3rd workshop on Education, Training and Awareness in Cybersecurity
  • Date
    Jul 30, 2024
  • Location
  • Duration
    15:00 — 18:30
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Jan Hajny (General Chair)
  • → Pavel Loutocky (Co-Chair)
  • → Giuseppe Bianchi (Co-Chair)
  • → Rocco De Nicola (Co-Chair)
  • → Sara Ricci (Co-Chair)

Accepted Paper

Tackling the cybersecurity workforce gap with tailored cybersecurity study programs in Central and Eastern Europe
Marko Zivanovic (PhD Student, Faculty of Technical Science, Novi Sad, Serbia, Serbia), Imre Lendák (Professor, Faculty of Technical Science, Novi Sad, Serbia, Serbia), Ranko Popovic (Retired professor, Faculty of Technical Science, Novi Sad, Serbia, Serbia)
Full Paper
Digitalization of society brought improvement in many aspects of life but it also brought new cybersecurity challenges. The number of sophisticated, targeted cyber attacks is increasing, which requires constant improvements in Cybersecurity education. Despite this pressing need, the cybersecurity workforce gap is getting bigger. This paper presents a new approach for dynamic cybersecurity curriculum development that utilizes keyword extraction from various sources such as job ads, courses, and curricula with machine learning to quantify curriculum alignment with cybersecurity industry demands and address the workforce gap. The analysis illustrates curricula in the Central East Europe (CEE) region, maps cyber security job ads to curricula and quantifies coverage of courses, industry, and reference framework topics based on keyword matching. The case study conducted with curricula from CEE illustrates coverage according to the ENISA’s European Cybersecurity Skills Framework (ECSF) roles and optimization progress after adjustment application. The results demonstrate the importance of dynamic curriculum updates for academic institutions including cybersecurity workforce gap reduction and lack of real progress towards alignment with ECSF.
Workshop ETACS
Enhancing Cybersecurity Curriculum Development: AI-Driven Mapping and Optimization Techniques
Petr Dzurenda (Brno University of Technology, Czechia), Sara Ricci (Brno University of Technology, Czechia), Marek Sikora (Brno University of Technology, Czechia), Michal Stejskal (Brno University of Technology, Czechia), Imre Lendák (Faculty of technical sciences, Serbia), Pedro Adao (Instituto Superior Tecnico, Portugal)
Full Paper
Cybersecurity has become important, especially during the last decade. The significant growth of information technologies, internet of things, and digitalization in general, increased the interest in cybersecurity professionals significantly. While the demand for cybersecurity professionals is high, there is a significant shortage of these professionals due to the very diverse landscape of knowledge and the complex curriculum accreditation process.

In this article, we introduce a novel AI-driven mapping and optimization solution enabling cybersecurity curriculum development. Our solution leverages machine learning and integer linear programming optimization, offering an automated, intuitive, and user-friendly approach. It is designed to align with the European Cybersecurity Skills Framework (ECSF) released by the European Union Agency for Cybersecurity (ENISA) in 2022. Notably, our innovative mapping methodology enables the seamless adaptation of ECSF to existing curricula and addresses evolving industry needs and trend. We conduct a case study using the university curriculum from Brno University of Technology in the Czech Republic to showcase the efficacy of our approach. The results demonstrate the extent of curriculum coverage according to ECSF profiles and the optimization progress achieved through our methodology.
Workshop ETACS
Beyond the Bugs: Enhancing Bug Bounty Programs through Academic Partnerships
Andrej Krištofík (CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Slovakia), Jakub Vostoupal (CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Czechia), Kamil Malinka (Institute of Computer Science and Faculty of Informatics, Masaryk University, Czechia), František Kasl (CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Czechia), Pavel Loutocký (CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Czechia)
Full Paper
This paper explores the growing significance of vulnerability disclosure and bug bounty programs within the cybersecurity landscape, driven by regulatory changes in the European Union. The effectiveness of these programs relies heavily on the expertise of participants, presenting a challenge amid a shortage of skilled cybersecurity professionals, particularly in less sought-after sectors. To address this issue, the paper proposes a collaborative approach between academia and bug bounty issuers.

By integrating bug bounty programs into cybersecurity courses, students gain practical skills and soft skills essential for bug hunting and cybersecurity work. The collaboration benefits both issuers, who gain manageable manpower, and students, who receive valuable hands-on experience. A pilot conducted during the current academic year yielded positive results, indicating the potential of this approach to address the demand for skilled cybersecurity professionals. The insights gained from the pilot inform future considerations and advancements in this collaborative model.
Workshop ETACS
Event-based Data Collection and Analysis in the Cyber Range Environment
Willi Lazarov (Brno University of Technology, Czechia), Samuel Janek (Brno University of Technology, Czechia), Zdenek Martinasek (Brno University of Technology, Czechia), Radek Fujdiak (Brno University of Technology, Czechia)
Full Paper
The need to educate users on cybersecurity to some extent is critical due to the ever-increasing cyber threats. A number of web presentations, books, and other study materials can be used for this purpose. In contrast to passive learning methods, hands-on training offers a deeper perspective but poses considerable technical challenges to its implementation, which can be resolved using cyber range platforms. However, in order to thoroughly evaluate the training and provide sufficient feedback, data must be collected and analyzed. Our paper addresses this problem by developing an event-based approach for data collection and analysis. The use of events allows us to keep a history of an event and reconstruct it retrospectively, especially for further analysis and evaluation. We validated the implemented approach in a cyber range environment, in which we developed an interactive interface to visualize the analyzed data.
Workshop ETACS
Assessing the Impact of Large Language Models on Cybersecurity Education: A Study of ChatGPT's Influence on Student Performance
Marc Ohm (University of Bonn & Fraunhofer FKIE, Germany), Christian Bungartz (University of Bonn, Germany), Felix Boes (University of Bonn, Germany), Michael Meier (University of Bonn & Fraunhofer FKIE, Germany)
Full Paper
The popularity of chatbots to facilitate day-to-day business, including students and their study exercises, is on the rise. This paper investigates the extent and effects on the academic performance of students that leverage such tools. While many other approaches are hypothesized and discussed, we measure empirically. We recorded and compared the performance of cybersecurity students in weekly exercises and final exams over a period of three years.
This allows us to have three groups with varying degrees of ChatGPT influence, namely no access, uncontrolled access, and controlled access. In an anonymous survey, we found that approximately 80% of our students utilize ChatGPT during the weekly assignments in 2023. However, none of them indicated this on their submission, despite it being a mandatory requirement. Through statistical analysis of achieved points in our sample groups, we identified that students perform similarly on the weekly assignments. However, their performance on the final examination deteriorates.
Workshop ETACS

Detail ETACS 02/05

Topics of interest include, but are not limited to 03/05

  • Description and application of cybersecurity skills frameworks
  • Comparison of existing skills frameworks, contributions to the EU Skills Framework
  • Description of curricula related to cybersecurity
  • Lessons learned from a training experience
  • Lessons learned from the use of a given technology
  • Publication of a tool related to cyber ranges
  • Gamification, capture the flag, red/blue teaming
  • Piloting cybersecurity study programs and trainings
  • Feedback on awareness campaigns

Workshop Chairs 04/05

Workshop Chairs

Workshop Chairs Logo
Jan Hajny (General Chair)
SPARTA, Brno University of Technology, CZ
Workshop Chairs Logo
Pavel Loutocky (Co-Chair)
Masaryk University, CZ
Workshop Chairs Logo
Giuseppe Bianchi (Co-Chair)
Consorzio Nazionale Interuniversitario per le Telecomunicazioni, IT
Workshop Chairs Logo
Rocco De Nicola (Co-Chair)
IMT School for Advanced Studies Lucca, IT
Workshop Chairs Logo
Sara Ricci (Co-Chair)
Brno University of Technology, CZ

Program Committee

Pedro Adao | University of Lisbon, Portugal
Rémi Badonnel | University of Lorraine, France
Yianna Danidou | European University Cyprus, Cyprus
Letterio Galletta | IMT Lucca, Italy
Imre Lendak | University of Novi Sad, RS & Eötvös Loránd University, Hungary
Olivier Levillain | Télécom SudParis, France
Marc Ohm | University of Bonn, Germany
Edmundas Piesarskas | Lithuanian Cybercrime Center of Excellence for Training, Research & Education, Lithuania
Tanja Zseby | Vienna University of Technology, Austria
Kendra Walther | University of Southern Californiax, USA

Submission 05/05

Important Dates

Extended Submission Deadline May 14, 2024
Author Notification May 29, 2024
Proceedings Version Jun 18, 2024
EU Projects Symposium Jul 30, 2024
Conference Jul 30 — Aug 02, 2024
Register here!
Join us at ARES 2024 in Vienna, Austria