Chris Theisen, profile picture
Uploaded byChris Theisen
PPTX, PDF340 views

Software Security Education at Scale

The document discusses research into scaling software security education online to help retrain professionals in the workforce. It describes flipping a university class into online video lectures and using the videos to create an online course. The research questions examine why software engineers enrolled, how their performance compared to university students, and feedback on the online format. Challenges discussed include technical issues, varying participant backgrounds, and underestimating time commitments. Improving future courses involves addressing these challenges, iterating based on lessons learned, and exploring additional online platforms.

Embed presentation

Download to read offline
Software Security Education At Scale Chris Theisen, Laurie Williams, Emerson Murphy-Hill, Kevin Oliver {crtheise, lawilli3, emurph3, kevin_oliver}@ncsu.edu North Carolina State University National Science Foundation Grant Number 4900-1318428.
Introduction • Cisco 2014 Annual Security Report: Worldwide shortage of 1 million security professionals • Educating students is no longer enough! • How do we help retrain people who are currently in the workforce? 2Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Solution: Online Coursework 3Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
“Flipping” A University Class • Students watch video lectures, listen to Silver Bullet Podcast before the class takes place, take a quiz • Class time devoted to exercises, discussion, etc. • Videos can then be reused for online course 4Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
5
6
Research Questions • RQ1: Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 7Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Research Questions • RQ1: Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 8Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Time Commitment 9Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • For students: even asking 2-3 hours a week is a lot. • Specific assignment deadlines should be relaxed. • For instructors: Take your first guess, double it. • Video editing, message boards, technical problems, email, language barriers, etc…
Technical Issues 10Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Issues with Course Builder – Quizzes stopped working night before we launched – Slow response times of the site itself – Fixed in latest version • Peer review project had to be scrapped – Should have required it be complete before course launched
Consider Your Audience 11Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Wider spread of participants means… – Can’t assume background knowledge • Participants included: – Administrative assistant working with sec. professionals – High school teacher teaching a CS class with minimal background
Discussion Video 12Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
Iterate and Improve 13Introduction | Methodology | Lessons Learned | Next Steps | Conclusion • Rerun the online course (tentatively this fall) • OpenEDx, new Google Course Builder…? • Better idea of what works/what doesn’t for videos • Professionally shot videos for lectures/discussion
14
Conclusion 15Introduction | Methodology | Lessons Learned | Next Steps | Conclusion @crtheisen crtheise@ncsu.edu theisencr.github.io

More Related Content

PPTX
Anna Levick, New College Pontefract alternative approaches to assessing & p...
byJISC Regional Support Centre
 
PPT
If Dle Is The Answer What Is The Question
bylegal5
 
PPTX
Video assignments - managing large submission files using Blackboard and Plan...
byChris Boon
 
PDF
E learning
byFarid Ahmad
 
PPTX
Developing Support Skills in Student Workers
byCollin College
 
PPT
Jisc M@1 Presentation V2
byHAROLDFRICKER
 
PPT
NCASA
byCraven Community College
 
PPTX
Impact of COVID-19 on Education
byHarisRiaz25
 
Anna Levick, New College Pontefract alternative approaches to assessing & p...
byJISC Regional Support Centre
 
If Dle Is The Answer What Is The Question
bylegal5
 
Video assignments - managing large submission files using Blackboard and Plan...
byChris Boon
 
E learning
byFarid Ahmad
 
Developing Support Skills in Student Workers
byCollin College
 
Jisc M@1 Presentation V2
byHAROLDFRICKER
 
NCASA
byCraven Community College
 
Impact of COVID-19 on Education
byHarisRiaz25
 

What's hot

PDF
Technology Integration in the Classroom - A case study in learning engagement...
byWilliam Welder
 
PPTX
E assessment
byMad Buny
 
PPTX
Working with iPad Class Sets
bykForgard
 
PDF
Cs 643 syllabus
bySuneetha Prabhu
 
DOCX
Edu 225 week 7 assignment benchmark
byben george
 
PDF
Capilano U - Why use screencasting?
byBrian Bailey
 
PPTX
E portfolio presentation
byTalal Alhashemi
 
PPS
PowerPoint Show
byVideoguy
 
PPT
Webinar REC:all
bySylvia Moes
 
PDF
Model Technology Enhanced Classrooms
byBCcampus
 
PPTX
Using staff and student technology enhanced learning (TEL) narratives to info...
byJisc
 
DOCX
Formative assessment
bymstephens66
 
PPTX
Unit 1:Defining the Field
byBrenda Carmon
 
PPT
Myron Agyiri
byHandheldLearning
 
PPT
Effective Assistive Technology.Bkrd
byJennifer Courduff
 
PPSX
Planning for Technology Integration in the Classroom
byTheophilus1213
 
PPT
Technology Infusion Presentation
bybbeach84
 
PDF
Instructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
byAlex Criswell, M.A. & M.S. Ed
 
PPT
Posing questions and addressing challenges about e learning
byAndrew Fluck
 
PPTX
Mega-metacognition - learning how to learn in a digital age
byJisc
 
Technology Integration in the Classroom - A case study in learning engagement...
byWilliam Welder
 
E assessment
byMad Buny
 
Working with iPad Class Sets
bykForgard
 
Cs 643 syllabus
bySuneetha Prabhu
 
Edu 225 week 7 assignment benchmark
byben george
 
Capilano U - Why use screencasting?
byBrian Bailey
 
E portfolio presentation
byTalal Alhashemi
 
PowerPoint Show
byVideoguy
 
Webinar REC:all
bySylvia Moes
 
Model Technology Enhanced Classrooms
byBCcampus
 
Using staff and student technology enhanced learning (TEL) narratives to info...
byJisc
 
Formative assessment
bymstephens66
 
Unit 1:Defining the Field
byBrenda Carmon
 
Myron Agyiri
byHandheldLearning
 
Effective Assistive Technology.Bkrd
byJennifer Courduff
 
Planning for Technology Integration in the Classroom
byTheophilus1213
 
Technology Infusion Presentation
bybbeach84
 
Instructional Analysis for Emotional Intelligence for EDCI 57500 Webinar
byAlex Criswell, M.A. & M.S. Ed
 
Posing questions and addressing challenges about e learning
byAndrew Fluck
 
Mega-metacognition - learning how to learn in a digital age
byJisc
 

Viewers also liked

PPT
Fuzzing 101 Webinar on Zero Day Management
byCodenomicon
 
PDF
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
PDF
Autonomous Hacking: The New Frontiers of Attack and Defense
byPriyanka Aash
 
PPTX
DefCamp 2013 - In vehicle CAN network security
byDefCamp
 
PDF
Automated and Effective Testing of Web Services for XML Injection Attacks
byLionel Briand
 
PDF
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
byImperva
 
PDF
Blending Automated and Manual Testing
byDenim Group
 
PPTX
Automated Attack Surface Approximation [FSE - SRC 2015]
byChris Theisen
 
PPTX
A DevOps Guide to Web Application Security
byImperva Incapsula
 
PPTX
Crowd-Sourced Threat Intelligence
byAlienVault
 
PPTX
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
byYuji Kosuga
 
PPTX
Attack Surface Analytics [ISSRE-DSW 15]
byChris Theisen
 
PPT
Attacks Against Captcha Systems - DefCamp 2012
byDefCamp
 
Fuzzing 101 Webinar on Zero Day Management
byCodenomicon
 
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
Autonomous Hacking: The New Frontiers of Attack and Defense
byPriyanka Aash
 
DefCamp 2013 - In vehicle CAN network security
byDefCamp
 
Automated and Effective Testing of Web Services for XML Injection Attacks
byLionel Briand
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
byImperva
 
Blending Automated and Manual Testing
byDenim Group
 
Automated Attack Surface Approximation [FSE - SRC 2015]
byChris Theisen
 
A DevOps Guide to Web Application Security
byImperva Incapsula
 
Crowd-Sourced Threat Intelligence
byAlienVault
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
byYuji Kosuga
 
Attack Surface Analytics [ISSRE-DSW 15]
byChris Theisen
 
Attacks Against Captcha Systems - DefCamp 2012
byDefCamp
 

Similar to Software Security Education at Scale

PPTX
Course outline
byCodewizacademy
 
PDF
Modern Software Engineering Doing What Works To Build Better Software Faster ...
byraafifedorxp
 
PDF
Flipping the classroom at the University of Queensland
byCarl Reidsema
 
PPTX
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA_lecture1.pptx
bybarmga72
 
PPT
What We've Learned From Building Basie
byGreg Wilson
 
PPTX
Classroom Slide Templates
byMichael M Grant
 
PPT
We Know Less Than You Think (But We Do Know Something)
byGreg Wilson
 
PPTX
Workplace Simulated Courses - Course Technology Computing Conference
byCengage Learning
 
PPTX
ICDE 2015 Brenda Mallinson CPIE evaluation
byBrenda Mallinson
 
PDF
On Using Cloud Computing to Support Online Courses
byGermán Moltó
 
PPT
Grad Cert Tertiary Learning and Teaching, my APL presentation
bySamuel Mann
 
PDF
Modular Instruction Presentation - Gail Weatherly
byT-BUG
 
PPTX
BdEurope2011_BlendedLearningWorkshop.pptx
byAins11
 
PDF
Moving Beyond Instruction: Some Challenges & Directions
bySridhar Chimalakonda
 
PDF
Web Engineering Workshop
byDhaval Dalal
 
PPT
UCD Awareness Research
byli_chakuli
 
PPT
Software Engineering Presentation
byguest0d0022
 
PPT
Software Engineering Presentation
byguest0d0022
 
PPT
Software Engineering Presentation
byguest0d0022
 
PDF
Robert Evans Thesis dtd 13 Oct 2015
byRobert Evans
 
Course outline
byCodewizacademy
 
Modern Software Engineering Doing What Works To Build Better Software Faster ...
byraafifedorxp
 
Flipping the classroom at the University of Queensland
byCarl Reidsema
 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA_lecture1.pptx
bybarmga72
 
What We've Learned From Building Basie
byGreg Wilson
 
Classroom Slide Templates
byMichael M Grant
 
We Know Less Than You Think (But We Do Know Something)
byGreg Wilson
 
Workplace Simulated Courses - Course Technology Computing Conference
byCengage Learning
 
ICDE 2015 Brenda Mallinson CPIE evaluation
byBrenda Mallinson
 
On Using Cloud Computing to Support Online Courses
byGermán Moltó
 
Grad Cert Tertiary Learning and Teaching, my APL presentation
bySamuel Mann
 
Modular Instruction Presentation - Gail Weatherly
byT-BUG
 
BdEurope2011_BlendedLearningWorkshop.pptx
byAins11
 
Moving Beyond Instruction: Some Challenges & Directions
bySridhar Chimalakonda
 
Web Engineering Workshop
byDhaval Dalal
 
UCD Awareness Research
byli_chakuli
 
Software Engineering Presentation
byguest0d0022
 
Software Engineering Presentation
byguest0d0022
 
Software Engineering Presentation
byguest0d0022
 
Robert Evans Thesis dtd 13 Oct 2015
byRobert Evans
 

More from Chris Theisen

PPTX
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...
byChris Theisen
 
PPTX
Metrics for Security Effort Prioritization
byChris Theisen
 
PPTX
Science of Security Industry Day - October 2015
byChris Theisen
 
PPTX
Approximating Attack Surfaces with Stack Traces [ICSE 15]
byChris Theisen
 
PPTX
Public Key Cryptosystems and RSA
byChris Theisen
 
PPTX
Prioritizing Security Efforts with a Risk-Based Attack Surface Approximation
byChris Theisen
 
Risk-Based Attack Surface Approximation: How Much Data is Enough? [ICSE - SEI...
byChris Theisen
 
Metrics for Security Effort Prioritization
byChris Theisen
 
Science of Security Industry Day - October 2015
byChris Theisen
 
Approximating Attack Surfaces with Stack Traces [ICSE 15]
byChris Theisen
 
Public Key Cryptosystems and RSA
byChris Theisen
 
Prioritizing Security Efforts with a Risk-Based Attack Surface Approximation
byChris Theisen
 

Recently uploaded

PPTX
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
PPTX
Searching in PubMed andCochrane_Practical Presentation.pptx
bySystematic Reviews Network (SRN)
 
PPTX
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
PDF
The voice of the rain poem class 11th.pdf
byReeta Baral
 
PDF
Projecte de la porta de la classe de primer A: Mar i cel.
byeduardrubio1
 
PDF
Projecte de la porta d'i5B: Els animals marins
byeduardrubio1
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PDF
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
PPTX
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
PDF
1ST APPLICATION FOR ANNULMENT (4)8787666.pdf
bykonstantinantountoum1
 
PPTX
AN EXTREMELY BORING GENERAL QUIZ FOR UG.pptx
bySriramG47
 
PPTX
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
PDF
Scalable-MADDPG-Based Cooperative Target Invasion for a Multi-USV System.pdf
byMan_Ebook
 
PDF
Toward Massive, Ultrareliable, and Low-Latency Wireless Communication With Sh...
byMan_Ebook
 
PPTX
Repeat Orders_ Use Odoo Blanket Agreement
byCeline George
 
PPTX
THEORIES OF GROWTH AND DEVELOPMENT..pptx
byAneetaSharma15
 
PPTX
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
PPTX
Semester 6 Unit 2 Club foot (talipes).pptx
bysachin7989
 
PDF
Blood Group Incompatibility: Rh Factor and Erythroblastosis Fetalis
bySudhandraKarthi
 
PDF
Types of eggs and Egg membranes (Developmental Zoology)
bySudhandraKarthi
 
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
Searching in PubMed andCochrane_Practical Presentation.pptx
bySystematic Reviews Network (SRN)
 
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
The voice of the rain poem class 11th.pdf
byReeta Baral
 
Projecte de la porta de la classe de primer A: Mar i cel.
byeduardrubio1
 
Projecte de la porta d'i5B: Els animals marins
byeduardrubio1
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
1ST APPLICATION FOR ANNULMENT (4)8787666.pdf
bykonstantinantountoum1
 
AN EXTREMELY BORING GENERAL QUIZ FOR UG.pptx
bySriramG47
 
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
Scalable-MADDPG-Based Cooperative Target Invasion for a Multi-USV System.pdf
byMan_Ebook
 
Toward Massive, Ultrareliable, and Low-Latency Wireless Communication With Sh...
byMan_Ebook
 
Repeat Orders_ Use Odoo Blanket Agreement
byCeline George
 
THEORIES OF GROWTH AND DEVELOPMENT..pptx
byAneetaSharma15
 
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
Semester 6 Unit 2 Club foot (talipes).pptx
bysachin7989
 
Blood Group Incompatibility: Rh Factor and Erythroblastosis Fetalis
bySudhandraKarthi
 
Types of eggs and Egg membranes (Developmental Zoology)
bySudhandraKarthi
 

Software Security Education at Scale

  • 1.
    Software Security EducationAt Scale Chris Theisen, Laurie Williams, Emerson Murphy-Hill, Kevin Oliver {crtheise, lawilli3, emurph3, kevin_oliver}@ncsu.edu North Carolina State University National Science Foundation Grant Number 4900-1318428.
  • 2.
    Introduction • Cisco 2014Annual Security Report: Worldwide shortage of 1 million security professionals • Educating students is no longer enough! • How do we help retrain people who are currently in the workforce? 2Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 3.
    Solution: Online Coursework 3Introduction| Methodology | Lessons Learned | Next Steps | Conclusion
  • 4.
    “Flipping” A UniversityClass • Students watch video lectures, listen to Silver Bullet Podcast before the class takes place, take a quiz • Class time devoted to exercises, discussion, etc. • Videos can then be reused for online course 4Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 5.
  • 6.
  • 7.
    Research Questions • RQ1:Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 7Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 8.
    Research Questions • RQ1:Why did software engineers sign up for the online course? • RQ2: How do software engineers in the online course perform on quiz and test questions relative to university students being taught in an on-campus setting? • RQ3: How well does the online course format work for software engineering professionals? What could be improved on for future courses? 8Introduction | Methodology | Lessons Learned | Next Steps | Conclusion
  • 9.
    Time Commitment 9Introduction |Methodology | Lessons Learned | Next Steps | Conclusion • For students: even asking 2-3 hours a week is a lot. • Specific assignment deadlines should be relaxed. • For instructors: Take your first guess, double it. • Video editing, message boards, technical problems, email, language barriers, etc…
  • 10.
    Technical Issues 10Introduction |Methodology | Lessons Learned | Next Steps | Conclusion • Issues with Course Builder – Quizzes stopped working night before we launched – Slow response times of the site itself – Fixed in latest version • Peer review project had to be scrapped – Should have required it be complete before course launched
  • 11.
    Consider Your Audience 11Introduction| Methodology | Lessons Learned | Next Steps | Conclusion • Wider spread of participants means… – Can’t assume background knowledge • Participants included: – Administrative assistant working with sec. professionals – High school teacher teaching a CS class with minimal background
  • 12.
    Discussion Video 12Introduction |Methodology | Lessons Learned | Next Steps | Conclusion
  • 13.
    Iterate and Improve 13Introduction| Methodology | Lessons Learned | Next Steps | Conclusion • Rerun the online course (tentatively this fall) • OpenEDx, new Google Course Builder…? • Better idea of what works/what doesn’t for videos • Professionally shot videos for lectures/discussion
  • 14.
  • 15.
    Conclusion 15Introduction | Methodology| Lessons Learned | Next Steps | Conclusion @crtheisen crtheise@ncsu.edu theisencr.github.io

Editor's Notes

  • #3  Michael Brown, CEO of Symantec, says that shortfall could increase up to 1.5 million by 2019.
  • #4  Online classwork and MOOCs have emerged as one way to train busy professionals. Typically taken at your own pace or at a relaxed pace compared to usual coursework Can take the courses from your couch, no brick-and-mortar requirements
  • #5  “Flipping” a course The question; how do the two courses compare? Exact same for both offerings for online and in-person
  • #6  The syllabus for the course. Course is about security management and prevention, with an introduction to specific types of exploits More about prevention than exploitation Not a crypto class
  • #7  Google Coursebuilder, running on google app engine (circa late 2014, been updated since) Quizzes via Google Forms (built in quiz functionality broke, more on that later) Navigate via next page Embedded videos and quizzes
  • #8  Going to focus on RQ3 for this talk, preview RQ1 and RQ2: RQ1: Variety of reasons, slight bias toward retraining/filling in gaps Interesting participants: high school teacher who was dropped into teaching a computer science course, and administrative assistant who works with security professionals RQ2: 450 people signed up online, 60 finished. 120 signed up for NCSU course, 115 finished. Compared both sets of students on common multiple choice; online students performed about 10% worse than the brick-and-mortar students
  • #9  Going to focus on RQ3 for this talk, preview RQ1 and RQ2: RQ1: Variety of reasons, slight bias toward retraining/filling in gaps Interesting participants: high school teacher who was dropped into teaching a computer science course, and administrative assistant who works with security professionals RQ2: 450 people signed up online, 60 finished. 120 signed up for NCSU course, 115 finished. Compared both sets of students on common multiple choice; online students performed about 10% worse than the brick-and-mortar students
  • #10  Most frequently quoted reason for dropping out: not enough time to complete. Even though we specifically set out to set the bar as low as we could! By relaxing assignment deadlines, we helped improve retention. Estimation of effort is always hard. We were warned it would take more time than we thought, tried to overestimate, STILL wasn’t enough. Death by a thousand cuts: so many individual things adds up to a lot of time. Also means that divide and conquer could work well.
  • #11  One of the biggest timesinks was dealing with pop up technical issues. Quizzes weren’t retaining scores the night before we launched, slowness on App Engine was a constant issue (Some of this is apparently resolved in the newer version, but scalability testing before your launch is important, even for a smaller course). We had a peer review project component being run by another group, but group didn’t finish until right before the week we were going to launch it; launch had a ton of problems ended up having to scrap it. Not a good look from a PR perspective, plus a huge headache
  • #12  Interesting participants: high school teacher who was dropped into teaching a computer science course, and administrative assistant who works with security professionals How do we consider these folks when designing our lectures and assignments? Can’t make the same assumptions about prior knowledge
  • #13  (Video starts automatically, plays silently, I talk over it and explain what’s going on, since we can’t guarantee sound in presentations) One of the things that worked great: videos about current events in software security! Example topics: walking through breaches, how they happened, how they could have been prevented, what they’re doing now Discussed Heartbleed, Home Depot breach, the White House breach We always had something to discuss! This was the most well received part of the course, quote: “I felt like the discussion videos made it more of a personal experience”
  • #14  So what’s next? We’re running the course again this fall. Moving to OpenEDx or the new iteration of Coursebuilder We have a better idea on what works/what doesn’t and will incorporate the lessons learned into the new course Videos will be professionally shot, rather than by us.
  • #15  Course is also running on-demand on DigitalChalk Can take it for a certificate or just for knowledge Targeted towards corporate group buys of the course
  • #16  Here’s my contact info, thanks for coming, any questions? 