Research groups at universities of applied sciences important in steering cyber security education

July 13, 2020

Hans Henseler

Written by dr. Ir. J. (Hans) Henseler, (part-time) lecturer Digital Forensics & E-discovery at Leiden University of Applied Science. Until recently, Henseler was also director of Magnet Forensics, which in 2018 bought the product and team from Tracks Inspector BV, the company he set up with colleagues after a management buyout from cybersecurity company Fox-IT, where he was a partner from 2010 to 2014.

In May 2020, dcypher published the National Cyber Security Education Agenda (NCSEA). This agenda describes the challenges the Netherlands faces concerning cyber security education and emphasises the urgency of this issue. It focuses on actions and it proposes interventions that must lead to improvements. Independent leadership is needed to facilitate coherence in collaboration and prevent fragmentation.

Since 2009, I have been a (part-time) professor and for the past four years I have held a position at University of Applied Sciences Leiden with my research group that is part of the bachelor’s course in ICT and especially the specialisation Forensic ICT. If you would like to find out more about this course and other cyber security (master’s and bachelor’s) courses in the Netherlands, then you can find a detailed overview on this website. As a professor, I recognise the challenge described in the NCSEA, and I would like to explain the importance of the interventions and provide direction from my perspective as a cyber security professor.

The four main intervention themes (professionalisation, teaching, collaboration and expansion) concern higher education (universities and universities of applied sciences). Several interventions are obvious, and universities of applied sciences are already realising these or have the intention to do so. Examples are the training of more students and the professionalisation of lecturers in the field of cyber security. Also, the principle of lifelong learning that universities of applied sciences pursue helps them to keep up with the rapid developments in the field of cyber security through the training and further professional development of people who are already working.

The ability to educate more full-time and part-time students requires more lecturers who understand cyber security (subareas)​. It is hard to find and retain those lecturers given the considerable demand on the labour market. Intervention 4.2 of the NCSEA proposes a matchmaking platform for higher education lecturers to match the demand for lecturers from educational institutions and the supply of (guest) lecturers from industry/government. In practice, this is proving difficult. It is already possible to find guest lecturers, but they teach about their own practice, and it is not possible to fill a curriculum with that.

Universities of applied sciences will have to search for a more structural solution. In the introduction, the NCSEA emphasises the importance of the interwovenness between cyber security research and education. At universities of applied sciences, research is organised around research groups and these could provide the key to a structural solution. Due to the rapid changes in cyber security technology and the public acceptance of these, lecturers and students at universities of applied sciences need to gain more experience with practice-oriented research. Research groups can play a crucial role in this regard and are vital for the continuous renewal of (cyber security) education.

Universities of applied sciences are well known for their collaboration with the working field. In that sense, much has been achieved, and practice-oriented researchers and vocational courses cover almost the entire value chain. In their third year, students do an internship in the professional field and they graduate at an external organisation (government or company). By involving the professional field in this practice-oriented research, research groups want to increase the chances of valorisation and public acceptance of new technology. What will hopefully help in this process is that after completing their bachelor’s degree, the students will work in the field of cyber security or move on to a master's degree at a university while still remaining in contact with our own research groups.

The role of cyber security research groups in education is currently under pressure. This is because cyber security researchers are scarce and many research groups work with lecturing researchers. However, due to the high pressure from the degree courses, the practice-oriented research does not receive as much attention as it requires. Of course, lecturers also supervise students during their internships and graduation projects, but in this their role is limited to helping the student with the structures of the internship or graduation project, checking whether sufficient competencies have been achieved and providing guidelines for the report. Only lecturers who have the time to familiarise themselves more with the knowledge field of the research group can substantively coach the students and ensure continuity in the research. However, it is proving difficult to genuinely allow lecturing researchers to independently work on (practice-oriented) research projects. That requires far more time.

In intervention 4.1, the NCSEA proposes organising Partnerships in Education which have the aim of enabling research and education to better connect with professional practice in small and large organisations. That is a logical thought because within universities of applied sciences, there are numerous examples of forms of collaboration with industry and government that are successful in acquiring non-government funding and realising research. They manage to recruit postdocs and PhDs and have built up a critical mass and reputation so that they can acquire new grants.

Unfortunately, such mature forms of collaboration in the area of cyber security are still scarce. The Internet of Things (IoT) Forensic Lab of my research group, which is located at the HSD campus, is one such example. Together with companies and government organisations that are located on the campus, students and lecturers can do research and vocational education in forensic ICT is provided. The IoT Forensic Lab seems to be a perfect way of realising collaboration with the professional field. However, experience has taught that a lot of time is still needed before you are part of the research networks in the Netherlands.

Eventually, such efforts are successful, and a good example of that is the participation of the lab in the INTERSECT (INTERnet of SECure Things) project. With this programme, we will be part of a prestigious research network in the Netherlands for the next eight years in the field of security and the Internet of things. However, the size of our contribution in this is still very limited and not enough to recruit an extra researcher. Together with the education manager, we are now trying to find a lecturer to fulfil this role in the project and to make him or her available for two days per week. That is good for the interconnectedness between research and education so that the lecturer keeps up to date with the latest development and the education is refreshed. However, it is not easy to find a lecturer with the correct profile who also wants to do that and can also be released from the standard education programme.

The NCSEA places the responsibility for forming Partnerships in Education with the cyber security research groups who have joined the platform PRIO (platform Practical ICT Research).At the first meeting of PRIO in December last year, it quickly became apparent that other cyber security research groups present also experience problems with interconnecting research and education. We would like to help improve education and to recruit more qualified lecturers, but as long as they are not there and the educational burden for the current lecturers remains high, it will be difficult to realise research projects.

Ultimately, I am convinced that cyber security Partnerships in Education with industry and the government will become mature. Given the urgency with which the NCSEA talks about this, it is questionable whether we want to and can wait for this to happen. That urgency is felt by the research groups as well. It would help if research funding bodies would recognise the usefulness of central leadership and make the “resources” available for this (for example, to PRIO) to strengthen the interconnectedness between cyber security research and education.