Herman's Study Furthering Cybersecurity Curriculum Assessment Earns Best Paper Award

For more than 10 years, Illinois Computer Science professor Geoffrey Herman has laid plain his goal to  create systemic change in engineering and computer science education, and he has backed it up with results that make a difference.

After earning his BS, MS and Ph.D. from Electrical and Computer Engineering here at the University of Illinois Urbana-Champaign, Herman began this effort as one of the founders for The Grainger College of Engineering’s Strategic Instructional Innovations Program.

Since then, he became the Severns Teaching Associate Professor at Illinois CS, won the IEEE Education Society Mac Van Valkenburg Early Career Teaching Award, helped redesign curricula, proposed and developed several different courses, created a suite of microlecture videos, and much more.

Herman’s most recent effort came through a multi-institutional research project that just resulted in a Best Paper Award from the Technical Symposium on Computer Science Education 2023, organized by the ACM Special Interest Group on Computer Science Education (SIGCSE).

Herman’s paper, entitled “Psychometric Evaluation of the Cybersecurity Curriculum Assessment,” built off collaborative work with the University of Maryland, Baltimore County and the University of Minnesota, Duluth.

“My lead collaborator, Alan Sherman, who is from University of Maryland, Baltimore County (UMBC), is a cybersecurity expert who cares a lot about teaching and wanted to be able to study how we can help students learn cybersecurity,” Herman said. “We had perfectly complementing expertise that helped us develop an assessment to study how students learn cybersecurity.”

Beginning the project felt natural to Herman, although the subject material stretched his level of understanding in CS. He had little background in cybersecurity, so he has picked up a lot of knowledge through this work with Sherman.

Meanwhile, Herman and fellow collaborator Linda Oliva, also of UMBC, provide the group’s expertise in educational theory.

The combination has provided a new path forward, in terms of understanding how best to teach cybersecurity and how students best learn it – as evidenced by the work that has now developed into this new paper.

The project’s inspiration stems from a shortage of cybersecurity professionals, which cannot be addressed, as this new paper states, “unless we have an accurate understanding of which cybersecurity curricula and teaching strategies are providing students with a strong foundation.”

To accomplish this, the group first worked on the Cybersecurity Assessment Tools project, which developed instruments that can “robustly measure how well courses and curricula are forming conceptual knowledge in students.”

Results from that effort progressed through the group’s focus on a Cybersecurity Concept Inventory, which they use “to assess students’ conceptual knowledge of cybersecurity after a first course in the area.”

Now, their newest paper details the Cybersecurity Curriculum Assessment, which they used to “assess students’ conceptual knowledge of cybersecurity after they had completed a multi-course curriculum in cybersecurity.”

“The main takeaway from the paper is that we have research vetted instruments to study how well cybersecurity courses and curricula are preparing students to think about cybersecurity generally. The assessments have strong statistical properties,” Herman said.

Winning the Best Paper Award validated the group’s effort further.

Herman said this was important, considering few researchers in computing education have historically grasped their focus on psychometrics.

“I'm glad to see that the research field has matured and grown such that more researchers and practitioners know what psychometrics is and value it. It's also exciting to see that the community is valuing contributions to research and pedagogy outside of how we teach programming,” Herman said.

The momentum will continue for this group, as they will next expand their work through a project in collaboration with the United States Naval Academy and the United States Military Academy.

Their goal will be to tap into each institution’s critical need to form thorough education about cybersecurity.

“We will explore how we can best teach all of their cadets some basic cybersecurity concepts that can make the armed forces more secure,” Herman said. “The added benefit of studying cybersecurity at these institutions is that all students, regardless of their interest in computing, need to learn about cybersecurity. So, it's a nice place to begin studying how we can teach cybersecurity to everyone.”