By Kat Riddler, Managing Editor

The Innovative, Flexible, and Multi-Purpose Lab Environment for Fostering Hands-on Skills Development in Cybersecurity Education grant was awarded to Dr. Shaji Khan, professor information systems, Dr. Sanjiv Bhatia, professor of computer science, and Dr. Jianli Pan, professor of computer science. The $294,519.78 grant was awarded by the National Security Agency (NSA).

According to Khan, “This proposal addresses the ongoing need for greater focus on incorporating hands-on learning experiences that take into account the changing nature of the cybersecurity field as well as provide opportunities for deeper applied skill development. Providing adequate hands-on learning opportunities in cybersecurity has been a major challenge.”

The NSA and the Department of Homeland Security have designated UMSL a Center of Academic Excellence in Cyber Defense Education in May of 2016. Bhatia said, “I am really excited as this grant is a recognition of our capabilities to develop materials that will be possibly used by other institutions in addition to being used here … UMSL is the only university in Missouri to be recognized as such and this grant will further cement our role in Cybersecurity education.”

Pan said, “UMSL students will have the opportunities to get access to an upgraded cutting-edge research and education testbed. They will be able to acquire the related key Cybersecurity knowledges, skills, and abilities (KSAs) to be better educated and prepared to join in the future Cybersecurity workforce, and to get access to more Federal Government Cybersecurity positions. The new findings and the project results will also be publicly available to other institutes so that they will benefit students not only at UMSL, but also in Missouri and nationwide Cybersecurity community at large.”

Creating a lab that can meet the diverse skills taught in cybersecurity was difficult. The labs are trying to provide hands-on practice for areas related to ethical hacking. These activities are dangerous and have to be in controlled environments according to Khan. They are also trying to provide an environment for providing IT infrastructure services, perform vulnerability assessments, practice network security, assess software application security, perform forensic analysis and more. Because of the complexity, educators and industry workers have only been able to build lab environments to target one or two areas of security.

Khan, Bhatia, and Pan did something different. Khan said, “Our attempt was to completely flip the model. Instead of educators creating task specific labs and students following instructions, we now let students create pretty much any lab environment they want in a completely self-service environment. In other words, we are building a lab infrastructure that allows students to build their own labs.”

So instead of fixing a pre-specified problem with a web server in a simulated environment, students will be able to create and launch a web server from scratch within a few minutes then “harden” the server to meet production security standards. Then a student can host and web application scanners to conduct security auditing of the server that was created.

Khan said, “The environment would be so flexible that it can easily be adapted to any number of real-life situations thus providing students the experience of working in real environments and taking part in the full security life-cycle.”

Khan continued, “I am so excited about this grant. I wish I had access to this type of environment when I was in school.”

Khan began ordering equipment on September 26. He hopes to have the lab infrastructure ready in 3-4 months. Pan explained in the meantime they are planning to implement the testbed and develop curricula materials and modules for multiple Cybersecurity courses. Pan said, “For example, the new curriculum grant will cover the cutting-edge KSAs on securing the wireless/mobile Internet of things (IoT) systems that have not been well covered by the existing state-of-the-art curricula.”

The grant will also benefit other institutes and the nationwide Cybersecurity community in fulfilling the goals of educating and preparing Cybersecurity workforce to better fill Federal Government Cybersecurity positions.