Cyber Up! DFIR
Coastline College Cyber Up! Grant
Director: Professor Tobi West, CISSP, GCFE
Contact: twest@coastline.edu
Introduction to Cyber Up!
Digital Forensics and Incident Response Project
Predominantly, cybersecurity education focuses on theory and skills to build secure programs, networks, and systems, but in the event of a cyberattack, when security is breached, theories and models are not enough. To increase national security for the U.S. and meet its workforce needs, cybersecurity education must develop new knowledge and skills. To address this need, the Cyber Up! Digital Forensics and Incident Response (DFIR) project at Coastline College will research, create, adapt, adopt, and implement a suite of course content that supports a Certificate of Achievement and an Associate of Science degree.
As a Center of Academic Excellence in Cyber Defense Education (CAE-CDE), the implementation of the DFIR program at Coastline College has the potential to be transformative, bringing about needed and important change to U.S. education and security. Thus, the program expects to increase the availability and readiness of qualified cybersecurity technicians in the U.S. workforce, resulting in greater global competitiveness for the U.S. economy and increased national security. A comprehensive project evaluation will measure the DFIR program's effectiveness, which will in turn support adaptation and replication by other institutions.
-
Purpose of Cyber Up!
Digital Forensics and Incident Response
According to CyberSeek, there are over 300,000 cybersecurity job openings at the national level. As more positions open, the cybersecurity talent gap continues to grow across the U.S. Through the Cyber Up! DFIR project, Coastline College is working to reduce the cybersecurity skills gap and develop talent for the cybersecurity workforce by providing programs that help students prepare for cybersecurity work roles through hands-on activities.
Coastline College received a three-year award funded by the National Science Foundation as an Advanced Technological Education (ATE) project under grant award #1800999 called Cyber Up! Digital Forensics and Incident Response (DFIR) Program.
Broader Impacts and Intellectual Merit
The Digital Forensics and Incident Response (DFIR) program distance education modalities will be designed for a national reach and assist in preparing students for successful employment. The project will work towards providing cybersecurity advancement through various modalities since the content, courses, certificate, and degree will all be available online. The project will also develop virtual labs and faculty resources.
The DFIR program will aim to reach educators, institutions, and diverse populations with important new knowledge and skills in digital forensics and incident response. Faculty development will provide educators new knowledge and enhance their abilities in these new technological and pedagogical skill-sets, leading to enriched educational structures at the institution. Because of the adoptable, modular content, other institutions can benefit through adoption into their programs, creating pathways to greater skills and knowledge for students and professionals.
Increasing skills and knowledge in diverse and underrepresented populations in cybersecurity will help to assure increased participation of women, minorities, and special populations in science, technology, engineering, and mathematics (STEM) education and in the STEM workforce. Thus, the program will strive to generate important new knowledge and skills to share with students, professionals, and the academic community.
-
Cyber Up! DFIR Grant Selection
Funded by the National Science Foundation, the Advanced Technological Education (ATE) program emphasizes two-year Institutions of Higher Education to support curriculum development, professional development of college faculty and secondary school teachers, career pathways, and other activities related to the education of technicians for the high-technology fields.
The ATE program encourages proposals from Minority Serving Institutions that offer associate degrees, to support underrepresented students for success and completion in STEM education pathways. Coastline College is recognized as both a Hispanic Serving Institution and an Asian American Native American Pacific Islander Serving Institution (AANAPISI).
Following the ATE program solicitation guidelines, Coastline College's Cyber Up! DFIR grant proposal identified broader impacts and intellectual merit to satisfy the merit review criteria for a "new to ATE" project award in the amount of $225,000. This award reflects National Science Foundation's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
-
Focus of Cyber Up!
Digital Forensics and Incident Response
The project will focus on the development of curriculum that will teach students and professionals the cybersecurity knowledge and skills of digital forensics and incident response, which need to be deployed in real-time and are dynamic to changing situations during and in response to cyberattacks. Through the DFIR program, the project intends to create adoptable educational resources; form academic, government, and industry partnerships; and prepare qualified cybersecurity technicians and professionals for entry into, or advancement within, the U.S. workforce.
-
Objectives of Cyber Up!
Digital Forensics and Incident Response
The primary objective of the grant is to develop six (6) courses leading to an Associate of Science degree specializing in Digital Forensics and Incident Response.
In order to achieve the primary objective, the project intends to research other similar projects and programs to adapt and adopt from other models. The project team will also confer with professionals working in industry and government roles to ensure that the course content meets industry needs.
Similar projects and programs include Union County College's Cyber Service! Interdisciplinary & Experiential Education for Cyber Forensics Technicians, Daytona State College's Southeastern Advanced Cybersecurity Education Consortium, and Ivy Tech Community College's Adaptation and Implementation of a Cybersecurity and Cyberforensics Curriculum in a Two-Year Community College. These projects and programs will be reviewed for strengths and opportunities to adapt and adopt for the new DFIR program at Coastline College.
Cybersecurity frameworks and models will be used to ensure a variety of input is considered. Three models have been selected for review and mapping to develop the DFIR program, the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (CSWF), CyberSeek, and SANS Institute. The knowledge, skills, abilities, and tasks of the NICE CSWF for work roles in Cyber Defense Incident Responder and Cyber Defense Forensics Analyst were selected to align with the work roles targeted for the DFIR program. The pathways for work roles of Cyber Crime Analyst Investigator and Incident Analyst Responder were selected for review from CyberSeek. And, lastly, the SANS Institute GIAC Certifications for Forensic Examiner and Incident Handler were reviewed.
An advisory board comprised of professionals with a broad range of work experience in digital forensics and incident response will provide strategic advice to Coastline College faculty for the development of curriculum for the DFIR program.
Cyber Up! Project Goals
- Research other similar projects and programs to adapt and adopt from their models.
- Research industry and government needs to find relevant cybersecurity workforce frameworks and industry-recognized certifications.
- Assemble an advisory board of subject matter experts currently working in government, industry, and academia.
- Work with the advisory board to identify cybersecurity workforce needs related to DFIR work roles.
- Develop course outlines of record for a series of 6 courses in digital forensics and incident response.
- Develop a Certificate of Achievement in Digital Forensics and Incident Response.
- Develop an Associate of Science degree in Digital Forensics and Incident Response.
- Develop model course content and hands-on lab assignments for DFIR program courses.
- Disseminate project updates to cybersecurity community.
- Disseminate model course content to other interested colleges and universities to adapt and adopt for their institution.
-
Proposed Courses & Awards
Cyber Up! Proposed Courses and Awards
The DFIR program courses and awards will be offered under the new Cybersecurity subject code designated as CYBR on Coastline College's searchable schedule. Students interested in the program can begin taking CST C245 Computer Forensics in the spring 2020 semester and additional courses will be offered in the fall 2020 semester. The awards are anticipated to be offered as early as fall 2020.
Courses
-
Introduction to Digital Forensics
CYBR 150 OR CST C245Students will explore an introduction to digital forensics using open source applications. Topics covered include chain of custody, forensic acquisition of data, forensic evidence reporting, expert witness testimony, timeline analysis, and anti-forensic techniques. Hands-on assignments will be used to develop introductory technical skills relevant to entry-level cybersecurity professionals. This course is intended for students with computer experience and an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated.
-
Introduction to Incident Response
CYBR C160Students will explore an introduction to cyber incident response using industry-recognized tools. Topics covered include incident response case studies, incident response tools used in industry, advanced persistent threats, documentation and technical reporting, timeline analysis, case management, and hunting, gathering, and foraging for cyber threats. Hands-on assignments will be used to help students develop introductory technical skills relevant to entry-level cybersecurity professionals. This course is intended for students with computer experience and an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated.
-
Cybercrime and CSIRT Coordination
CYBR C170Students will explore an introduction to laws relevant to cybercrime and the roles of the Cyber Security Incident Response Team (CSIRT). Topics covered include international, federal, and state laws relevant to cybercrime, an overview of the U.S. court system and jurisdictions, CSIRT coordination within the team and with stakeholders internal to the organization, ethics pertaining to cyber professionals, project management, technical writing, countermeasures, and compliance. This course is intended for students with an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated.
-
Intermediate Digital Forensics
CYBR C250Students will explore digital forensic techniques using industry-recognized tools. Topics covered include an introduction to network forensics and mobile device forensics, investigative and extraction tools, live acquisition data, evidence reporting, time-stomping and anti-forensic techniques, and the significance of time zones for forensic case analysis. Hands-on assignments will be used to develop technical skills relevant to entry-level cybersecurity professionals. This course is intended for students with computer experience and an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated.
-
Intermediate Incident Response
CYBR C260Students will explore incident response techniques using industry-recognized tools. Topics covered include planning and scoping a cyber incident, information gathering for vulnerability assessment, vulnerability scanning and summarization reporting, report writing and best practices, obfuscation techniques, forensic artifacts, social media forensics, memory forensics, ethics and compliance issues. Hands-on assignments will be used to develop technical skills relevant to entry-level cybersecurity professionals. This course is intended for students with computer experience and an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated.
-
Advanced Digital Forensics & Incident Response Capstone
CYBR C280Students will explore advanced digital forensics and incident response techniques using industry-recognized tools. Hands-on projects will be used to demonstrate technical skills relevant to entry-level cybersecurity professionals. Students will analyze a simulated case and report findings through technical documents and presentation. This course is intended for students with computer experience and an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated.
Awards
-
Associate of Science in Digital Forensics and Incident Response
The Associate of Science in Digital Forensics and Incident Response will provide students with a solid foundation in the field of cybersecurity with specialization in cyber defense techniques. The program is designed to prepare students for entry-level cyber jobs or to help them advance into mid-level cyber careers, such as cybercrime analyst, cyber incident analyst, cyber incident responder, digital forensic examiner, digital forensic technician, and vulnerability tester. Topics covered include planning and scoping a cyber incident, domestic and international cyber laws, ethics, chain of custody, incident detection and analysis, anti-forensic techniques, timeline analysis, incident containment, eradication, recovery, report preparation, and expert testimony. The program includes hands-on and technical writing assignments to help students develop their skills for the cybersecurity workforce.
- CYBR C150 OR CST C245 Intro to Digital Forensics
- CYBR C160 Intro to Incident Response
- CYBR C170 Cybercrime and CSIRT Coordination
- CYBR C250 Intermediate Digital Forensics
- CYBR C260 Intermediate Incident Response
- CYBR C280 Advanced DFIR Capstone
-
Certificate of Achievement in Digital Forensics and Incident Response
The Certificate of Achievement in Digital Forensics and Incident Response will provide students with a solid foundation in the field of cybersecurity with specialization in cyber defense techniques. The program is designed to prepare students for entry-level cyber jobs or to help them advance into mid-level cyber careers, such as cybercrime analyst, cyber incident analyst, cyber incident responder, digital forensic examiner, digital forensic technician, and vulnerability tester. Topics covered include planning and scoping a cyber incident, domestic and international cyber laws, ethics, chain of custody, incident detection and analysis, anti-forensic techniques, timeline analysis, incident containment, eradication, recovery, report preparation, and expert testimony. The program includes hands-on and technical writing assignments to help students develop their skills for the cybersecurity workforce.
- CYBR C150 OR CST C245 Intro to Digital Forensics
- CYBR C160 Intro to Incident Response
- CYBR C170 Cybercrime and CSIRT Coordination
- CYBR C250 Intermediate Digital Forensics
- CYBR C260 Intermediate Incident Response
- CYBR C280 Advanced DFIR Capstone
-
-
Project Timeline
With a three year grant funding period, the project will run October 1, 2019 through September 30, 2021. Major milestone activities for the project include curriculum development, course content development, and hands-on lab assignment development. The project's Principal Investigator, Tobi West, will report annually, at the end of each budget period, to the assigned Program Manager at the National Science Foundation.
-
Year 1
Oct 1, 2018 - Sep 30, 2019- Research other similar projects and programs to adapt and adopt from their models.
- Research industry and government needs to find relevant cybersecurity workforce frameworks and industry-recognized certifications.
- Assemble an advisory board of subject matter experts currently working in government, industry, and academia.
- Work with the advisory board to identify cybersecurity workforce needs related to DFIR work roles.
- Develop course outlines of record for a series of 6 courses in digital forensics and incident response.
- Disseminate project updates to cybersecurity community.
-
Year 2
Oct 1, 2019 - Sep 30, 2020- Develop a Certificate of Achievement in Digital Forensics and Incident Response.
- Develop an Associate of Science degree in Digital Forensics and Incident Response.
- Work with the advisory board to identify cybersecurity workforce needs related to DFIR work roles.
- Develop model course content and hands-on lab assignments for DFIR program courses.
- Disseminate project updates to cybersecurity community.
-
Year 3
Oct 1, 2020 - Sep 30, 2021- Work with the advisory board to identify cybersecurity workforce needs related to DFIR work roles.
- Disseminate model course content to other interested colleges and universities to adapt and adopt for their institution.
- Disseminate project updates to cybersecurity community.
-
-
Project Team
-
Ms. Tobi West
Professor and CIS/CST/DGA Department Chair
Principal Investigator (PI)Overall responsibility for administering the project. Provides leadership and project management, in collaboration with project Co-PIs: determines cybersecurity frameworks and models to be used in course development, plans and organizes advisory board meetings, develops advisory board survey, and synthesizes advisory board feedback to create course catalog descriptions and student learning outcomes. Works with external evaluator to determine baselines of program comparison.
-
Ms. Anna Carlin
Professor
Co-Principal InvestigatorSupports the PI through collaboration on cybersecurity frameworks and models to be used in course development, works with professional organizations such as ISACA to bring on advisory board members with field expertise and academic experience, contributes expertise in course development, and collaborates with the advisory board to cultivate feedback.
-
Dr. Nancy Jones
Dean of Career Education
Co-Principal InvestigatorContributes expertise in grants management and provides support to the project and the PI by advocating for the DFIR and cybersecurity programs at all levels within the college and the district.
-
Dr. Aeron Zentner
Dean of Research, Planning, and Institutional Effectiveness
Co-Principal InvestigatorCollaborates with the PI to provide student data pertinent to similar programs offered at Coastline College, helped with development of the advisory board survey on course topics, and works with external evaluator to determine appropriate baseline information.
-
Dr. Michael Lesiecki
External EvaluatorDevelops detailed Evaluation Plan, coordinate with Coastline College's Institutional Research arm to identify data sources, applicable data policies and establish a project dashboard. Develops student surveys, formative and summative analysis.
-
-
Advisory Board Information
The advisory committee is comprised of subject matter experts in digital forensics and incident response, including individuals from government, industry, and academic roles. Advisory board meetings will be held at least twice annually, with additional meetings and communications as needed to provide timely input to the project.
Advisory Board Member Organizations
- Autodesk
- Bechtel Corp
- California State Polytechnic University, Pomona
- Coast Community College District
- Coastline College
- College of Southern Nevada
- Crowdstrike
- Desert Research Institute
- Local Field Agent
- NASA
- NIC Partners
- Providence St. Joseph Health
- Retired Government Field Agent
- U.S. Government Representative
- Webster University
Contact Information
Principal Investigator
Professor Tobi West, CISSP, GCFE
CIS/CST/DGA Department Chair
714-714-7244
twest@coastline.edu
12901 Euclid St
Garden Grove, CA 92840