This paper describes the development of a training module to improve students' individual online behaviors. We developed this module to integrate cyber hygiene concepts into a hands-on learning activity where students develop and secure a mobile web application using the Salesforce Developer tool. This new module aims to prepare the next…

Software vulnerabilities in commercial products are an issue of national importance. The most prevalent breaches are input validation vulnerabilities, and these are easily avoidable. This dissertation contributes to cybersecurity education with a set of hands-on interventions tailored for three CS courses, a set of reflection prompts to encourage…

Amid the ever-increasing number of cyberthreats, cybersecurity degree programs represent a potential growth area for business schools. This study examines undergraduate cybersecurity programs offered by AACSB-accredited business schools in the US. It surveyed 503 AACSB-accredited schools and identified 72 cybersecurity programs. Using the IS2020…

The use of the Capture the Flag (CTF)-style competitions has grown popular in a variety of environments as a method to improve or reinforce cybersecurity techniques. However, while these competitions have shown promise in student engagement, enjoyment, and the teaching of essential workforce cybersecurity concepts, many of these CTF challenges…

Software security is inevitably dependent on developers' ability to to design and implement software without security bugs. Perhaps unsurprisingly, developers often fail to do this. Our goal is to understand this from a usability perspective, identifying how we might best train developers and equip them with the right software tools. To this end,…

Many of the software security vulnerabilities that people face today can be remediated through secure coding practices. A critical step toward the practice of secure coding is ensuring that our computing students are educated on these practices. We argue that secure coding education needs to be included across a computing curriculum. We are…

Information Technology (IT) skills gap discourse suggests a mismatch between what students are acquiring in terms of knowledge and skills in their education versus what employers believe are useful skills for doing day to day tasks. This study builds upon previous research (analyzing the skills of college students in IT-related majors) by…

A common approach to increase test security in higher educational high-stakes testing is the use of different test forms with identical items but different item orders. The effects of such varied item orders are relatively well studied, but findings have generally been mixed. When multiple test forms with different item orders are used, we argue…

People starting cybersecurity careers have three main avenues for achieving entry-level job qualifications: learning in-demand skills, earning industry certifications, and graduating with a college degree. Though people can pursue skills, certificates, and degrees together, financial and time constraints often make people focus their efforts to…

Analysis of programming process data has become popular in computing education research and educational data mining in the last decade. This type of data is quantitative, often of high temporal resolution, and it can be collected non-intrusively while the student is in a natural setting. Many levels of granularity can be obtained, such as…

Steganography is the art and science of concealing communication. The goal of steganography is to hide the very existence of information exchange by embedding messages into unsuspicious digital media covers. Cryptography, or secret writing, is the study of the methods of encryption, decryption and their use in communications protocols.…

This paper presents the results of a comparison study between graduate students taking a software security course at an American university and international working professionals taking a version of the same course online through a free massive open online course (MOOC) created in the Google CourseBuilder learning environment. A goal of the study…

Despite the critical societal importance of computer security, security is not well integrated into the undergraduate computing curriculum. Security classes and tracks treat security issues as separable topics as opposed to fundamental issues that pervade all aspects of software development. Recently, there has been an increasing focus on security…

We report the development and initial evaluation of a serious game that, in conjunction with appropriately designed matching laboratory exercises, can be used to teach secure coding and Information Assurance (IA) concepts across a range of introductory computing courses. The IA Game is a role-playing serious game (RPG) in which the student travels…

Computing science students amass years of programming experience and a wealth of factual knowledge in their undergraduate courses. Based on our combined years of experience, however, one of our students' abiding shortcomings is that they think there is only "one correct answer" to issues in most courses: an "idealistic"…