Challenges and Reflections in Designing Cyber Security Curriculum Teresa Pereira Polytechnic Institute of Viana do Castelo Viana do Castelo, Portugal tpereira@esce.ipvc.pt Isabel Mendes Algoritmi Research Center University of Minho Guimad'ies, Portugal mimp@eeg.uminho.pt Abstract- Recently it has been noticed an increased number of cyber-incidents, sometimes causing seriously impact to organizations and governments. Cyberattacks exploits a variety of technological and social vulnerabilities to achieve a malicious objective. The emergence of new and sophisticated Cyberthreats demand very skilled operators with a solid knowledge about concepts and technologies related to Cybersecurity and Cyberdefense. However, the landscape of this base knowledge is very diverse in nature, requiring agile learning methods, besides a very demanding training process limited by the intrinsic technology's complexity and broad range of application domains. Although existing Cybersecurity and Cyberdefense curricula spans a wide array of topics and training strategies, its programs content lack focus on some particular aspect, like depth of education/training and its link to professional development. This paper intends to provide some reflections regarding the curricula contents that should be considered when a graduate level curriculum in cybersecurity is designed. Keywords- Cybersecurity; Information Security; Cyberdefense; Cyberattacks; Curriculum; Cybersecurity training; Curriculum Development; Cybersecurity Body of Knoweledge. I. INTRODUCTION A few years ago, there were no iPhones or iPads and didn't exist Facebook as well as other popular social networks. In fact the emergence of the new and sophisticated gadgets, linked to changes in user behaviors and the increasingly expansion of on-line transactions, have brought many technological challenges, but also new security threats to the end users and also to governments and organizations in general. Additionally, it is noticed an increase dependence on the online operations/services resulted from their conveniences together with the emergence of new technologies. On the other hand, the Cloud-based systems, Internet of Things (loT), Enterprise 4.0 and so-called BYOD (Bring Your Own Device) trend, or as IT professionals also call it "bring your own demon", has brought serious issues regarding the classical perimeter defense and consequently severe security incidents. The nature of the adversaries has been also changing, from script-kiddies to profit-seeking individuals and groups (Cybercrime) to hacktivists and state actors. In this context, it becomes fundamental to promote cybersecurity awareness for every This work has been supported by COMPETE: POCI-OI-014S-FEDER-007043 and FCT - Funday 1io para a Ciencia e Tecnologia within the Project Scope: UID/CECI00319/20 13. Henrique Santos Department of Information Systems University ofMinho Guimaraes, Portugal hsantos@dsi.uminho.pt segment of the population. Concerning defense, many government bodies have developed significant efforts and disposed considerable resources to strengthening a Cyberdefense posture. US have announced their intention to categorize Cyberattacks against defense and critical infrastructures as acts of war [I]. In line, UK announced high fmancial investments to develop advanced militarized Cybersecurity skills studies and workforce preparation [2]. These announcements have demanded depth reviews on the cyberspace related policies, requiring increased collaboration between governments, private sector and academia. Several other countries are reporting identical posture. These initiatives have led to some questions such as: why cybersecurity has suddenly become such a topic of interest? While others may ask: why it was waited so long [3]. This paper intends to provide some reflections regarding Cybersecurity education and training emphasizing the curricula contents that should be considered when a graduate level in Cybersecurity curriculum is designed. This paper is structured as follows: in section 2, it is presented an overview on Cybersecurity concept; in section 3, it is introduced the main initiatives conducted in Cybersecurity education, as well as particular reflections regarding curriculum contents; conclusions are presented in section 4. II. CYBERSECURITY OVERVIEW In July 2012, the International Standards Organization has published the ISO/TEC 27032: Information Technology - Security techniques - Guidelines for Cybersecurity [4]. This standard defmes Cybersecurity as the "preservation of confidentiality, integrity and availability of information in the Cyberspace". Meanwhile Cyberspace is also defmed by this standard as a "complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form" [4]. The National Initiative for Cybersecurity Education (NICE) also defines cyberspace as "the interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems and embedded processors and controllers in critical industries. Common usage of the term also refers to the virtual 978-1-5090-4886-1117/$3l.00 ©20 17 IEEE