People of ACM - Diana L. Burley

April 25, 2017

How did you become interested in cybersecurity education?

I have always been interested in the interface between technology and people, at both the individual and collective levels. My interest in cybersecurity emerged from this basic interest in socio-technical systems. Within the context of cybersecurity, my work focuses on people, and I explore topics such as education and professional development, behavioral and organizational change, and social interaction. Cybersecurity education has taken a prominent role given the intense interest in, and need for, growing the cybersecurity workforce.

From your perspective as a cybersecurity educator who is on the front lines of teaching this discipline, what have been the most striking changes in undergraduate cybersecurity education in recent years?

The most striking change has been in the emergence of the discipline of cybersecurity, the boundaries of which we are structuring now through the work of the Joint Task Force. It is rewarding to see that the discipline is developing as an interdisciplinary course of study that blends a technical foundation with social and behavioral concepts, and that the community generally recognizes the need for cybersecurity content to be spread across the curriculum. In many ways, conversations about the appropriate framework for cybersecurity education are indicative of the larger discussion on the changing nature of higher education and the need for structures that link disciplinary silos in order to facilitate interdisciplinary collaboration and problem solving in complex environments.

Why do you think it was necessary for the ACM Joint Task Force on Cybersecurity Education to convene and work toward developing curricular guidelines for undergraduate settings?

We are structuring a new discipline. It is important for the efficacy of the developmental process that stakeholders from a cross-section of constituencies work collaboratively to establish the foundational principles, basic parameters, and core elements of the discipline. ACM has a long history of assembling this type of coalition to develop curricular guidance that supports academic program development in emerging disciplines. While several organizations have developed (or are working to develop) cybersecurity curricula for different aspects of the field, no one comprehensive framework and body of knowledge exists. This effort, which was initiated by cybersecurity educators through the Cyber Education Project, provides an opportunity for the full community to collaboratively build the leading resource for comprehensive cybersecurity curricular content. It will support global academic institutions seeking to develop a broad range of cybersecurity programs at the post-secondary level.

The decision of the ACM Education Board (and the other professional societies) to endorse our effort provides a significant source of legitimacy and, as an official activity of the ACM, we are poised to make a tremendous impact on cybersecurity education policy and practice around the world.

How will the cybersecurity landscape in undergraduate education look in 20 years (number of courses, need for professors, interdisciplinary approaches, etc.)?

My vision of undergraduate cybersecurity education in the next 20 years is quite bold. I believe we need a paradigm shift—one that supports resilience, flexibility and problem-based approaches in our academic institutions and the curriculum they offer. I envision an environment that will link educators and researchers across disciplines in a collaborative network where they dynamically integrate theory, processes, and methodologies from state-of-the-art cybersecurity research and the learning sciences to inform cybersecurity educational practice. This collaborative network of academicians, scientific researchers, industry, and government stakeholders would:

  • Establish robust processes for translating cybersecurity research to educational practice;
  • Integrate existing workforce frameworks (such as National Initiative for Cybersecurity Education Workforce Framework) and scientific approaches (such as Asymmetric Resilient Cybersecurity) with educational practice and policy; and
  • Apply learning science (at both the individual and collective levels) to the development of cybersecurity educational structures.

The current educational structure and its silos are inhibiting rather than accelerating progress in an area where transformational progress is required. This is not to suggest an elimination of disciplinary silos, but rather an overlay of a cross-functional capability that facilitates interdisciplinary collaboration and problem solving through resilient, agile, and scalable pedagogical strategies. In no other field is this more important than in cybersecurity.

Diana L. Burley is Professor of Human and Organizational Learning, and Executive Director of the Institute for Information Infrastructure Protection at The George Washington University (GW). In 2014, she was named cybersecurity educator of the year by the Colloquium for Information Systems Security Education (CISSE) and one of the Top 10 Influencers in Information Security Careers by InfoSec Careers Magazine. Prior to joining GW, she managed a multi-million-dollar computer science education portfolio and led the CyberCorps program of the National Science Foundation.

Burley is a Co-chair of the ACM Joint Task Force on Cybersecurity Education. The Task Force has been soliciting thoughts and ideas from the international community and plans to publish curricular guidelines for undergraduate cybersecurity education in December 2017.