Assessing Competencies Using Scenario-Based Learning in Cybersecurity

Recent years have seen a disconnect between much-needed real-world skills and knowledge imparted to cybersecurity graduates by higher education institutions. As employers are shifting their focus to skills and competencies when hiring fresh graduates, higher education institutions are facing a call to action to design curricula that impart relevant knowledge, skills, and competencies to their graduates, and to devise effective means to assess them. Some institutions have successfully engaged with industry partners in creating apprenticeship programs and work-based learning for their students. However, not all educational institutions have similar capabilities and resources. A trend in engineering, computer science, and information technology programs across the United States is to design project-based or scenario-based curricula that impart relevant knowledge, skills, and competencies. At our institution, we have taken an innovative approach in designing our cybersecurity courses using scenario-based learning and assessing knowledge, skills, and competencies using scenario-guiding questions. We have used the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework and the Office of Personnel Management (OPM) Hiring Cybersecurity Workforce report for skills, knowledge, and competency mapping. This paper highlights our approach, presenting its overall design and two example mappings.

Attribution and Knowledge Creation Assemblages in Cybersecurity Politics

Attribution is central to cybersecurity politics. It establishes a link between technical occurrences and political consequences by reducing the uncertainty about who is behind an intrusion and what the likely intent was, ultimately creating cybersecurity “truths” with political consequences. In a critical security studies’ spirit, we purport that the “truth” about cyber-incidents that is established through attribution is constructed through a knowledge creation process that is neither value-free nor purely objective but built on assumptions and choices that make certain outcomes more or less likely. We conceptualize attribution as a knowledge creation process in three phases – incident creation, incident response, and public attribution – and embark on identifying who creates what kind of knowledge in this process, when they do it, and on what kind of assumptions and previous knowledge this is based on. Using assemblage theory as a backdrop, we highlight attribution as happening in complex networks that are never stable but always shifting, assembled, disassembled and reassembled in different contexts, with multiple functionalities. To illustrate, we use the intrusions at the US Office of Personnel Management (OPM) discovered in 2014 and 2015 with a focus on three factors: assumptions about threat actors, entanglement of public and private knowledge creation, and self-reflection about uncertainties. When it comes to attribution as knowledge creation processes, we critique the strong focus on existing enemy images as potentially crowding out knowledge on other threat actors, which in turn shapes the knowledge structure about security in cyberspace. One remedy, so we argue, is to bring in additional data collectors from the academic sector who can provide alternative interpretations based on independent knowledge creation processes.

Data Compatibility Issues: How to Prevent Miscoding and Dropped Observations When Using U.S. Office of Personnel Management Data Sets

A critical comparison of the agency identifier codes in the Federal Employee Viewpoint Survey (FEVS) and FedScope data sets reveals three distinct types of issues will occur when researchers attempt to merge the data sets: (a) a single agency is assigned different codes across data sets; (b) a single code is assigned to different agencies across data sets; and (c) a single code is assigned to two or more agencies in the FEVS data set and a separate agency in the FedScope data set. Between 2013 and 2016, these issues are present in almost all major federal departments. Compatibility issues between the agency identifiers could cause the user to drop observations unnecessarily or unknowingly combine two different agencies’ data improperly. If uncorrected, these issues will distort the analysis of studies that rely on this combination of data. However, researchers can correct for this issue and still use Office of Personnel Management (OPM) identifiers to combine data across multiple data sets.

Overcoming Persistent Barriers to Broadening Participation in the Federal Workforce

“Broadening participation” is defined as programs or policies that have the potential to benefit society and contribute to the achievement of specific, desired societal outcomes. This program was created by the U.S. National Science Foundation (NSF) to address the underrepresentation of women, minorities, the disabled, and other groups in NSF’s programs and workforce. The U.S. Office of Personnel Management has recently taken steps that could lead to a closer examination of the NSF Broadening Participation Program as a way to deliver key insights into ways to overcome three persistent barriers to broadening participation in the overall federal workforce.

Simulation of scenarios in the pro-reitoria of management of people of an institution of higher public education of the west of Paraná, Brazil

In an environment of frequent changes, organizations are constantly influenced by the environment in which they operate. For higher education institutions the rule is the same, therefore, becomes essential to the adoption of effective strategies for your success. This technical report aims to the simulation of scenarios on the Office of personnel management of a Public higher education institution located in the Western region of Paraná. For this, the Rojo model of simulation scenarios (ROJO, 2005) on this pró-reitoria, since the practice of simulation scenarios was not part of your strategic planning. As a contribution, this intervention resulted in the formulation of strategies for three scenarios designed: a pessimist, an intermediary and an optimist. In the end, drew up a plan of action containing goals aligned with strategies to minimize or take advantage of future contingencies.