ETACS

3rd workshop on Education, Training and Awareness in Cybersecurity
  • Date
    Jul 30, 2024
  • Location
    SR03
  • Duration
    15:00 — 18:30
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Jan Hajny (General Chair)
  • → Pavel Loutocky (Co-Chair)
  • → Giuseppe Bianchi (Co-Chair)
  • → Rocco De Nicola (Co-Chair)
  • → Sara Ricci (Co-Chair)

Accepted Paper

Tackling the cybersecurity workforce gap with tailored cybersecurity study programs in Central and Eastern Europe
Marko Zivanovic (PhD Student, Faculty of Technical Science, Novi Sad, Serbia, Serbia), Imre Lendák (Professor, Faculty of Technical Science, Novi Sad, Serbia, Serbia), Ranko Popovic (Retired professor, Faculty of Technical Science, Novi Sad, Serbia, Serbia)
Full Paper
Digitalization of society brought improvement in many aspects of life but it also brought new cybersecurity challenges. The number of sophisticated, targeted cyber attacks is increasing, which requires constant improvements in Cybersecurity education. Despite this pressing need, the cybersecurity workforce gap is getting bigger. This paper presents a new approach for dynamic cybersecurity curriculum development that utilizes keyword extraction from various sources such as job ads, courses, and curricula with machine learning to quantify curriculum alignment with cybersecurity industry demands and address the workforce gap. The analysis illustrates curricula in the Central East Europe (CEE) region, maps cyber security job ads to curricula and quantifies coverage of courses, industry, and reference framework topics based on keyword matching. The case study conducted with curricula from CEE illustrates coverage according to the ENISA’s European Cybersecurity Skills Framework (ECSF) roles and optimization progress after adjustment application. The results demonstrate the importance of dynamic curriculum updates for academic institutions including cybersecurity workforce gap reduction and lack of real progress towards alignment with ECSF.
Workshop ETACS
Enhancing Cybersecurity Curriculum Development: AI-Driven Mapping and Optimization Techniques
Petr Dzurenda (Brno University of Technology, Czechia), Sara Ricci (Brno University of Technology, Czechia), Marek Sikora (Brno University of Technology, Czechia), Michal Stejskal (Brno University of Technology, Czechia), Imre Lendák (Faculty of technical sciences, Serbia), Pedro Adao (Instituto Superior Tecnico, Portugal)
Full Paper
Cybersecurity has become important, especially during the last decade. The significant growth of information technologies, internet of things, and digitalization in general, increased the interest in cybersecurity professionals significantly. While the demand for cybersecurity professionals is high, there is a significant shortage of these professionals due to the very diverse landscape of knowledge and the complex curriculum accreditation process.

In this article, we introduce a novel AI-driven mapping and optimization solution enabling cybersecurity curriculum development. Our solution leverages machine learning and integer linear programming optimization, offering an automated, intuitive, and user-friendly approach. It is designed to align with the European Cybersecurity Skills Framework (ECSF) released by the European Union Agency for Cybersecurity (ENISA) in 2022. Notably, our innovative mapping methodology enables the seamless adaptation of ECSF to existing curricula and addresses evolving industry needs and trend. We conduct a case study using the university curriculum from Brno University of Technology in the Czech Republic to showcase the efficacy of our approach. The results demonstrate the extent of curriculum coverage according to ECSF profiles and the optimization progress achieved through our methodology.
Workshop ETACS
Beyond the Bugs: Enhancing Bug Bounty Programs through Academic Partnerships
Andrej Krištofík (CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Slovakia), Jakub Vostoupal (CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Czechia), Kamil Malinka (Institute of Computer Science and Faculty of Informatics, Masaryk University, Czechia), František Kasl (CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Czechia), Pavel Loutocký (CERIT, Faculty of Informatics, and Institute of Law and Technology, Faculty of Law, Masaryk University, Czechia)
Full Paper
This paper explores the growing significance of vulnerability disclosure and bug bounty programs within the cybersecurity landscape, driven by regulatory changes in the European Union. The effectiveness of these programs relies heavily on the expertise of participants, presenting a challenge amid a shortage of skilled cybersecurity professionals, particularly in less sought-after sectors. To address this issue, the paper proposes a collaborative approach between academia and bug bounty issuers.

By integrating bug bounty programs into cybersecurity courses, students gain practical skills and soft skills essential for bug hunting and cybersecurity work. The collaboration benefits both issuers, who gain manageable manpower, and students, who receive valuable hands-on experience. A pilot conducted during the current academic year yielded positive results, indicating the potential of this approach to address the demand for skilled cybersecurity professionals. The insights gained from the pilot inform future considerations and advancements in this collaborative model.
Workshop ETACS
Event-based Data Collection and Analysis in the Cyber Range Environment
Willi Lazarov (Brno University of Technology, Czechia), Samuel Janek (Brno University of Technology, Czechia), Zdenek Martinasek (Brno University of Technology, Czechia), Radek Fujdiak (Brno University of Technology, Czechia)
Full Paper
The need to educate users on cybersecurity to some extent is critical due to the ever-increasing cyber threats. A number of web presentations, books, and other study materials can be used for this purpose. In contrast to passive learning methods, hands-on training offers a deeper perspective but poses considerable technical challenges to its implementation, which can be resolved using cyber range platforms. However, in order to thoroughly evaluate the training and provide sufficient feedback, data must be collected and analyzed. Our paper addresses this problem by developing an event-based approach for data collection and analysis. The use of events allows us to keep a history of an event and reconstruct it retrospectively, especially for further analysis and evaluation. We validated the implemented approach in a cyber range environment, in which we developed an interactive interface to visualize the analyzed data.
Workshop ETACS
Assessing the Impact of Large Language Models on Cybersecurity Education: A Study of ChatGPT's Influence on Student Performance
Marc Ohm (University of Bonn & Fraunhofer FKIE, Germany), Christian Bungartz (University of Bonn, Germany), Felix Boes (University of Bonn, Germany), Michael Meier (University of Bonn & Fraunhofer FKIE, Germany)
Full Paper
The popularity of chatbots to facilitate day-to-day business, including students and their study exercises, is on the rise. This paper investigates the extent and effects on the academic performance of students that leverage such tools. While many other approaches are hypothesized and discussed, we measure empirically. We recorded and compared the performance of cybersecurity students in weekly exercises and final exams over a period of three years.
This allows us to have three groups with varying degrees of ChatGPT influence, namely no access, uncontrolled access, and controlled access. In an anonymous survey, we found that approximately 80% of our students utilize ChatGPT during the weekly assignments in 2023. However, none of them indicated this on their submission, despite it being a mandatory requirement. Through statistical analysis of achieved points in our sample groups, we identified that students perform similarly on the weekly assignments. However, their performance on the final examination deteriorates.
Workshop ETACS

Detail ETACS 02/05

Workshop on Education, Training and Awareness in Cybersecurity to be held in the conjunction with the ARES Workshops EU Projects Symposium 2024 at the 19th International Conference on Availability, Reliability and Security
The current lack of cybersecurity experts on the world job market is a significant problem that can be solved only by coordinated and focused development of higher education and professional training programs. All topics related to cybersecurity education, training and awareness will be considered for the Workshop on Education, Training and Awareness in Cybersecurity (ETACS). ETACS seeks for novel submissions from academia, government as well as industry contributing to cybersecurity education, training and awareness. 

The focus is on practical research into higher-education cybersecurity curricula, professional training, building of cyber ranges and their coalitions across Europe, methods to assess and raise awareness in cybersecurity, the implementation of systems, and lessons learned. Furthermore, the EU-wide agreement on the identification of skills necessary for cybersecurity work roles is one of the main interests of the workshop. The event aims at putting together people form universities, professional training institutions, industry, government and EU agencies to discuss current problems and solutions for cybersecurity education and training.
The workshop is supported by the European Union’s Erasmus+ project #621701-EPP-1-2020-1-LT-EPPKA2-SSA-B REWIRE, Horizon Europe project #101087529 CHESS and the Ministry of the Interior of the Czech Republic under grant VJ03030003 under program IMPAKT 1.

Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or European Research Executive Agency. Neither the European Union nor the granting authority can be held responsible for them.
Keynote ETACS

The State of Cybersecurity Today – Exploring the Effectiveness of Cybersecurity Defenses through a Pedagogical Lenses

In today's interconnected digital world, effective cybersecurity defense is paramount to safeguarding information privacy against evolving threats while preserving the data integrity of critical infrastructure, national security, and academic institutions. Ensuring information security concerns are addressed is vital to maintaining a strategic position of cybersecurity readiness today, however, there is a fundamental challenge in how the education is being presented and received. With the pervasive use of technology and the increasing threats in cyberspace, there is a pressing need to reimagine the requisite cybersecurity skills and robust knowledge needed by users, beginning with challenging the traditional pedagogical model used when implementing (cyber) Security Education Training and Awareness (SETA).

Focusing on the pedagogy, the theory and practice of learning, and how this process influences, and is influenced by, the social, political, and psychological development of learners, we begin to better understand why the current cyber education model is ineffective, and what can be done as educators to improve the failed system. Supportive research data highlighting more effective ways to teach cyber education will help identify strategies for enhancing cyber defenses. In addition, collaborative discussions revolving around how academic research can improve our defensive security posture across industries and domains will help facilitate the defensive changes needed.


About the Speaker

Joseph Squillace, Ph.D., is an Assistant Teaching Professor of Cybersecurity at Penn State Schuylkill. Joseph received his Ph.D. in Information Systems (DISS) with a concentration in Information Security from the College of Engineering and Computing at Nova Southeastern University (NSU). Joseph’s research interests include Cyberbullying, Cybersecurity, Privacy, Threat Intelligence, Cyberterrorism, Critical Infrastructure, Disaster Recovery, Cybersecurity in Artificial Intelligence (AI), Secure Supply Chain, Data Integrity, and Economics of Information Security and Privacy Breaches. Joseph has previously published scholarly research in Cybersecurity, Artificial Intelligence, Privacy, Information Systems, Computer Science, the Internet of Things (IoT), and Climate Change domains.

Dr. Joseph Squillace’s area of research expertise is within the Computer Science domain. His Technology-based research has used qualitative, quantitative, and mixed methodology models, varied statistical analysis methods, and focused primarily on the advancement of new model artifacts and pedagogical-based education/training using novel theoretical approaches.His research stream spans a variety of domains, including foundational interest in Cybersecurity Education, Information and Behavioral Sciences, Criminal Justice, Sociology, and User Behavior. With direct expertise in Information Security (InfoSec), Dr. Squillace has had academic publications in peer-reviewed journal articles, and academic presentations examining specialized areas within security, including Cyberbullying, Cybersecurity Education and Pedagogy, Cybersecurity Psychology, Privacy, Ethical Actions, User Behavior (Theory), Corporate Compliance and Governance, Security Education, Training, and Awareness (SETA), Economics of Security Breach Events, eWaste, and Green Computing(sustainability). Dr. Squillace is also a Distinguished Academic Research Fellow at CyberWatch and the National Cyber Science and Practice Symposium Program Committee Chair for National CyberWatch.

Topics of interest include, but are not limited to 03/05

  • Description and application of cybersecurity skills frameworks
  • Comparison of existing skills frameworks, contributions to the EU Skills Framework
  • Description of curricula related to cybersecurity
  • Lessons learned from a training experience
  • Lessons learned from the use of a given technology
  • Publication of a tool related to cyber ranges
  • Gamification, capture the flag, red/blue teaming
  • Piloting cybersecurity study programs and trainings
  • Feedback on awareness campaigns

Workshop Chairs 04/05

Workshop Chairs

Workshop Chairs Logo
Jan Hajny (General Chair)
SPARTA, Brno University of Technology, CZ
Workshop Chairs Logo
Pavel Loutocky (Co-Chair)
Masaryk University, CZ
Workshop Chairs Logo
Giuseppe Bianchi (Co-Chair)
Consorzio Nazionale Interuniversitario per le Telecomunicazioni, IT
Workshop Chairs Logo
Rocco De Nicola (Co-Chair)
IMT School for Advanced Studies Lucca, IT
Workshop Chairs Logo
Sara Ricci (Co-Chair)
Brno University of Technology, CZ

Program Committee

Pedro Adao | University of Lisbon, Portugal
Rémi Badonnel | University of Lorraine, France
Yianna Danidou | European University Cyprus, Cyprus
Letterio Galletta | IMT Lucca, Italy
Imre Lendak | University of Novi Sad, RS & Eötvös Loránd University, Hungary
Olivier Levillain | Télécom SudParis, France
Marc Ohm | University of Bonn, Germany
Edmundas Piesarskas | Lithuanian Cybercrime Center of Excellence for Training, Research & Education, Lithuania
Tanja Zseby | Vienna University of Technology, Austria
Kendra Walther | University of Southern Californiax, USA

Submission 05/05

Submission Guidelines

The submission guidelines valid for the workshop are the same as for the ARES conference.
More Information

Important Dates

Extended Submission Deadline May 14, 2024
Author Notification May 29, 2024
Proceedings Version Jun 18, 2024
EU Projects Symposium Jul 30, 2024
Conference Jul 30 — Aug 02, 2024
Register here!
Join us at ARES 2024 in Vienna, Austria