Keynote Presentation - Why rigorous underpinnings for cyber security education and training matter? Experiences from CyBOK: the

ABSTRACT

Cyber security is increasingly in the spotlight, with almost daily news of high profile cyber attacks and data or service losses. At the same time, there are regular reports of large-scale shortages in the cyber security workforce. Cyber security education and training needs to meet these shortages. However, it is also important that our approach to doing so is based on a rigorous scientific basis. In other words, is there is a science of security approach to cyber security education and training? In this talk I will discuss the experience of developing such a rigorous approach in the form of CyBOK, the cyber security body of knowledge (https://www.cybok.org/) over the last four years. We will not only look at the scientific methods used to define the scope of CyBOK and the rigorous, peer-review, mechanisms to develop the detailed knowledge area descriptions. We will also discuss the variety of use cases enabled by such a knowledge-based framework looking in detail at its role in providing a means to systematically contrast the focus of different professional and academic educational programmes and the knowledge one can expect students to have after completing a particular certification or course. We will also touch on other use cases of CyBOK such as a common framework to define knowledge requirements for roles in the sector and the ability to benchmark knowledge capacity within an organisation or even at a national level.

BIO

Awais Rashid is Professor of Cyber Security, Department of Computer Science at the University of Bristol. His research spans cyber security and software engineering. He focuses on novel software modularity techniques that underpin software that is adaptable, evolvable and resilient in the face of changes and the volatile nature of user requirements and behaviours in the modern digital world. This naturally ties in with his cyber security research which focuses on developing tools and techniques that are adaptable to the constantly changing threat patterns utilised by criminals online. He is particularly interested in security of cyber-physical systems, such as, industrial control systems and Internet of Things. He is also a keen researcher of adversarial and non-adversarial behaviours pertaining to cyber security. He leads projects as part of the UK Research Institute on Trustworthy Industrial Control Systems (RITICS) and UK Research Institute on Socio-technical Cyber Security (RISCS), the National Centre of Excellence on Cyber Security of Internet of Things (PETRAS) and a member of the UK Centre for Research and Evidence on Security Threats (CREST). He also leads research on readiness of software engineers and developers to work with new secure hardware as part of the ESRC Hub on Digital Security by Design (Discribe). He is a Fellow of the Alan Turing Institute. Prior to joining the University of Bristol, He was co-founder and co-director of the Security Lancaster Institute at Lancaster University.