New Approaches to Cybersecurity Education (NACE) Workshop

The Workshop

Here is your chance to help formulate an agenda for cyber security education and workforce development over the next decade or two, and get it in front of people who may help shape what comes next!

We will be convening a 1.5 day workshop on June 9 & 10 in New Orleans, before the CISSE Annual Colloquium.

Attendees will have domestic travel and 2 nights lodging expenses reimbursed, along with a small honorarium.

The workshop will be conducted as a set of brain-storming and planning exercises, both in small groups and as a whole.  These will be derived from attendee-generated idea papers and some other sources.

A final report on the workshop will be produced later in the year by the steering committee, which we plan to share with Federal funding agencies—including NSF, DHS, and NIST— and concerned parties in industry and academia. We anticipate that workshop attendees and members of the community will help to publicize key conclusions from the workshop.  All attendees will be credited in the final report, and their finalized idea papers included.


In the mid-1990s, the world was beginning to see a surge in computer and network security problems, ranging from malware to break-ins to ransomware to DDOS attacks.  These corresponded to the proliferation of powerful computing systems, better Internet connectivity, the recent addition of commercial activity to the Internet, and the growth of the WWW (among other things). In the USA, the impacts of the surge in cybersecurity threats and attacks was particularly visible.

Academia was not prepared to meet this rapidly-increasing need.  There were only a few dedicated information/computer security research programs in the world and their combined output was only a few PhD students each year. There was a paucity of educational materials as well as faculty to teach from them. There were no formal academic programs in the field.

It was in this context that several Congressional hearings on issues related to what was beginning to be called “cyber security.” Testimony at one of those hearings led to discussions with Congressional and White House staff that strongly influenced Presidential Decision Directive 63, issued in May 1998. That directive led to the NSF Scholarship for Service Program and the NSA/DHS Centers of Academic Excellence.* Those discussions also led to the NSF Cyber Trust/Trustworthy Computing program a few years later.  These have all resulted in major contributions to the field.  The SFS program, in particular, has awarded over 3,300 scholarships since the inception of the program, and there have been nearly 70 participating colleges and universities. with 720 students currently enrolled.  Well over $90 million has been awarded since 2001 for capacity-building and innovation programs associated with SFS, too.

However, a great deal has happened in the last 20 years.  What was once a field where one scholar could master the majority of knowledge has grown to encompass at least three dozen specializations, not counting privacy specializations; no one person can be expert in even a fraction of the field now. And because of the growth of knowledge in the field, there is a growing, urgent need for appropriately educated experts, both for existing positions, and to support the growing cybersecurity economy projected to pass $200 billion by 2021.  We are collectively facing new threats in security of IoT, AI-driven systems, large-scale crime, privacy violations, and cyber-enabled espionage that were barely (if at all) imagined in the 1990s. These are all in a domain (the Internet) with many different—and often competing—legal and social dimensions.

It is time to think strategically about how to meet the increasing needs and changing nature of the field. This includes thinking about whether there should be follow-ons to SFS in the US, and what they should look like. Once again, we need participants in the field to lead with new ideas and methods.  We need to imagine how to design a proposal for what might be a future major program to support education, and possibly other initiatives to meet critical needs.


Although the workshop is partially supported by NSF, it does not serve in an advisory capacity to NSF, DHS, or any other agency of the Federal government. The intent of the workshop is to obtain information and viewpoints from individual attendees.  The steering committee with then share the summary report with multiple constituencies from academia, government and the private sector.  References to the SFS and Cybertrust programs are purely to provide context for this CFP.

How to Apply to Attend

Interested parties should submit an idea piece intended to spark thought and discussion (see below for format and deadline).  The steering committee will evaluate these submissions and issue invitations to the people viewed as having the most interesting, provocative, and/or appropriate ideas for the workshop.  The submitted idea pieces should address at least one of the general topic areas related to cybersecurity education and workforce development.  Example areas of interest include:

  • What skills and knowledge should people in the field have, and how should that be acquired?
  • How do we get more US citizens—and a more diverse population —into cybersecurity in meaningful ways?
  • What kinds of resources and materials for use in education and training are needed, how do we get them developed, and how do we measure their effectiveness?
  • What are proper ways to address the mix of education methods, industry practice, and government needs?
  • What are some good ways to “future-proof” the education we provide?
  • What are the proper levels of education to address?
  • What are the most acute cybersecurity labor supply issues the United States will face in the next 5, 10, 15 and 20 years?
  • To address these labor supply issues, what new approaches to cybersecurity education are most needed and why?

Submitters do not need to be involved in education currently.

Workshop attendees will be expected to read all of the accepted idea papers prior to attending the workshop.  Within 30 days of the end of the workshop, attendees will be asked to edit their submissions to reflect any new ideas resulting from the workshop discussions.

Anyone wishing to submit a thought piece for consideration but without attending may do so, but should clearly indicate that on the submission.

Invited attendees will receive coverage of NSF-allowed transportation, lodging, and a small honorarium once the edited idea paper is received.

Formatting and Submission

The program committee will decide on invitations by May 8

Questions?  Contact <.(JavaScript must be enabled to view this email address)>.

Steering Committee

  • Matt Bishop, UC Davis
  • Diana Burley, George Washington University
  • Steve Cooper, University of Nebraska-Lincoln
  • Melissa Dark, Purdue University
  • Doug Jacobson, Iowa State University
  • Carl Landwehr, George Washington University
  • Ambareen Siraj, Tennessee Tech
  • Eugene H. Spafford, Purdue University
  • Ray Vaughn, University of Alabama in Hunstville

Supported by

This workshop is supported in part by the National Science Foundation award #1027493, CERIAS at Purdue University, and by the CISSE.

This workshop is supported in part by:

NSF award #1027493