Gov. Terry McAuliffe, Sen. Mark Warner tell attendees at Commonwealth Cyber and Education Conference held at NOVA-Woodbridge They want Virginia to be number one in cybersecurity


Two-hundred-ninety attendees packed the new Regional Center for Workforce Education and Training (RCWET) Wednesday at Northern Virginia Community College’s Woodbridge Campus. The day-long “Commonwealth Conference on Cyber and Education,” drew legislators, educators and corporate technology experts from throughout Virginia.

Among the noted guests were Karen Jackson, Virginia’s Secretary of Technology and co-chair of the Commonwealth Cyber Commission; Richard Clarke, CEO of Good Harbor Security Risk Management, co-chair of the Commonwealth Cyber Commission; Virginia Sen. Mark Warner and Virginia Governor Terry McAuliffe.

Sen. Warner told attendees that it is necessary to capitalize on an era where there are two Virginia senators and a Virginia governor who get along and work together. We must collaborate to work well with state and federal resources, he said. Warner noted the material cybersecurity threat is as great a threat as any other we face in the world. He said there are two kinds of businesses—those that know they have been hacked and those who don’t know it but were.

“We must do three things,” Warner said, “We must focus on the pipeline of talent into public and private sector partnerships. Once in the field, we need to create ways to move back and forth between public and private sector at various points in a person’s career. Finally, we need to concentrate on innovation and create centers for private innovation.”

Following two panels on filling the cyber talent pipeline from the private sector and federal perspectives and a panel outlining the need for educational institutions to become “Cyber Center for Excellence” certified, Governor Terry McAuliffe took to the podium.

McAuliffe said he wants to make Virginia the global leader in cybersecurity. Virginia is currently second to California, and he does not like to be second.

“My slogan is ‘Building a New Virginia economy,’” he said. “I am dead set on making Virginia the leader in cybersecurity.”

McAuliffe said that he will release his two-year budget on Dec. 17. In that budget he is proposing funding for cyber professors and academic chairs as well as for student scholarships. If his budget is approved, Virginia will pay for two years of community college for those focusing on cybersecurity, as long as they promise to give back two years to the state after graduation.

McAuliffe noted that NOVA was the first two-year community college to become a Cyber Center of Excellence in 2011, and that Lord Fairfax, who received their designation last month, was the second. McAuliffe wants all 23 VCCS schools to hold this important distinction.

NOVA takes very seriously its responsibility to train highly-qualified graduates to enter the high-tech workforce in this region.

NOVA developed the first AAS Cybersecurity degree in the Commonwealth, one that is hard-skills based with 49 IT/Cyber credits, but it transfers in full to six partner institutions.  Within one year of offering this degree program, NOVA had more than 500 students enrolled.

Also, McAuliffe’s budget calls to stand up a cyber range. There will be one virtual platform for all our institutions to use, and educational institutions will be learning from business and government.

NOVA is developing these “Cyber Range” capabilities that will allow us to provide real-time, simulations of network attacks to train students to recognize and defend assets, as well as assess and certify hard skills competencies. Students in NOVA’s cyberlab will use specialized software installed on a closed network, allowing them to practice “safe hacking” to learn how criminals think and work.

McAuliffe ended his remarks by exhorting educators, “Change your curriculum to meet what we need today. Not what we needed ten or twenty years ago,” he said. “Government cyber assets need to come to Virginia. Will there be workers once they send their assets here?”

Just as Gov. McAuliffe is unwilling to settle for second, NOVA’s goal is to be recognized as the number one cyber community college in the nation.

According to NOVA’s new president, Dr. Scott Ralls, “We will do this through our state-of-the-art facilities, like the Regional Center for Workforce Education and Training; through our exceptionally strong university, state, federal and corporate partners; and through our faculty, staff and students who make NOVA the innovation center of this region.”


Governor’s Cybersecurity Education Conference

Student Resources

Important cybersecurity/IA journals and readings have been compiled by faculty for students in our program. Many of these encourage student membership and submissions. Some recommended resources include:

Dark Reading  –   – One of the most widely-used resources among cybersecurity professionals.

National Cybersecurity Institute Journal  – – maintains a focus on cyber education and workforce development

IAPP Daily Dashboard –  If you are interested in privacy, this is your site. Subscribe and have daily newsletters of what is happing nationally, as well as internationally.

International Journal of Cyber-Security and Digital Forensics – is a knowledge resource for practitioners, scientists, and researchers among others working in various fields of Cyber Security, Privacy, Trust, Digital Forensics, Hacking, and Cyber Warfare


Additionally, students are encouraged to obtain student memberships (at considerably discounted prices) from (ISC)2, ISSA-NOVA, ACM, and IEEE – all of which provide access to members to their libraries.

Cybersecurity Competitions

Cybersecurity competitions are an excellent way to not only practice your cyber skills, but to also demonstrate to a potential employer that you’ve “got skills”. NOVA participates with several national and regional cybersecurity competitions. The most noted of these is the Collegiate Cyber Defense Competition (CCDC). We participate in our region – the Mid-Atlantic CCDC   This is a team event, open to full-time cybersecurity students in their second year. Students are expected to harden their systems, keep the mission up and running, and defend their systems against  a Red Team (hackers) determined to take them down and disrupt operations. Every Spring semester, we field one or two teams of students (we generally have a B team of students that would not be able to compete in the Regional competition and an A team of students that, if they place highly enough, can advance to the Regional from the qualifying rounds). This is done virtually at NOVA. Students who participate in this must be able to make weekly practice meetings. The winner of the MACCDC moves on in June to compete in the National CCDC.

I STRONGLY encourage all cybersecurity students to participate in the National Cyber League.  This is an individual competition (although has an opportunity for team play), designed to emulate a sporting event so is divided up into different conferences. Students work over several months, performing different exercises/labs in a virtual environment mapped to Security+ and Certified Ethical Hacker content, advancing in rank as they progress. There are a couple of Capture-the-Flag events as well. It is an opportunity to have your skills publicly ranked, so that they can be viewed by a potential employer. Registration for this opened August 23rd – so find a faculty mentor at your campus and get started (there is a$20 cost associated with registration).

Students at NOVA have also participated in Cyber Aces – another cyber security competition that is sponsored by SANS. In fact, a couple of our students advanced to State levels and got to meet the Governor down in Richmond!  Competition activities are announced on my Facebook page, as well as fed to the NOVA Cybercenter web page. Remember – you can’t all work in internships, what better way to demonstrate your skills to a prospective employer?!

Regards – Dr. Leary

Is an Internship Right for Me?

One of the most common requests I get from students is regarding internship availability. I often find that students don’t really understand the purpose of an internship. Internships are not designed to be a learning experience. It is expected that students will put into practice the skills that they’ve learned in class. Obviously, this then requires the student to be at the end of their program – not at the beginning or middle!  There are different types of internships. One, the college will occasionally have Coordinated Internships available. These are actual courses (students are required to register and pay for a 3 credit course) where the student performs agreed work for an employer. The student has to submit regular progress reports, a final paper (usually) and the employer is required to provide input on the student’s performance. This provides academic credit on the transcript for the student. These do not come along very often. If student already has a company in mind (small business, non-profit, company at which they already work) that is willing to work with the student, we can set the course up for the student. The second internship opportunity that we offer is afforded to us with our CAE2Y status (see my original post) from the Dept. of Homeland Security. These are very competitive internships – sometimes only as few as a half-dozen or a dozen students across the region from all 2 and 4-year schools.  We have been very fortunate with these as I had two of our students placed just this last summer with TSA in this program!  These are not managed by the college. I receive notice of these from DHS and post this on my Facebook page at  . I do ask that students coordinate their participation through me so that I can track our successes, however you will apply directly to DHS and interview with them for this (obviously, you must be a U.S. Citizen to work for DHS or their component agencies). It does not afford college credit, however we could arrange to set up a course for it (ITN 290 – Coordinated Internship) if you wanted to pay for it and have it on your transcript. Many of my students already work full-time and can’t afford to do an unpaid internship elsewhere (or, even a paid internship elsewhere). We are working on developing “e-internships” and other, more creative, solutions. Meanwhile, do you have a small business that you know? How about a non-profit (someone at your church group, or other organization)?  How about proposing that you do a security assessment for their systems, in exchange for a work recommendation? We could even set this up as an internship course – if you needed instructor supervision and wanted it on your transcript (you’d have to pay the tuition credits).  For others, I really recommend that you participate in as many competitions as you can. In this game – its all about your skills and what tools have you touched. Competitions are a great way to grow those skills – but more about that later!

Welcome to NOVA CyberCenter!

Welcome to NOVA’s Cybersecurity Blog! We’ll use this to post interesting articles and advice to students, faculty (and the community, at large).  To give you just some brief background on NOVA’s Cybersecurity Program, NOVA has had a Cybersecurity (originally named Network Security) Career Studies Certificate (CSC) in place since 2001. In fact, we were one of the first community colleges to have a cybersecurity program in the country!  This original CSC was actually a 3-year cert, meaning that the student already had a degree and/or experience with networking. Over time, this grew and morphed into our present program – the Cyberscurity CSC and Applied Associate of Science (AAS)  in Cybersecurity.  What is great about this AAS Cybersecurity degree is that it is an “applied” degree, meaning that it is designed to instill hard skills that the student can put into immediate practice in the workplace. It has 49 IT credits, in fact. This makes it an ideal degree for students who already have a degree, but perhaps in an unrelated discipline – such as History –  and now wants to transition into a Cyber career. For those of you who are just starting out, it also transfers to four senior institutions in our area!  These are:  George Mason University’s new Bachelor’s of Applied Science (BAS) that accepts this degree in full (with the addition of 2 security courses), George Washington University College of Professional Studies BS degree, UMUC’s Computer Network and Security (NAS) BS degree, and Marymount University’s BSIT. The latter offers our students the opportunity to compete for a full-ride Scholarship for Service (SFS) that provides a full-ride (fully paid for) two-years at Marymount – plus a guarantee of a job with the Federal government upon graduation (restrictions apply, of course, so check with your faculty member on this). Each of these degree programs have some very specific requirements or desires for the electives in our program so each student completing the AAS Cybersecurity is asked to refer to the Advising Sheet that our faculty can provide to help ensure you are on the right track, taking the right courses, to maximize your time with us. Our program is also a Center of Academic Excellence for Two-Year institutions (CAE2Y) as designated by the National Security Agency and Dept. of Homeland Security. This means that our curriculum implements these government cybersecurity educational standards and our faculty and program meet stringent program requirements. Also, as a founding member of the National Cyberwatch Center, we are able to offer our students a wealth of competition opportunities (I’ll discuss that in additional blogs). Its an exciting time to be in Cybesecurity!  See you soon — Regards, Dr. Leary