California State Polytechnic University, Pomona (Cal Poly Pomona) has long provided polytechnic education in information technology, including hands-on learning, senior projects, class projects, club activities, professional association affiliation, outreach, and internships. Cybersecurity workforce needs, which involve people, tools, and processes that protect networks, hardware, and software from unauthorized use, are not being met today and won’t be met in the foreseeable future unless we address cybersecurity education.
The need to understand these risks extends past cybersecurity students to accounting and finance students and beyond, up to the boardroom. According to the 2016 “Cybersecurity—Fighting Crime’s Enfant Terrible” study conducted by IMA® (Institute of Management Accountants) and ACCA (Association of Chartered Certified Accountants), “It is up to finance professionals to keep a watchful eye when it comes to cybercrime.” The polytechnic approach brings real-world cybercrime cases into the classroom.
Our classes integrate a polytechnic learn-by-doing approach, culminating in a team-based senior project course. In our program, however, we advise students that our curriculum provides at most 50% of what they need to learn while at Cal Poly Pomona. The other 50% comes from additional development activities, such as student clubs, professional associations, internships, camps, competitions, and conferences. All of these activities develop their cybersecurity skills and personal networks and enable them to view themselves as professionals before graduation. Accounting and management students can take computer information systems (CIS) classes in IT auditing, computer forensics, and management information systems as part of the business program.
Our Computer Information Systems department has a capstone class that draws on students’ knowledge obtained in their coursework and combines it with relevant community service. Part of the senior project includes working for actual clients like a small CIS consulting group would. Our cybersecurity senior projects increase in scope every year. Recent cybersecurity project customers have included LiveNation, Southern California Edison, and Business Data Links.
In our CIS department, we foster three student clubs with multidisciplinary student membership. These are SWIFT (Students With an Interest in the Future of Technology), FAST (Forensics and Security Technologies), and MISSA (Management Information Systems Student Association).
Our SWIFT club is the organization most involved with cybersecurity. SWIFT students participate in national cybersecurity competitions; organize and run cybersecurity workshops with industry partners such as Facebook, FireEye, and Chef; and run weekly meetings with student and industry speakers. Our FAST club focuses on cybercrime and forensics. Speakers include the Federal Bureau of Investigation (FBI), the Department of Defense (DoD), U.S. Secret Service, and other law enforcement and government agencies. In addition to weekly speakers on information technology and cybersecurity, MISSA runs the annual Information Technology Competition. MISSA connects with industry sponsors and recruits industry case writers and judges for the competition. Students from surrounding colleges compete in IT strategy, Web application development, telecommunications, and computer forensics.
Our MISSA club is a student chapter for the Los Angeles Chapter of ISACA. Our FAST club is a student chapter for HTCIA (High Technology Crime Investigation Association). Our SWIFT club partners with IEEE (Institute of Electrical and Electronics Engineers). Our faculty members have served as chapter presidents for the Information Systems Security Association (ISSA) and HTCIA, board members for the local ISACA chapter, and chairs of academic relations committees. CIS students attend professional association chapter meetings regularly.
CIS enables students to gain college credit while working in the information systems field. Students sign up for a class where they provide information about their employer, immediate supervisor, job duties, number of hours worked, and the skills to be acquired during the internship. Students journal weekly on their job duties and receive a supervisory evaluation at the end. Recent cybersecurity internships have included DirectTV, Department of Homeland Security (DHS), NASA, JPL, U.S. Secret Service, Raytheon, FireEye, Crowdstrike, Cylance, and Northrop Grumman.
CIS has hosted several cybersecurity camps. From 2010 to 2012, we hosted a U.S. Cyber Challenge camp. Campers received four days of professional cybersecurity training from SANS Institute instructors and attended a job fair and cybersecurity ethics panel. In 2015, CIS and Computer Science faculty and students hosted a National Security Agency (NSA) GenCyber camp for high school faculty and students. Topics covered included cybersecurity ethics, operating systems security, network security, and digital forensics.
Over the past several years, Cal Poly Pomona has become a leader in cybersecurity competitions at the college, high school, and middle school levels. We believe there’s a relationship between a cyber competition event and learning objectives that can be leveraged in a formal curriculum. Competitions can also promote career awareness and emphasize critical thinking and problem solving. CIS students compete in the Collegiate Cyber Defense Competition, National Cyber League, and other cybersecurity competitions. CIS students also mentor high school and middle school students in the CyberPatriot National Youth Cyber Defense Competition.
The Los Angeles ISACA chapter hosts an annual Spring Conference. Many of our students volunteer to help with registration and other activities there. This enables them to network with audit and cybersecurity professionals while attending conference sessions. Other conferences that students attend regularly include the SCALE (Southern California Linux Expo), LAYER 1, and DefCon events.
LEARNING BY DOING
In recent years, many higher education institutions have worked on making their programs more learning centered by focusing more on what students learn and how they learn it. The learn-by-doing approach of polytechnic institutions is inherently learning centered.
Many challenges exist in a hands-on approach to information assurance education. Developing, implementing, and maintaining state-of-the-art information assurance labs require investment in equipment, software, facilities, lab support, faculty time, and training. Senior projects require developing and maintaining relationships with internal campus and external community customers and have a curriculum that requires a capstone project. Class projects require supportive, creative teachers willing to include hands-on projects as part of the class.
Club activities require students who are willing to donate significant amounts of time and energy. Successful execution of these activities strengthens department, program, and university partnerships and reputations. This strength translates to IT and cybersecurity workers who are ready to protect the property of organizations alongside the accounting and finance professionals charged as stewards of these mission-critical assets. There may even be lessons the polytechnic method can teach to accounting and finance programs to increase the job readiness of graduates.