UMBC’s Alan Sherman and colleagues receive over $5M in NSF support for cybersecurity education

The National Science Foundation recently awarded Alan Sherman, professor of computer science and electrical engineering (CSEE), and his colleagues, two grants totaling over five million dollars to support students and research at UMBC.

Tools to assess learning

One of the two NSF grants asks the question, what is the most effective way to teach cybersecurity—with competitions, games, hands-on experiences, or other techniques? Through this award, Sherman and colleagues will focus on developing evidence-based tools to assess the effectiveness of various approaches to teaching cybersecurity.

Sherman is working with Dhananjay Phatak, associate professor of CSEE; Linda Oliva, assistant professor of education; and collaborators at the University of Illinois at Urbana-Champaign to create two educational Cybersecurity Assessment Tools (CATS) that assesses a student’s conceptual understanding of cybersecurity. The first tool will be a concept inventory for students in any first course in cybersecurity. The second will be for students graduating from college who will be entering a career in cybersecurity.

Training future cybersecurity professionals

Sherman was awarded more than $4.9 million over five years through NSF’s CyberCorps: Scholarship for Service (SFS) program. The program is designed to increase the number of cybersecurity professionals that are trained to enter careers in government, focused on protecting the nation’s information, communications, and computer systems. Rick Forno, assistant director of UMBC’s Center for Cybersecurity, is co-PI on the new SFS program grant, as well as UMBC’s prior SFS awards.

This funding will allow Sherman to extend the work that he began with support from his previous NSF CyberCorps grant, which ends in August 2019. The Scholarship for Service program at UMBC will support 34 students who are pursuing degrees at the undergraduate and graduate levels in computer science, computer engineering, information systems, cybersecurity, and other cyber-related programs.

The grant funding will also allow Sherman to develop stronger connections with two community colleges in Maryland. Each year, one student graduating from Montgomery College and one student graduating from Prince George’s Community College will be selected to participate in the program beginning in their last year at community college, and continuing through their transfer to UMBC to complete their four-year degree. This collaboration will continue to strengthen the talent pipeline and increase the number of cybersecurity professionals who pursue public service careers.

The scholar experience

The SFS program and other cybersecurity education initiative help students develop their abilities to be prudent, thoughtful, and strategic in “managing trust and information in an adversarial cyber world.” Sherman explains, “Students must also pay careful attention to details and master relevant technical knowledge and skills, such as cryptology, network protocols, system design, and secure programming.”

Each student who receives a scholarship completes a summer internship with a government agency at the local, state, federal, or tribal level. Each recipient is also required to complete government service in a cybersecurity-related position in their field after graduation.

Based on a cohort model, the UMBC program encourages the SFS scholars to learn from each other and to engage in cybersecurity research on campus, such as through Sherman’s Cyber Defense Lab. Each January, the scholars complete a week-long collaborative research project in which they analyze a specific aspect of the security of UMBC’s computer system.

“As we enter the next five years of this grant, UMBC’s SFS program remains a unique, robust opportunity for students to explore the wide range of possibilities in the cybersecurity discipline,” explains Forno. “It allows them to fully prepare for and commit themselves to entering the federal cyber workforce, and make a difference on Day One no matter where they begin their careers in the service of our nation.”

Adapted from a UMBC News article by Megan Hanks. Banner image: Rick Forno, left, and Alan Sherman. Photo by Marlayna Demond ’11 for UMBC.

The UMBC Cyber Defense Lab presents

Legal Aspects of Privacy and Data Protection

Razvan Miutescu
Privacy Counsel, Whiteford, Taylor & Preston

12:00–1:00pm Friday, 9 November 2018, ITE 227, UMBC

Privacy and data security continue to be topics of interest for organizations of all sizes. In addition to being concerned about cyber crimes and data breaches occurring more frequently and with higher operational impact, consumers and regulators around the world are focusing on privacy. Individuals are becoming increasingly aware of the value and the use of the information that identifies them or analyzes their conduct and behavior. Privacy laws around the world are becoming stricter. The European Union’s General Data Protection Regulation (GDPR) is viewed as a flagship law that imposes data protection requirements well beyond the borders of the European Economic Area. California recently passed its Consumer Privacy Act, which borrows concepts from the GDPR, leaving no doubt that privacy laws in the United States are also on track to become more complex. In this context, we will discuss practical legal approaches to an organization’s privacy and data security program.

Razvan Miutescu is a technology and information governance attorney with Whiteford, Taylor & Preston. His practice focuses on privacy and data security, information technology transactions and licensing, intellectual property, and data management, including data broker transactions, cloud services, distributed ledgers/blockchain, and related regulatory and compliance matters. Email:

Host: Alan T. Sherman,

The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public.

Professional Graduate Programs Open House, Sat. 10/20

The Fall Open House for UMBC’s Professional Programs (Main Campus offerings) takes place on Saturday, October 20 in the first floor of PAHB from 9:30-11:30am. Students interested in exploring and/or pursuing these graduate programs (degrees and/or certificates) or just want to learn more about these fields are encouraged to register and attend. CSEE students interested in pursuing a BS/MPS option for selected programs (such as CYBR or Data Science) are especially welcome.

Programs represented include

• • Cybersecurity
  • Data Science
  • Health Information Technology
  • Engineering Management
  • Systems Engineering
  • Instructional Systems Development
  • Integrated Product Development & Manufacturing
  • Technical Management

Faculty program directors will be presenting in individual breakout sessions and relevant support staff will be on-hand to provide administrative overviews, answer questions, and mingle. Refreshments will be provided.

If you are interested, please RSVP at https://openhouse.umbc.edu/. If you have questions contact:

Busy teams of students clustered around laptops in a room overlooking Baltimore’s Inner Harbor on Tuesday, focused on solving as many challenges as possible during a “capture-the-flag” style competition. After hours of intense competition in cyberspace, UMBC’s team emerged victorious, named champions of the college division of the 2018 Maryland Cyber Challenge.

Started in 2011, the competition is part of the annual CyberMaryland Conference. UMBC’s team included Niara Richards ‘22, computer science; Nithya Prakash ‘22, information systems; Josh Mpere ‘19, computer science; Seamus Burke ‘20 computer science; and Swathi Krithivasan ‘22, computer science. They worked together to test their skills in a series of real-world cybersecurity challenges over the course of two virtual qualifying rounds and then the final competition, beating talented teams from the U.S. Air Force Academy and University of Maryland, University College.

“It was my first time competing in the Maryland Cyber Challenge, although I have a pretty extensive competition background,” said Burke. “I am especially proud of my freshman teammates who put in a ton of effort, solved challenges, and didn’t get discouraged when the challenges got more difficult.”

Burke is a Center for Women in Technology (CWIT) Scholar and Mpere is a Cyber affiliate. Richards, Prakash, and Krithivasan all participate in UMBC’s Cyber Scholars Program, which works to prepare the next generation of cybersecurity professionals.

All five members of the winning team will receive a monetary award and an offer to complete a summer internship to continue growing their experience and skills. Additionally, the university will receive new technologies (including software) to support more UMBC students in developing their cybersecurity skills.

“The competition was a fantastic experience and gave me a lot of exposure into topics that I otherwise would not have gained, especially as a freshman,” said Krithivasan. “We had a mix of both upper and underclassmen on our team, which really enabled us to learn and grow from working with each other.”

Adapted from a UMBC News article by Megan Hanks. Banner image: Nithya Prakash, Swathi Krithivasan, and Josh Mpere being recognized at the award ceremony. Photo by Mike Lackner, computer science and informatics, and technology instructor at Loyola Blakefield High School.

The UMBC Cyber Defense Lab presents

Results from the January 2018 SFS Research Study at UMBC

Enis Golaszewski, CSEE, UMBC

12:00-1:00pm Friday, 12 October 2018, ITE 227

January 22-26, 2018, UMBC SFS scholars worked collaboratively to analyze the security of a targeted aspect of the UMBC computer system. The focus of this year’s study was the WebAdmin module that enables users to perform various functions on their accounts, including changing the password. Students identified vulnerabilities involving failure to sanitize user input properly and suggested mitigations. Participants comprised BS, MS, MPS, and PhD students studying computer science, computer engineering, information systems, and cybersecurity, including SFS scholars who transferred from Montgomery College (MC) and Prince George’s Community College (PGCC) to complete their four-year degrees at UMBC. We hope that other universities can benefit from our motivational and educational strategy of cooperating with the university’s IT staff to engage students in active project-based learning centering on focused questions about the university computer system.

Enis Golaszewski is a PhD student and SFS scholar in computer science working with Dr. Sherman on blockchain, protocol analysis, and the security of software-defined networks.

This project was supported in part by the National Science Foundation under SFS grant 1241576.

Host: Alan T. Sherman,

The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public.

MD-AI Meetup holds 1st event at UMBC
6-8pm Wed 10/3, 7th floor library

A new Maryland-based meetup interest group has been established for Artificial Intelligence (MD-AI Meetup) and will have its first meeting at UMBC this coming Wednesday (Oct 3) from 6:00-8:00pm in the 7th floor of the library.  The first meeting will feature a talk by UMCP Professor Phil Resnik on the state of NLP and an AI research agenda.  Refreshments will be provided.  The meetup is organized by Seth Grimes and supported by TEDCO, local AI startup RedShred, and the Maryland Tech Council.

If you are interested in attending this and possibly future meetings (which will probably be monthly), go to the Meetup site and join (it’s free) and RSVP to attend this meeting (if there’s still room).  If you join the meetup and RSVP, you can see who’s registered to attend.

These meetups are good opportunities to meet and network with people in the area who share interests. It’s a great opportunity for students who are will be looking for internships or jobs in the coming year.

The UMBC Cyber Defense Lab

Machine Learning and Artificial Intelligence: A Technical Chat with the Defense Information Systems Agency

James Curry
Lead Engineer–DoD Cyber Security Range
Defense Information Systems Agency (DISA)

12:00–1:00pm Friday, 28 September 2018, ITE 227, UMBC

A broad reaching brief on the scope and scale of the DISA Mission, followed by a dive into DISA’s efforts to develop Machine Learning and Artificial Intelligence to help defend the nation’s cyber infrastructure. Attendees are highly encouraged to ask questions.

James Curry is the Lead Engineer of the DoD Cyber Security Range (CSR). The CSR’s mission is to replicate the DoD Information Network (DODIN) environment at lab scale, while maintaining high-fidelity realism. As Lead Engineer, Mr. Curry led the design, acquisition, and implementation of two first-of-its-kind technologies: a Virtual Internet Access Point (vIAP) and a Virtual Joint Regional Security Stack (vJRSS). These technologies enable the DoD Workforce to train in an IaaS-on-demand environment that realistically matches DISA’s core infrastructure. Mr. Curry is a Scholarship for Service (SFS) recipient (2008-2009) and received his masters and bachelors of science in computer science from New Mexico Tech. Email:

Host: Alan T. Sherman,

The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming meetings for Fall 2018 include the following.

• Oct 12 Enis Golaszewski, The 2018 UMBC SFS study
• Oct 26 Enis Golaszewski, Using tools in the formal analysis of cryptographic protocols
• Nov 9 Razvan Mintesu, Legal aspects privacy
• Dec 7 Tim Finin, A knowledge graph for cyber threat intelligence

Get hands-on cybersecurity and blockchain skills in NSA’s Codebreaker Challenge

NSA’s sixth annual Codebreaker Challenge is a hands-on, cybersecurity engineering challenge in which students work to complete mission-focused objectives and push their university to the top of the competition leaderboard.

The 2018 scenario involves ransomware and blockchain. A new strain of ransomware has managed to penetrate several critical government networks and NSA has been called upon to assist in remediating the infection to prevent massive data losses. For each infected machine, an encrypted copy of the key needed to decrypt the ransomed files has been stored in a smart contract on the Ethereum blockchain and is set to only be unlocked upon receipt of the ransom payment. Your mission is to ultimately (1) find a way to unlock the ransomware without giving in to the attacker’s demands and (2) figure out a way to recover all of the funds already paid by other victims. Are YOU up to the challenge?

UMBC students did well, both individually and as a group, in previous challenges.  Let’s make it to the top of the leaderboard this year.

• The challenge is hosted at https://codebreaker.Ltsnet.net
• The challenge end on December 31st
• Students register for the challenge at2017 Codebreaker Challenge using their umbc.edu email addresses
• The challenge website has nine lectures on reverse engineering, so students with little coding or cybersecurity experience can participate

Feedback from previous iterations of the challenge showed that students were able to learn a great deal from participating. Each student receives a slightly different set of challenge binaries and associated files, so that one student’s solution won’t work for someone else. The binaries are similar enough so that students can work together to understand the problems and develop approaches to solutions and hen implement them independently and register their results.

The 2018 challenge consists of a series of tasks that are worth a varying amount of points based upon their difficulty. In previous years, tasks had to be solved in order to unlock the next task and rankings were based upon the quantity of solvers that progressed the furthest from each school. This way of ranking heavily weighted progression above participation and did not allow for skipping ahead if a particular task became a stumbling block. So to address these issues, all tasks will be available immediately upon registration and can be solved in any order. The point value associated with each task is based on relative difficulty and schools will be ranked according to total number of points accumulated by their students. It is still recommended to solve tasks in order since the tasks flow with the storyline, but that is no longer a requirement.

The UMBC Cyber Defense Lab

Phishing in an Academic Community:
a Study of User Susceptibility and Behavior

Alejandra Diaz
University of Maryland, Baltimore County

12:00–1:00pm, Friday, 14 September 2018, ITE 227

(joint work with Alan T. Sherman Anupam Joshi)

We present an observational study on the relationship between demographic factors and phishing susceptibility at the University of Maryland, Baltimore County (UMBC). From March through May 2018, we performed three experiments that delivered phishing attacks to 450 randomly-selected students on three different days (1,350 students total) to examine user click rates and demographics within UMBC’s undergraduate student population. The participants were initially unaware of the study. We deployed the Billing Problem, Contest Winner, and Expiration Date phishing tactics. Experiment 1 impersonated banking authorities; Experiment 2 enticed users with monetary rewards; and Experiment 3 threatened users with account cancellation.

We found correlations resulting in lowered susceptibility based on college affiliation, academic year progression, cyber training, involvement in cyber clubs or cyber scholarship programs, amount of time spent on the computer, and age demographics. We found no significant correlation between gender and susceptibility. Contrary to our expectations, we observed an inverse correlation between phishing awareness and student resistance to clicking a phishing link. Students who identified themselves as understanding the definition of phishing had a higher susceptibility rate than did their peers who were merely aware of phishing attacks, with both groups of students having a higher susceptibility rate than those with no knowledge whatsoever. Overall, approximately 70% of the students who opened a phishing email clicked on it.

Alejandra Diaz () is a cyber software engineer at Northrop Grumman. She earned her BS in computer science from UMBC with a concentration in cybersecurity in May 2017, and her MS in computer science in August 2018. As a Cyber Scholar and a Society of Women Studying Information Security Scholar, she has a special interest in the human aspects of cybersecurity.

Host: Alan T. Sherman,

Support for this research was provided in part by the National Science Foundation under SFS grant 1241576, the U.S. Department of Defense under CAE grant H988230-17-1-0349, and IBM.