field
Brenda Carmon
 
Model Technology Enhanced Classrooms
Model Technology Enhanced ClassroomsModel Technology Enhanced Classrooms
Model Technology Enhanced Classrooms
BCcampus
 
Mega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital ageMega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital age
Jisc
 
Effective Assistive Technology.Bkrd
Effective Assistive Technology.BkrdEffective Assistive Technology.Bkrd
Effective Assistive Technology.Bkrd
Jennifer Courduff
 

What's hot (20)

Planning for Technology Integration in the Classroom
Planning for Technology Integration in the ClassroomPlanning for Technology Integration in the Classroom
Planning for Technology Integration in the Classroom
 
Formative assessment
Formative assessmentFormative assessment
Formative assessment
 
Capilano U - Why use screencasting?
Capilano U - Why use screencasting?Capilano U - Why use screencasting?
Capilano U - Why use screencasting?
 
Technology Infusion Presentation
Technology Infusion PresentationTechnology Infusion Presentation
Technology Infusion Presentation
 
PowerPoint Show
PowerPoint ShowPowerPoint Show
PowerPoint Show
 
E assessment
E assessmentE assessment
E assessment
 
Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...Technology Integration in the Classroom - A case study in learning engagement...
Technology Integration in the Classroom - A case study in learning engagement...
 
Edu 225 week 7 assignment benchmark
Edu 225 week 7 assignment benchmarkEdu 225 week 7 assignment benchmark
Edu 225 week 7 assignment benchmark
 
E portfolio presentation
E portfolio presentationE portfolio presentation
E portfolio presentation
 
Unit 1:Defining the Field
Unit 1:Defining the FieldUnit 1:Defining the Field
Unit 1:Defining the Field
 
Posing questions and addressing challenges about e learning
Posing questions and addressing challenges about e learningPosing questions and addressing challenges about e learning
Posing questions and addressing challenges about e learning
 
Cs 643 syllabus
Cs 643 syllabusCs 643 syllabus
Cs 643 syllabus
 
Model Technology Enhanced Classrooms
Model Technology Enhanced ClassroomsModel Technology Enhanced Classrooms
Model Technology Enhanced Classrooms
 
Instructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Instructional Analysis for Emotional Intelligence for EDCI 57500 WebinarInstructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
Instructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
 
Myron Agyiri
Myron AgyiriMyron Agyiri
Myron Agyiri
 
Webinar REC:all
Webinar REC:allWebinar REC:all
Webinar REC:all
 
Mega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital ageMega-metacognition - learning how to learn in a digital age
Mega-metacognition - learning how to learn in a digital age
 
Working with iPad Class Sets
Working with iPad Class SetsWorking with iPad Class Sets
Working with iPad Class Sets
 
Using staff and student technology enhanced learning (TEL) narratives to info...
Using staff and student technology enhanced learning (TEL) narratives to info...Using staff and student technology enhanced learning (TEL) narratives to info...
Using staff and student technology enhanced learning (TEL) narratives to info...
 
Effective Assistive Technology.Bkrd
Effective Assistive Technology.BkrdEffective Assistive Technology.Bkrd
Effective Assistive Technology.Bkrd
 

Viewers also liked

Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
Denim Group
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
Imperva Incapsula
 
Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012
DefCamp
 
DefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network securityDefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network security
DefCamp
 

Viewers also liked (13)

Attack Surface Analytics [ISSRE-DSW 15]
Attack Surface Analytics [ISSRE-DSW 15]Attack Surface Analytics [ISSRE-DSW 15]
Attack Surface Analytics [ISSRE-DSW 15]
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day Management
 
Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
Autonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and DefenseAutonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and Defense
 
Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012
 
DefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network securityDefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network security
 
Automated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksAutomated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection Attacks
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat Intelligence
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response Architecture
 

Similar to Software Security Education at Scale

The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
sondramilkie
 
6b. sample of a study guide
6b. sample of a study guide6b. sample of a study guide
6b. sample of a study guide
Gambari Isiaka
 
E-lives Good Practies Summary
E-lives Good Practies Summary E-lives Good Practies Summary
E-lives Good Practies Summary
Manuel Castro
 
IHC Faculty Development Program Plan AY 2013-14
IHC Faculty Development Program Plan AY 2013-14IHC Faculty Development Program Plan AY 2013-14
IHC Faculty Development Program Plan AY 2013-14
Michael Dobe, Ph.D.
 

Similar to Software Security Education at Scale (20)

It traning program
It traning programIt traning program
It traning program
 
Sims.cur532.asynchronoustrainingprogram.week6
Sims.cur532.asynchronoustrainingprogram.week6Sims.cur532.asynchronoustrainingprogram.week6
Sims.cur532.asynchronoustrainingprogram.week6
 
E learning ns mani
E learning ns maniE learning ns mani
E learning ns mani
 
Course (Re)design
Course (Re)designCourse (Re)design
Course (Re)design
 
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
The Roadmap to Distance Learning Technology: Retooling Traditional Outreach b...
 
ITC12 Five Effective Practices for eLearning Professional Development
ITC12 Five Effective Practices for eLearning Professional DevelopmentITC12 Five Effective Practices for eLearning Professional Development
ITC12 Five Effective Practices for eLearning Professional Development
 
Sad planning phase
Sad planning phaseSad planning phase
Sad planning phase
 
6b. sample of a study guide
6b. sample of a study guide6b. sample of a study guide
6b. sample of a study guide
 
ITLA Presentation at AACTE 2013
ITLA Presentation at AACTE 2013ITLA Presentation at AACTE 2013
ITLA Presentation at AACTE 2013
 
Online Onboarding: Increasing the efficiency and effectiveness of library wor...
Online Onboarding: Increasing the efficiency and effectiveness of library wor...Online Onboarding: Increasing the efficiency and effectiveness of library wor...
Online Onboarding: Increasing the efficiency and effectiveness of library wor...
 
Project template
Project templateProject template
Project template
 
Mini_Project_Modified_WBBM_Proposal_Presentation.pptx
Mini_Project_Modified_WBBM_Proposal_Presentation.pptxMini_Project_Modified_WBBM_Proposal_Presentation.pptx
Mini_Project_Modified_WBBM_Proposal_Presentation.pptx
 
Instructional Designer Support Model Faculty Development Model - Competency-B...
Instructional Designer Support Model Faculty Development Model - Competency-B...Instructional Designer Support Model Faculty Development Model - Competency-B...
Instructional Designer Support Model Faculty Development Model - Competency-B...
 
E-lives Good Practies Summary
E-lives Good Practies Summary E-lives Good Practies Summary
E-lives Good Practies Summary
 
Defining future learning - the City of Wolverhampton College way
Defining future learning - the City of Wolverhampton College wayDefining future learning - the City of Wolverhampton College way
Defining future learning - the City of Wolverhampton College way
 
Basics of e learning
Basics of e learningBasics of e learning
Basics of e learning
 
Flipped class collaborative learning-kaliappan-rit
Flipped class collaborative learning-kaliappan-ritFlipped class collaborative learning-kaliappan-rit
Flipped class collaborative learning-kaliappan-rit
 
How to maximise your survey response rates webinar 4 march 2020 vr3
How to maximise your survey response rates webinar 4 march 2020 vr3How to maximise your survey response rates webinar 4 march 2020 vr3
How to maximise your survey response rates webinar 4 march 2020 vr3
 
Itec410 lec01
Itec410 lec01Itec410 lec01
Itec410 lec01
 
IHC Faculty Development Program Plan AY 2013-14
IHC Faculty Development Program Plan AY 2013-14IHC Faculty Development Program Plan AY 2013-14
IHC Faculty Development Program Plan AY 2013-14
 

More from Chris Theisen

Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]
Chris Theisen
 

More from Chris Theisen (6)

Public Key Cryptosystems and RSA
Public Key Cryptosystems and RSAPublic Key Cryptosystems and RSA
Public Key Cryptosystems and RSA
 
Metrics for Security Effort Prioritization
Metrics for Security Effort PrioritizationMetrics for Security Effort Prioritization
Metrics for Security Effort Prioritization
 
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...
 
Prioritizing Security Efforts with a Risk-Based Attack Surface Approximation
Prioritizing Security Efforts with a Risk-Based Attack Surface ApproximationPrioritizing Security Efforts with a Risk-Based Attack Surface Approximation
Prioritizing Security Efforts with a Risk-Based Attack Surface Approximation
 
Science of Security Industry Day - October 2015
Science of Security Industry Day - October 2015Science of Security Industry Day - October 2015
Science of Security Industry Day - October 2015
 
Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]
 

Recently uploaded

Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 

Recently uploaded (20)

Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 

Software Security Education at Scale

  • 1. Software Security Education At Scale Chris Theisen, Laurie Williams, Emerson Murphy-Hill, Kevin Oliver {crtheise, lawilli3, emurph3, kevin_oliver}@ncsu.edu North Carolina State University National Science Foundation Grant Number 4900-1318428.
  • 2. Introduction • Cisco 2014 Annual Security Report: Worldwide shortage of 1 million security professionals • Educating students is no longer enough! • How do we help retrain people who are currently in the workforce? 2Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 3. Solution: Online Coursework 3Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 4. “Flipping” A University Class • Students watch video lectures, listen to Silver Bullet Podcast before the class takes place, take a quiz • Class time devoted to exercises, discussion, etc. • Videos can then be reused for online course 4Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 5. 5
  • 6. 6
  • 7. Research Questions • RQ1: Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 7Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 8. Research Questions • RQ1: Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 8Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 9. Time Commitment 9Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • For students: even asking 2-3 hours a week is a lot. • Specific assignment deadlines should be relaxed. • For instructors: Take your first guess, double it. • Video editing, message boards, technical problems, email, language barriers, etc…
  • 10. Technical Issues 10Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Issues with Course Builder – Quizzes stopped working night before we launched – Slow response times of the site itself – Fixed in latest version • Peer review project had to be scrapped – Should have required it be complete before course launched
  • 11. Consider Your Audience 11Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Wider spread of participants means… – Can’t assume background knowledge • Participants included: – Administrative assistant working with sec. professionals – High school teacher teaching a CS class with minimal background
  • 12. Discussion Video 12Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 13. Iterate and Improve 13Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Rerun the online course (tentatively this fall) • OpenEDx, new Google Course Builder…? • Better idea of what works/what doesn’t for videos • Professionally shot videos for lectures/discussion
  • 14. 14
  • 15. Conclusion 15Introduction | Methodology | Lessons Learned | Next Steps | Conclusion @crtheisen crtheise@ncsu.edu theisencr.github.io

Editor's Notes

  1. Michael Brown, CEO of Symantec, says that shortfall could increase up to 1.5 million by 2019.
  2. Online classwork and MOOCs have emerged as one way to train busy professionals. Typically taken at your own pace or at a relaxed pace compared to usual coursework Can take the courses from your couch, no brick-and-mortar requirements
  3. “Flipping” a course The question; how do the two courses compare? Exact same for both offerings for online and in-person
  4. The syllabus for the course. Course is about security management and prevention, with an introduction to specific types of exploits More about prevention than exploitation Not a crypto class
  5. Google Coursebuilder, running on google app engine (circa late 2014, been updated since) Quizzes via Google Forms (built in quiz functionality broke, more on that later) Navigate via next page Embedded videos and quizzes
  6. Going to focus on RQ3 for this talk, preview RQ1 and RQ2: RQ1: Variety of reasons, slight bias toward retraining/filling in gaps Interesting participants: high school teacher who was dropped into teaching a computer science course, and administrative assistant who works with security professionals RQ2: 450 people signed up online, 60 finished. 120 signed up for NCSU course, 115 finished. Compared both sets of students on common multiple choice; online students performed about 10% worse than the brick-and-mortar students
  7. Going to focus on RQ3 for this talk, preview RQ1 and RQ2: RQ1: Variety of reasons, slight bias toward retraining/filling in gaps Interesting participants: high school teacher who was dropped into teaching a computer science course, and administrative assistant who works with security professionals RQ2: 450 people signed up online, 60 finished. 120 signed up for NCSU course, 115 finished. Compared both sets of students on common multiple choice; online students performed about 10% worse than the brick-and-mortar students
  8. Most frequently quoted reason for dropping out: not enough time to complete. Even though we specifically set out to set the bar as low as we could! By relaxing assignment deadlines, we helped improve retention. Estimation of effort is always hard. We were warned it would take more time than we thought, tried to overestimate, STILL wasn’t enough. Death by a thousand cuts: so many individual things adds up to a lot of time. Also means that divide and conquer could work well.
  9. One of the biggest timesinks was dealing with pop up technical issues. Quizzes weren’t retaining scores the night before we launched, slowness on App Engine was a constant issue (Some of this is apparently resolved in the newer version, but scalability testing before your launch is important, even for a smaller course). We had a peer review project component being run by another group, but group didn’t finish until right before the week we were going to launch it; launch had a ton of problems ended up having to scrap it. Not a good look from a PR perspective, plus a huge headache
  10. Interesting participants: high school teacher who was dropped into teaching a computer science course, and administrative assistant who works with security professionals How do we consider these folks when designing our lectures and assignments? Can’t make the same assumptions about prior knowledge
  11. (Video starts automatically, plays silently, I talk over it and explain what’s going on, since we can’t guarantee sound in presentations) One of the things that worked great: videos about current events in software security! Example topics: walking through breaches, how they happened, how they could have been prevented, what they’re doing now Discussed Heartbleed, Home Depot breach, the White House breach We always had something to discuss! This was the most well received part of the course, quote: “I felt like the discussion videos made it more of a personal experience”
  12. So what’s next? We’re running the course again this fall. Moving to OpenEDx or the new iteration of Coursebuilder We have a better idea on what works/what doesn’t and will incorporate the lessons learned into the new course Videos will be professionally shot, rather than by us.
  13. Course is also running on-demand on DigitalChalk Can take it for a certificate or just for knowledge Targeted towards corporate group buys of the course
  14. Here’s my contact info, thanks for coming, any questions? 