We have all heard about or experienced the cybersecurity workforce and skills shortage. In an attempt to address the skills shortage from an educational institution point of view, I used crowdsourcing to develop a new graduate level cybersecurity course. Instead of bringing together the typical curriculum committee of 3–5 faculty members and the occasional industry participant, I decided to crowdsource my network of practicing cybersecurity professionals. This crowd of experts included cybersecurity practitioners, trainers, managers, executives and leaders. One way to close the skills gap the cyber industry is facing is to ensure those skills are included in educational programs. And who better to identify those skill gaps than the current cybersecurity practitioners and leaders who are at the forefront of the industry?
To begin the crowdsourcing effort, I created a list of topics and sub-topics that I felt were important for this particular course. I then formatted these into a survey and sent them to a group of experts, encouraging them to share the survey with their network as well. The survey serves two purposes. The first is to have the expert crowd confirm the listed topics are relevant to the industry. Any topics that were not confirmed to be relevant would either be dropped completely or integrated into relatable confirmed topics. The second was to elicit any additional topics the expert crowd felt were relevant but missing from the list. Manual aggregation of the data inputs was done for both topic confirmation and new topic identification. This was repeated for sub-topic confirmation and new sub-topic identification.
Although this experiment required manual aggregation of the expert crowd’s inputs, additional research efforts could seek to automate the aggregation process and develop an ontological structure representation of the crowdsourced data. The combination of crowdsourcing and ontology development for curriculum development efforts can have a great positive impact for the cybersecurity industry. It can allow for educational institutions to reach a farther audience when eliciting content requirements; reach audiences asynchronously to avoid logistical and social conflicts present in synchronous meetings; aggregate the inputs quicker when successfully automated properly; and output a more relevant curriculum to better skill the industry because the curriculum would be outlined by the current practicing cyberwarriors and leaders.
This cannot be done without the subject matter experts. If you have the time and are interested in contributing to these efforts, the students and the industry, please reach out to bngac@gmu.edu to be added to the crowd of experts.
Editor’s note: For further insights on this topic, read Brian K. Ngac’s recent Journal article, “Direct From the Practitioner: Crowdsourcing for Cybersecurity Curriculum”, ISACA Journal, volume 4, 2021.
Don't forget—Members can earn free CPE from ISACA Journal quizzes!