The Transformation: HCC's Network Security Program Among the Best

By Joseph Patrick Bulko, STAFF WRITER



Dale Schnepf was hired three years ago to transform the Network Security program at Howard Community College (HCC) into a top-notch learning environment. In March, the program achieved compliance with the Committee on National Security Systems (CNSS) National Standard 4011, which is also recognized by the National Security Agency (NSA). Mission accomplished.

Schnepf, the HCC network security coordinator and English/language/business lab manager, had been teaching part-time at HCC, but took a 50% pay cut from his information technology consulting business, which specializes in business process improvement and network security, to accept the full-time HCC position.

"For the last three years I've been literally renovating their pre-existing network security program that had over time degraded to poor quality," Schnepf said. "They were doing lab exercises with equipment that adjuncts were bringing in from their home, their basement. They were doing it on desktops, and it was unacceptable."

Issues included how to design an ever-changing curriculum to handle real-world changes in network security and how to make the program hands-on and real-world. "I stole shamelessly," he said about his methods of acquiring ideas and techniques. "Every best practice that I heard, I said, 'We can do that.'"

In 2002 when HCC first rolled out the program, he noted, "We probably had a cutting edge network security curriculum. I came in 2005, and it had degraded to poor quality by then."

Schnepf enlisted the help of three students and one adjunct faculty member to design, build and rewire the lab. "It was a grassroots effort, but it's there now, and it's a very nice lab," he said. "It's one of the best labs in Maryland."

Donations from local businesses and partnerships with local companies helped with the process. "Every possible way to get this curriculum reworked and the lab built and configured, we've used it," Schnepf said. "I've just beat on so many doors until somebody gives me something."



Genesis - Cyber Security

HCC's Network Security program was designed in response to the increased growth of computer network security concerns, from regional to international environments. These concerns have increased the need for graduates with theory and application skills in this area. The curriculum prepares students for working with network security in private, public and governmental arenas at the mid-administrative level.

"9/11 was a wake-up call," Schnepf stated. "As a nation, we are painfully unprepared for cyber attacks. The Chinese are playing havoc with us. Russians are beating up on our businesses."

Attacks come in many flavors: "Hacking, viruses, Trojans, extorting money from banks and other financial institutions, stealing information that's top secret from the government," he said.

"All you can do is minimize the risk," he continued. "We teach our students to assess the vulnerability of the network and harden that network against attack. It's a constant vigil. You need to understand your adversaries. I'm training my guys to lock down all the networks. We give them a challenge. They troubleshoot it. They solve it."

The computer lab consists of workstations and servers interconnected and configured to allow students to practice solving real-world security problems. "For example, we'll configure a small business server here with vulnerabilities," Schnepf explained. "They will uncover those vulnerabilities. They'll set up a firewall to fix some of the vulnerabilities. They'll patch software in the small business server. Whatever it takes to fix the vulnerabilities, they'll learn how to do it."

Several degree and certificate options are available in the Network Security program: an AAS degree in Network Security Administration, an AA degree in Network Security Information Technology and a certificate of proficiency in Network Security Administration.

"We've had the degree program for about six years," explained Sharon Schmickley, division chair for HCC's Business and Computer Systems Division. "We started the NSA compliance about one year ago. Only four of 14 community colleges have met the standard. Compliance with the NSA standard is very important. It assures that what we teach is matched [by what is needed]. Everyone going through the program has the same base of knowledge and the same standards. In Information Assurance, standards are very important."



Curriculum & Articulation

The National Science Foundation (NSF), which provides grants to educational organizations, "is aware in the United States that demand for network security professionals is far greater than supply - by about 8% per year," Schnepf added. "We can't find, train and graduate students fast enough. Network security is a very specialized area of IT."

In conjunction with CyberWATCH, a group providing assistance to academic institutions for curriculum development and compliance to the 4011 standard, HCC has developed "matriculation agreements so that students can easily transfer to four-year programs," Schnepf said.

Agreements with Johns Hopkins University, Capitol College and others allow Schnepf's students to advance to a four-year school without a problem, "or they can go out into the industry," he explained. They also can choose the option of the certificate program "where they take my five classes, they get a certificate from us, they get a certificate from NSA, because those five classes are NSA approved, and they basically walk out with a year's worth of education and can find a well-paying job in the area."

CyberWATCH, or the Washington Area Technician and Consortium Headquarters, is a consortium of higher education institutions, businesses and government agencies in the D.C./Maryland/Virginia region that is focused on building and maintaining a stronger information security/assurance workforce. Members collaborate to share best practices, methodologies, curricula, course modules and materials, and provide faculty training and support to colleges that want to develop a cybersecurity/information assurance curriculum.



Evolution, Response & the Marketplace

In this field, "things change so rapidly," Schnepf said. "It is constantly evolving and changing. We must revise the curriculum all year long. This is a very important area to our country."

The changes are "driven by industry and by the attackers," he said. "Industry is trying to keep up technologically with ways to keep the crackers out and the crackers are just having a fun time modifying a few lines of code here and a few lines of code there and the way that they attack systems."

Who launches the attacks? "They are more and more coordinated," he said. "There is a huge 'botnet' that can be rented to perform denial of service attacks on corporations. This is literally a business that's booming, mostly by former Iron Curtain countries. They face no extradition. They make money via extortion."

Who hires network security professionals? They range from banks, law firms and government agencies to any business or organization with a connection to the Internet, Schnepf said. Northrop Grumman, Honeywell and Lockheed Martin are some of the larger firms hiring HCC students.

Additionally, "what we've been doing here is looking toward the smaller businesses, rather than these huge enterprise-level businesses," he continued. "We've been looking at law firms and doctors' offices and things like that to hire my guys. If your server is hacked into and does damage to another company, your company is liable."

The importance of computer network security in today's high tech globalized economy provides ongoing opportunities for the IT professional. "If you're willing to constantly go to school and constantly read [to keep up with new developments in the field]," Schnepf concluded, "you can be enormously beneficial to a company," and command compensation upwards to $250 per hour as a consultant.