Adversarial Thinking - Teaching Students to Think Like a Hacker.pdf

pdf

ABSTRACT

Today's college and university cybersecurity programs often contain multiple laboratory activities on various different hardware and software-based cybersecurity tools. These include preventive tools such as firewalls, virtual private networks, and intrusion detection systems. Some of these are tools used in attacking a network, such as packet sniffers and learning how to craft cross-site scripting attacks or man-in-the-middle attacks. All of these are important in learning cybersecurity. However, there is another important component of cybersecurity education - teaching students how to protect a system or network from attackers by learning their motivations, and how they think, developing the students' "abilities to anticipate the strategic actions of cyber adversaries, including where, when, and how they might attack, and their tactics for evading detection."

This paper describes the content and implementation of a 6 hour 15 minute (5 class sessions) module in Adversarial Thinking in a Network Security course, the students' perceptions of the value and importance of the module as a result of their anonymous responses to a survey on the module, and the statistical results of a Data Breach Pretest-Posttest Assessment to measure how well they understood the concepts involved in Adversarial Thinking as part of learning cybersecurity.

BIO

Frank H. Katz received his M.S. in Management from Georgia State University in Atlanta, GA, in 1987, and his B.A. in Computer and Information Sciences from the University of Florida, Gainesville, FL, in 1977. Upon graduating from Florida, he was commissioned as a 2nd Lieutenant in the Army Engineers, serving on active duty for four years in various leadership positions, predominantly in the 92nd Engineer Battalion, Fort Stewart, GA. He attained the rank of Captain and upon leaving active duty was awarded the Army Commendation Medal for service. Mr. Katz has over twenty-one years of industry experience in the Information Technology field: as a consultant for Arthur Andersen & Co. (1981-1982); as a Senior Programmer/Analyst for The Coca-Cola Company (1982-1988); as a Systems Analyst for Great Dane Trailers, Inc. (1988-1995); as a Project Manager and Senior Systems Analyst for Savannah Foods & Industries/Imperial Sugar Company (1995-2001); and as a Senior Software Engineer for HO Systems/Verisign (2001-2002). His particular area of expertise was in designing and implementing purchasing and inventory control systems. As a result, he has brought real-world experience into his teaching.

Mr. Katz has been an Assistant Professor of Information Technology at Armstrong State University, now Georgia Southern University, since 2002, specializing in teaching Systems Analysis and Design, Database Systems, and Cybersecurity. While at Armstrong, he was instrumental in creating the four course curriculum in Cybersecurity, which are part of the Minor in Cybersecurity, and specialization in Cybersecurity in the Bachelor of Science in Information Technology. He played a significant leadership role in Armstrong attaining the noteworthy designation as a Center of Academic Excellence in Cyber Security Education from the National Security Agency (NSA-CAE/CDE), and ensured that it was transferred to Georgia Southern. In November, 2019, he was appointed the Director of Georgia Southern's Center for Applied Cyber Education (CACE).

He has been published numerous times in the Cybersecurity field, especially in pedagogical methods relating to the topic. He has also made multiple presentations on Cybersecurity to the general public in the Savannah area, and has been interviewed numerous times on the topic by local TV stations. He is an Editorial Board Member of Kennesaw State University's Journal of Cybersecurity Education, Research, and Practice (JCERP). He is a member of the Association for Computing Machinery (ACM), the world-wide computing professional society; a member of AFCEA (formerly the Armed Forces Communications and Electronics Association); a member of the Information Systems Security Association (ISSA); and a Life Member of the Military Cyber Professionals Association, an organization dedicated to developing military Cyber professionals through STEM education initiatives at the service academies and civilian universities throughout the United States.

  • adversarial thinking
  • behavioral game theory
  • cybersecurity education
  • Dominant strategies
  • game theory
  • Interdependent choices
  • Utility preferences
  • Presentations
Submitted by Anonymous on