NSA's Cybersecurity Curriculum
Written by Nikos Vaggalis   
Tuesday, 25 April 2023

The CLARK (Cybersecurity Labs and Resource Knowledge-base) Center from Towson and the NSA have published hundreds of cybersecurity learning courses and modules. Let's check what's on offer.

clark banner

CLARK is a platform for building and sharing free cybersecurity curricula. It provides cybersecurity educators with the building blocks to train the next wave of researchers and better prepare the cybersecurity workforce.

It draws from a very large collection of cybersecurity topics with high-impact cybersecurity curriculums created by top researchers and peer-reviewed by instructional designers and subject matter experts. It provides access to more than 700 “learning objects” including labs, videos, lecture notes and other formats which are free under the creative commons license.

To get a better idea, here's a few of the most popular courses on CLARK:

  • Introduction to Cybercrime - Markus Rauschecker, Ben Yelin, University of Maryland-Baltimore
  • A Primer on Race Conditions and Computer Security - Matt Bishop, University of California – Davis
  • Basic Concepts of Quantum Cryptography – Abhishek Parakh, University of Nebraska-Omaha
  • Global Cyber Threat Environment – John Heslen, Augusta University
  • Software Defined Networking – Virginia Tech

and many others…

Now in cooperation with the NSA it makes hundreds of cybersecurity modules available under the NSA NCCP (National Cybersecurity Curriculum Program) in an effort to build a cyber-skilled workforce which is critical to the continued security across social, economic, and political domains.

Towards this goal, the National Cybersecurity Curriculum Program aims to:

  1. Develop national cybersecurity curriculum that maps to the National Cybersecurity Workforce Framework to be made publicly available for educational institutions preparing cybersecurity graduates for the future workforce.
  2. Establish and implement a dissemination plan that includes an annual Cyber Education Workshop to showcase curriculum and allow cybersecurity educators to convene and discuss strategies for building and sustaining curriculum in cybersecurity.
  3. Build a Cyber Cube that includes a dynamic library of cybersecurity curriculum and a community of cybersecurity educators committed to sustaining it.

In that respect there are over 600 NSA sponsored modules with durations ranging from a 4-10 hours to several weeks. The list is too extensive to copy it here but some of the top-level featured ones include :

  • Host-Based Stepping-Stone Intrusion Detection
    This module introduces the host-based techniques to detect stepping-stone intrusion including content thumbprint, time thumbprint, packet count, random-walk, and crossover packets.
  • Packet Matching
    In order to overcome intruder's time-jittering and chaff-perturbation manipulation, estimating the length of a connection chain becomes the main approach not only to detect stepping-stone intrusion, but also to resist intruder’s evasion. In this module, there are discussed two methods to estimate the length of a connection chain to detect stepping-stone
  • Introduction to Stepping-stone Intrusion Detection
    This module introduces the basic concepts related to stepping-stone intrusion detection, provides preliminary knowledge, discusses topics in making a connection chain and packet sniffing, and summarizes all the important methods for stepping-stone intrusion detection in the literature.
  • Introduction to Software Security
    This module discusses common software vulnerabilities, malware and software secure design principles. Software vulnerabilities, such as buffer overflow and integer overflow, are introduced in the first micromodule, followed by a discussion of corresponding countermeasures. 

A couple of years ago there was another offering by another Government organization, this time by the British GCHQ, which we examined in CyberChef - The Developer's Ultimate Toolbox :

Are all government agencies falling in love with GitHub and open sourcing their tools? Of course the recent and hottest headlines belong to NSA's release of its reverse engineering tool Ghidra, but this latest offering from the UK's Government Communications Headquarters (GCHQ) should not go unnoticed or be underestimated.

That offering is CyberChef, a general purpose tool, therefore more useful than the specialized and niche Ghidra. It's a tool that provides functionality that every developer needs for their day-to-day workload.

That range of functionality is staggeringly large, ranging from the popular toBase64/fromBase64 and URL encode/decode, to encryption with AES/DES/Blowfish and JWT, to Arithmetic and Logic with calc and bitwise operations, up to Language and Charset conversions.

It seems that once clandestine Government security organizations are becoming more open and approachable to the wider developer public. Potentially seeking new blood? NSA USA

More Information

NCPP

Related Articles

CyberChef - The Developer's Ultimate Toolbox

A Reverse Engineering Workshop for Beginners

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


pgstream - Real Time Change Data Capture For PostgreSQL
16/09/2024

As we've said before, Postgres is for everything, for all the stacks. Now add Change Data Capture to that list too, thanks to pgstream.



MongoDB 8 Reduces Memory Use And Increases Speed
07/10/2024

MongoDb 8 has been released, and the developers have said this is the most secure, durable, available, and performant version of MongoDB yet, with significantly reduced memory usage and query times, a [ ... ]


More News

kotlin book

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 25 April 2023 )