Introduction

In recent years, many prestigious U.S. companies and institutions have been shaken by an array of information-security lapses such as data lost in transit, losses and theft of private information, phishing attacks, and social engineering scams. Not only the number of attacks to critical information systems has increased, but also their scale and impact have significantly increased. For example, more than 70 million customers' payment information, including credit card numbers and secure PINs, was compromised in the recent attack to Target's payment system [1]. Such large scale attacks have been routine news in media outlets. Not surprisingly, information security tops the list of information technology priorities in many government and private organizations. Therefore, the demand for information security professionals is growing. Unfortunately, students' interest in the computer science-related disciplines has been steadily declining since 2000 [2]. In the Berks County and Lehigh Valley regions of Eastern Central Pennsylvania, where our institution is located, the trend is not very different. A workforce gap analysis survey [3] conducted in the region concluded that only 5.7% of students in grades 9–12 indicated information technology or computer science careers as their first choice for a career. While the economy of Eastern Central Pennsylvania is still in transition from its traditional manufacturing roots to a technology-based service economy, the current and future availability of an information security-enabled workforce is an important concern shared by the local communities and industry in the region [4]. Therefore, there is a need to enhance the information security workforce and education pipeline at the national and regional levels by recruiting and training future information security professionals.