OU blog

Personal Blogs

Cyber Security Education Workshop ‘21

Visible to anyone in the world
Edited by Christopher Douce, Thursday, 22 Jul 2021, 18:12

On 17 June 21, the OU School of Computing and Communications in collaboration with CISSE UK, the UK chapter of the Colloquium for Information Systems Security ran its first online workshop on cyber security education. 

This post offers a rough summary of the event for anyone who wasn’t able to attend. This article also shares links to accompanying resources. The structure of this post reflects the structure of the event, and offers a set of reflections and potential next steps.

The event covers two broad themes: employment and skills, and curriculum. During the second theme, the event splits into two streams: one for higher education, and another for participants who are related to CyberFirst, which covers the 11-17 age group.

One thing that I will mention is that I only managed to attend three quarters of the event, and had to leave before the final panel discussions. This said, co-presenters and delegates, have shared with me some links and themes that were raised during the final discussion session.

Introduction and Overview

Arosha Bandara and Chitra Balakrishna, from the OU, and Phil Legg from the University of West of England and CISSE opened the workshop. Chitra stated that its aim workshop was to bring together different stakeholders, to gain a common understanding of key challenges in cyber security education and to focus on curriculum, curriculum delivery, and skills development.

Phil took the opportunity to share something about CISSE UK. It aims to bring together cyber security educators across the UK, it aims to share and collaborate, and to find ways to do things better. Phil made the point that institutions are all trying to learn how things are done in the distance learning context.

After the introductions and welcome, it was time for two keynotes from colleagues from the National Cyber Security Centre (NCSC).  

Keynote 1: NCSC - Cyber Growth Academia Team

Chris E introduced the NCSC, which is the National technical authority for cyber security. It has what is known as a Cyber Growth Academia Team. The NCSE has a strategy to develop skills and support education and does this by having an interest in developing graduates and apprentices. I made a note of the point that: “everyone should have access to high quality cyber security education”.

An important resource for anyone interested in this area is the Cyber Security Body of Knowledge (Cybok.org).

There was references to different pathways, such as master’s degrees, integrated master’s, bachelor’s degrees, and degree apprenticeships. Universities are also introducing combined courses, where cyber security is combined with another subject. 

There are a number of NCSE certified degrees (NCSE website) and Academic Centres of Excellence in Cyber Security Education (ACEs-CSE) (NCSE website).

Themes that were important for cyber security study include: reach, availability of resources, expertise, and building for the future (sustainability). Another note I made was the point that further education (post 16 education) is producing a lot of really good people, but there are questions of what we might be able to best support them. During this event I recognised the familiar metaphor of a “leaky pipeline” regarding cyber security skills. This means that some students might not become cyber security professionals.

Returning to some of the themes of the workshop, an important question to raise (and discuss) was: is there a need to tweak the accreditation guidelines to take account of the current global pandemic? Perhaps assessments need to be adjusted and students need to be pushed and tested when materials are delivered online.

Keynote 2: NCSC - CyberFirst Team

This section keynote, presented by Patrick B, had an intriguing subtitle: cyber defence against the dark arts. This immediately begs some questions: what is meant by dark arts, and what is meant by ‘cyber defense’? 

Patrick is the CyberFirst (NCSC website) school and college education lead. CyberFirst is described as “developing the UK's next generation of cyber professionals through our student bursaries, courses for 11-17 year olds and competitions”. The focus is, of course, to develop secondary school students.

A question I noted was: “What can CyberFirst and the academic eco system do for each other?” Implicit in this question is another question of how can they collaborate and more directly align with each other? A further question to ask about concerns which issues schools are asking for help with.

A challenge, of course, lies with differences. The school sector is, of course, very different to the higher education sector, and there are different education systems, partly due to different devolved education authorities. Whilst students can specialise (in cyber security themes) at post-18, it is harder for students to understand and appreciate the significance of these specialisms at an earlier level. Given that cyber security needs specialists, there is the question of how we signpost the routes to different pathways.

Keeping with the theme of difference, I also noted down the words that “we need to make our sector more inclusive”, and the point was made that there is a gender imbalance. Patrick later made the point that 94% of girls don’t study computer science GCSE. The important need to address the theme of difference was also expressed in the words: “we need more of different types of people”.

Some of the challenges were expressed by Patrick in terms of “in tray” problems: how do we make young people more cyber aware? Also, how do we help teachers with their own cyber security? And finally, how do we showcase cyber as a career and study pathway?

In terms of the first problem, how do we make young people cyber aware? I noted down the view that whilst e-safety might be covered as a subject within schools, young people don’t get formal support about cyber security. Perhaps there needs to be learning by doing to fully understand cyber hygiene, and to also convey the safe use of cyber security tools.

Regarding teachers and school staff, Patrick made the point that Ransomware is becoming an issue, and some groups of students may need support to understand “what is legal and not” in terms of computer use and misuse. Also, teachers may also need help to understand the different types of attacks that may appear within the school setting and how to respond to them.

In terms of showcasing cyber as a career and study pathway, it is important to recognise and emphasise diversity with the Cyboc. During Patrick’s talk I noted that there “are 16 different cyber security roles, as defined by cyber security council”.  These roles are connected to a variety of disciplines, such as law, history (in terms of being able to carry out research), data science, computing, and mathematics.

One suggestion might be the concept of eMentoring, which could be related to the setting up clubs, cyber activities, and reaching out to industry. There was also a call for cross institution and cross discipline conversations and collaboration.

The final slide of Patrick’s presentation has the title of: “the hope”. It was hoped that this first conference would bring communities together, that it would facilitate cross institutional conversations and collaborations. There was also the point that: “we need all parts of the eco system to be pulling together, if we wish to effect change”.

After the event, a couple of resources were shared. The first is some STEM Learning Resources (stem.org.uk) This site presents some teacher guidance, activity sheets, and some links to further resources. The second link is to the National Centre for Computing Education website for resources and support (teachcomputing.org) which presents some lesson plans for key stages 1 through 4.

Introducing CISSE UK

Natalie Coull from the University of Abertay, Charles Clarke from Kingston University, and Phil Legg from the University of West of England jointly introduced CISSE UK (website), which is an abbreviation for “Colloquium for information systems security”. Charles described CISSE as national network of cyber security education professionals. CISSE UK is inspired by CISSE USA. What follows is a set of notes that were made during the CISSE presentation, and points taken from slides which were shared after the event.

Charles’s presentation had the subheading: collaborate to innovate. He introduced the CISSE vision, which was to: “to establish a culture of outstanding innovative and state of the art cyber security education (CSE) in the UK”. An important point I noted down was: can’t do everything our own, and that CISSE is a part of a rich and diverse CSE ecosystem which comprises of government (NCSE teams), industry (through stakeholders such as practioners, employees and employers), academia (students, educators, IT teams) as well as other groups such as professional associations and community organisations.

CISSE hosts events and has an impact programme. A related issue and question is: how is it possible to make a community or an organisation such as CISSE sustainable? CISSE look to encourage and extend engagement by developing .an outcomes driven membership initiative, which launches in 2021. 

Events themselves are not enough; members will have ways to evidence engagement. Members will be able to quantify and evidence engagement in a way that can be recognised across government, industry and academia. Evidence may take the form of attending CISSE recognised events, publishing in the area of cyber security (which can take different forms), providing mentoring, and service on NCSE certified degree panels. There might also evidence of engagement within projects that aim to enhance cyber security employability amongst students.

I noted down a 6 point call for action: (1) more input from industry to inform and validate programme and student employability, (2) mentoring in academia, (3) CSE events, (4) CSE publication – we need people to share their publications, (5) involvement in cyber security education experienced-centred projects, and (6) recording evidence of involvement in NCSE certified degrees or impact panels.

The presentation concluded with a point about the importance of collaboration between colleagues from different institutions. If you are interested in cyber security education, you were encouraged to get in touch.

Theme 1: Employment and skills

This first theme, which was available to all delegates, was about employment and skills. Each presentation was delivered through a short 5 minute video recording, and was followed by a facilitated panel discussion, aimed at further exploring some of the themes that were highlighted by the presenters (who were also present during the presentation section).

What follows is an edited version of the abstracts that accompany the presentation. Although the words have been prepared by the presentation authors, their words have been edited for brevity, for this blog. 

Presentation 1: Do we need industry certifications within Computer Security Degrees?

The first presentation was from Chaminda Hewage from Cardiff Metropolitan university. Chaminda’s presentation aimed to ask a number of important questions that relate to industrial certifications: “Can students obtain the industry certifications upon graduation? Or obtain them from elsewhere while they study for the degree? Do we need to force students through a series of certifications? Is it really necessary? Do they provide the required knowledge? Do employers expect you to graduate with industry certifications?”

Chaminda’s abstract states that “computer security degrees aim to provide the required theoretical underpinning, fundamentals and provide the required knowledge and skills to prepare the students for future employment. To this end QAA and subject specific organizations such as NCSC, BCS, CIISec and CyBok provide guidelines and best practices to achieve the essential and desirable graduate qualities”

He goes onto state that he “believe[s] that educators need to find a right balance between the theoretical concepts and industry focus[ed] content” Chaminda “would like to find the answer … [to]  how much employers really value these industry certification at entry level” and holds the view that “a wider discussion should take place on this to identify the impact and issues associated with integrating certifications in cyber security degree programme[s]”

There are some clear tensions that are worthy of explanation. In his abstract, Chaminda asks whether students “need to chase endless industry certifications by different vendors?” and poses an important issue, namely that “students may be sacrificing the main ethos of higher education by following a series of vendor specific training.” He concludes with a question: “perhaps, there is no escape from industry certification due to the nature of the discipline?”

Presentation 2: An Investigation and Evaluation of Cyber Security Graduate Job Roles for Improving Students’ Employability Skills

The second presentation, by Simrandeep Kalsi, Mastaneh Davis and Nabeel Khan from Kingston, complemented Chaminda’s presentation really well. Simrandeep’s abstract emphasised the following points: “The cyber security skills in the UK labour market study conducted by the Department for Digital, Culture, Media & Sport (Gov.uk, 2021), has indicated there is an increased demand for cyber security professionals in all sectors of the industry, however, significant numbers of these job roles remain unfilled.” Further information can be found by visiting the Cyber security skills in the UK labour market 2021 publication (Gov.uk).

To further understand the situation, “an investigation was conducted into whether the experience of searching for cyber security job roles can be improved; and if the clarity, accuracy, and relevance of job search outcomes can be enhanced in a manner that proactively informs an aspiring cyber security practitioner’s career decision. Quantitative analysis was conducted on cyber related job descriptions … in order to identify the attributes that students and graduates need to develop in order to match employer needs and improve their employment prospects.”

 “Results obtained from the analysis conducted on the job descriptions show that 49.8% of the job roles from the 472 analysed were for university graduates, and 6.6% also stated that they would accept candidates who have completed graduate apprenticeships. … A very surprisingly finding was that 89.4% of the job descriptions did not specify the need for experience.”

“The result of this study highlighted important key employability skills including having a positive attitude to continuous development and lifelong learning, listening skills, and the desirability of being a proactive individual, the latter potentially being a standout point amongst many recruiters. … These results are illustrated through 6 infographics, which could be of considerable value for higher education institutions for monitoring and addressing the cyber employability skills gap, and to enhance the experience of students when searching for cyber security job roles.”

Presentation 3: Cybersecurity apprentices – practice makes perfect? 

In some senses, degree apprentices have the potential to bridge the gap between academic study and the development of practical skills. The third presentation of the morning, by Kay Bromley, David Parry and Steve Walker present their “initial experience with the OU’s Scottish Graduate Apprenticeship in Cyber Security, and in particular the experiences of practice tutors.”

They introduce their presentation as follows: “as well as meeting the requirements for an Open University degree, apprentices also need to demonstrate the ‘core skills’ for cyber security specified in the Skills Development Scotland/Scottish Funding Council’s framework. Practice tutors provide a link between the University and its taught curriculum, the apprentice and the employer. They meet regularly with apprentices and employers. For the Scottish apprenticeships. Students do one of four Professional Practice modules, one each year, on which the practice tutor is also a module tutor.”

The professional practice modules, which are supported by a practice tutor aim to: “help students to integrate taught material into their workplace activities; develop independent learning skills, and study specialist content not covered elsewhere in the taught curriculum.”

They also offer some reflection on the practice tutor experience on the professional practice modules. It is important to note that “the pandemic has been a major issue for employers and apprentices, generating unanticipated workload for some, slowing communications within employer organisations, or apprentices being furloughed; At introductory levels apprentices and employers have tended not to take advantage of the flexibility available to them. There is a substantial overhead in learning about the structure of the apprenticeship and how to link this to the workplace; Cyber security is a sensitive subject for employers.”

More information about the Scottish Graduate Apprenticeship in Cyber Security can be found by visiting the Apprenticeships.Scot website.

Presentation 4: Opportunities and challenges of a CyberEPQ - Making basic skills in cyber security education accessible to both adolescents and adults

The final presentation of this section was by Konstantinos Mersinas and Caroline Moeckel, who consider skills from a broader perspective, whilst also returning to the themes of education and qualifications that were addressed in the first presentation. They “have created the Extended Project Qualification (EPQ) in Cyber Security to target age groups which have received relatively less focus in cyber security education. These groups are adolescents (14 to 18 year olds) and adults, often working in the industry, but not necessarily in cyber security.”

They offer a useful summary: “The EPQ is built in line with the National Occupational Standards (NOS) and its educational materials are aligned with the Chartered Institute of Information Security (CIISec). We have designed an educational curriculum to align it with the NCSC Cyber Security Body of Knowledge (CyBOK). … Our achievements include, on the one hand, the provision of a basic set of cyber security skills and knowledge to school students to allow them to proceed with studies in higher education. In that sense, the programme acts as a bridge between GCSE Studies and a university degree. On the other hand, we provide CPD to adults and professionals in the industry who can enrich their skills and employability, and advance their careers further.”

As a qualification, the EPQ appears to be interesting. They go onto write: “We believe that our initiative is accessible to almost everyone as it does not require previous knowledge of cyber security, is financially affordable and has always been delivered fully online, supported by regular web conference calls and meetings. We firmly believe that the programme has been successful in introducing cyber security to the younger generations and providing important cyber security knowledge to adults and professionals over the last 5 years, with learners moving into related university courses or securing (entry level) employment in the area”

Employment and Skills Discussion

A short discussion session was co-chaired by Natalie Coull and Charles Clarke. They began by asking Chaminda the question: “what are the best practices?” The answer I noted was in terms of the need for discussions between certification authorities and employers. Also, academics should be involved, since there is the need to gain clarity about what to focus on. 

Natalie asked all presenters whether industrial qualifications or certifications were able to successfully evidence hands on skills. A related question was: to what extent should universities be providing hands on skills, and what is the role of certification bodies in this? Put another way: will employers just take our word for it if a student has the necessary skills if they hold a particular qualification?

Charles asked another question, which was: do certifications add experience? Chitra added that it is necessary to consider the purpose of qualifications, how much are vendor driven and how much knowledge and experience driven. A point was also made that the skills landscape that is always evolving and changing.

Another point I noted was Charles’ reflection that it is important to include employers. There is also the importance and significance of industrial placements, but these are limited in numbers. A reflection was that Simrandeep’s research into the job market, should it be done continually.

The discussion moved onto the topic of pedagogy. Konstantinos suggested the role of a weekly meeting with students to discuss a current topic, which may include activities to review journals and then to reflect on what has been learnt. 

A final question I noted down, that again relates to the topic of education and training, or certificate and qualification: to what extent do certificates play a role in getting through or past a HR gateway? They might well be used in this way, but it is important to consider, more broadly, the effectiveness of cyber security recruitment within organisations.

Theme 2: Curriculum

The second presentation session was split into two strands, a Higher Education Breakout, which is summarised below, and a CyberFirst Breakout (NCSE website). CyberFirst is described as “a programme of opportunities to help young people aged 11 - 17 years explore their passion for tech by introducing them to the fast paced world of cyber security”, which is supported by the NCSE and CISSE events. 

Presentation 5: OWASP Open Application Security Curriculum Project

The first presentation of this second theme was by Adrian Winckles, from Anglia Ruskin university. Adrian’s presentation began by introducing OWASP’s main purpose, which was to “be the thriving global community that drives visibility and evolution in the safety and security of the world’s software.” Some further context is provided: “a common problem with many security education programmes (whether cyber or InfoSec) or even traditional computer science programmes is that they do not address application security adequately, if at all.” More information about OWASP, the Open Web Application Security Project is available through the OWASP.org website.

Adrian highlights that there is an opportunity “to pull together its wide-ranging expertise, projects, and dedicated volunteers to engage in these types of education programmes and initiatives by developing an educational strategy for undergraduate and postgraduate students. This could take the form of an open “Standard” curriculum template which can be adopted and adapted by diverse educational partners and organisations.”

Presentation 6: Enhancing the Cyber Security Curriculum Through Experiential Learning

Andy Reed and Christine Gardner from the School of Computing and Communications present a different perspective, focussing on an important aspect of teaching. This presentation connects the earlier discussion about whether graduates (or certificate holders) have the appropriate skills. Andy and Christine highlight that the “landscape of cyber security develops at a considerable pace, so too does need to provide adaptive teaching and learning experiences, to assist learners in developing transferable practical skills”. The development of student skills relates to the use of “various virtual learning tools and techniques”

Different tools are mentioned, such as Netlab+ from NDG and the Cisco Packet Tracer tool which is used with various OU Cisco modules. For teaching and doctorial research. Other tools were mentioned, such as NS2 and NetSim, which can be used to simulate large scale networks. Research students can share outputs from these tools their research community, 

Presentation 7: Cyber Education during Pandemic: Approaches and Lessons Learned

Thomas Win and Phil Legg, both from the University of West of England, shared some recent experiences of teaching cyber security: “the COVID-19 pandemic has necessitated a radical paradigm shift in cyber education and the delivery of modules therein, both in delivering lectures and practical sessions. We experimented with different means of delivery during the 2020/21 academic year and aim to share our perspectives and lessons learned as we navigated around the challenges posed to our module delivery.”

During their presentation, they mention “MS Teams to facilitate interactivity and gauge student understanding” and have used “real-world case studies in delivering subjects such as Ethical Hacking. In a session on memory-based exploits students were asked to research on the recently-discovered Google Chrome vulnerabilities. Coupled with breakout rooms on MS Teams, they were able to engage in peer-learning alongside research-informed learning.”

They shared some aspects of their pedagogy: “we also used physical hardware such as Micro:Bit devices in programming practicals. We further extended this in a trial running of online capture-the-flag exercises linked to physical IoT devices the behaviour of which can be observed over an online video call, and also offered some reflections: “we have found … the opportunity to explore and adopt a new teaching paradigm in cyber education pedagogy.”

A concluding reflection is that: “online interactions have changed how we - both staff and students - will interact in the future. What is important to recognise, is that in many cases, establishing offline connections first means that we can have more meaningful interactions when moving to online - the same is true for how student groups interact. As we move into 2021/22, we will want to ensure we keep sight of these lessons from the previous year to continue to improve cyber security education.

During Thomas’s presentation, I also noted down the points that contact time with students was more valuable, and contact time is important to understand where students are in terms of understanding the lecture materials. A tentative conclusion is that: blended learning is here to stay.

Curriculum Discussion

This second discussion session, which was centred around curriculum, was also chaired by Natalie Coull and Charles Clarke. Natalie opened up with a question to Andy and Christine: is it time consuming to set up the experiential learning activities? 

In the OU there is a support team that manages the physical NetLabs hardware and infrastructure. In the OU context, a module team is often able to reuse an experiential design year on year. It is possible to see what students have done by asking students to share their configuration files and by reviewing live logs. A related point is that teaching also tries to draw on the student’s context.

Natalie asked Thomas about building relationships with students. A reflection was that some students may lose confidence when speaking in the classroom. It is also important to consider how to encourage students to return the classroom. Different approaches might be to create non-traditional activities such as assignment workshops, or use approaches such as gamification.

Thomas was asked a particularly challenging question: how to you engage students who don’t engage with pre-recoded videos. The answer I noted down was in terms of building or presenting incentives, such as providing an overview, or a summary, or give them a “cliff hanger”, and link recordings to assessments. 

Being a cyber security tutor

The penultimate session of the day, which was about the advantages and benefits of becoming a cyber security tutor in higher education (specifically within the OU) was presented by Arosha Bandara and Ian Kennedy.

Arosha began by outlining the role of a tutor. Through distance learning, students have opportunities to study materials in their own time (but must complete important assessments by certain dates). Tutors act as a guide and facilitator, helping students to make sense of the module materials that have been prepared by module teams. In some ways, tutors adopt what some consider to be a ‘flipped classroom’ approach, where students work through materials in advance of a tutorial, which are all currently delivered online. 

Tutors also provide correspondence tuition to students, which is an important aspect of distance teaching. Students are given tailored feedback and guidance, to help them to understand how to further understand module concepts, understanding and skills.

More information about the role of a tutor (including a cyber security tutor) can be found by visiting this free Badged Open Course (BOC): Being and OU Tutor in STEM: Computing and Communications (OpenLearn). There are also a series of videos, entitled Teaching on TM352: Web, Mobile and Cloud Computing (YouTube) which might be of interest to prospective OU computing tutors.

Arosha and Ian answered the important question of: who might become a tutor? Tutors have varying background. They might be academics from other institutions (HE or FE), post-doctoral researchers, or they might be practioners working in industry. The industrial experience of tutors is both welcome an important as whilst academics may have theoretical knowledge, they may lack practical experience at the “cyber security coal face”. Another perspective is that it is hard to get practical experience whilst working an academic context.

The advantages work both ways. From an industrial perspective, a practioner background is very useful to an academic community. Conversely, an academic role does give some practioner-tutors the opportunity to “dig deep” into certain topics and develop a higher level academic perspective to augment what is a very important and pragmatic approach to problem solving.

If you are interested in potentially becoming a tutor within the OU, do visit the OU tutor recruitment site and select the "Faculty of Maths, Computing & Technology". You should then be able to find a list of modules that are currently being advertised. More information about how to apply can be found through the How to Apply page. A big tip for anyone who is considering applying is: always ensure that you provide sufficient evidence to show that you meet the person spec criteria. For OU modules, there are two parts: a generic bit (which is about teaching), and a module specific bit. A suggestion is to copy all the points from each part of the person spec onto your application form, and provide at least 3 sentences of supporting evidence underneath, so everything is as clear as possible for whoever makes the recruitment decisions.

Panel discussion: how do we enhance and support diversity in cyber security? 

The workshop concluded with a panel discussion that was chaired by Ian Kennedy, a cyber security lecturer from the OU. Member of the discussion panel included delegates from Deloitte, Accenture Security, and the UK Cyber Security Council.

Although I wasn’t able to attend this final session, I heard that there were discussions about how and where to embed cyber education in the school sector. After the event, I was also sent a couple of links that were highlighted within the final session. The first link has the title “Why the Seven Personae of Cyber?” (CyberEQA.org) which explores diversity of roles that can exist within the broad subject of cyber security. Relating to the importance theme of gender within cyber security, there was also a reference to the Geena Davis Institute on Gender in Media (Seejane.org)

Reflections

One of the themes that really struck me was the richness of cyber security as a subject, which reflects an important link to the theme of diversity, which was emphasised by the workshop. On one hand, there are the really hard core technical bits. On the other there are other subjects that have a softer, and essential human edge to them. There are different tools that need to be understood and appreciated: there are technical tools, and there are institutional practices and policies. All these aspects are, of course, mediated through people, organisations and structures. All this suggests that cyber security professional need different skill sets, and may gravitate towards the subject from different directions.

Another theme that struck me as being significant was the importance of cyber security within schools the schools’ sector. I noted down that there was a clear difference between the importance of safety awareness and detailed cyber security education. There are clear debates that surround the extent to which it should be embedded within teaching.

I enjoyed the diversity of the presentations, and I do encourage anyone who is interested in this subject, and this event, to view the short presentation that can be accessed through this blog. I especially liked Simrandeep’s qualitative study. Cyber security is a fast moving subject, and her study represents a practical and useful snapshot of the needs of the sector at a particular point in time.  It would be interesting to carry out a replication in a few years to see what had changed.

Another highlight was the summary of CISSE. UK A reflection is that collaboration and support between institutions whilst working in a fast changing sector is both important and helpful. After hearing Charles’ description of what it is, and how it works, I’m now very tempted to sign up. 

Finally, it was great to see how many colleagues were interested in this event. 87 delegates attended the event, but there were over 200 registrations. Looking forwards, it would be great to run a similar event again. We have a lot to learn from each other.

Acknowledgements

Many of the words and themes presented within the blog come from a range of different sources: from the speakers, from their presentations and from their abstracts. Acknowledgements are extended to colleagues who read early versions of this blog.

Permalink Add your comment
Share post

AL development online conference: March 2021

Visible to anyone in the world
Edited by Christopher Douce, Monday, 12 Apr 2021, 13:10

In more usual times, I would probably be attending a face-to-face AL development conference. Since everyone in the university is working at home, the university ran an online cross-faculty AL development conference on Thursday 4 March 2021. 

What follows is a set of edited notes I made during the event. It’s intended as a rough record of the event, so I can remember what happened. Wherever possible, I tried to directly quote some of the speaker, but I won’t promise I’ve got all their words spot on. This said, I do hope I have honestly reflected points that were shared during the sessions.

Keynote: Marcia Wilson

The event kicked off with an opening keynote from Professor Marcia Wilson, Dean of Equality, Diversity and Inclusion. Here are some notes that were sent around in advance of Marcia’s presentation (which have been edited down for brevity): “Prior to the OU, Marcia worked at the University of East London for 12 years where she established the UK’s first Office for Institutional Equity (OIE) … . Her work includes equality projects with Universities UK to tackle racism in higher education institutes. … Marcia has spent 30 years teaching and conducting research in higher education and is a multiple award winner for her leadership and equalities work.”

Unfortunately, I wasn’t able to make it to this very first session due to work commitments, but I must refer to an earlier presentation that was given by Marcia at an event called Dismantling Racial Inequalities in Higher Education which I found to be really through provoking. 

AL Contract Change Programme Update

Bruce Heil and Carey Stephens, from UCU and the AL contract programme management team, presented updates about the contract implementation. This was a popular session, attracting 108 delegates.

UCU summary

Bruce highlighted a period of accelerated negotiations that were on going at the time of the conference. He emphasised that there was an aim to build a stable tuition workforce, to enable better future planning and emphasised that a step-by-step approach was taken “to make sure we get the changes right”. 

Bruce emphasised that this will be a permanent contract, rather than a piece work contract, and one would encompass module tuition appointments, annual leave, and tuition related activities, such as TMA monitoring, EMA marking, and time that relates to academic currency (which means: keeping up to date with your subject). Benefits for ALs include security and certainty. Benefits for the faculties includes “simpler processes for allocating work now to maintain AL FTE” and longer term planning and development. The benefits for university include opportunities to enhance student experience. 

Regarding the implementation, the plan is to migrate to new contract in October 21, and phase in the ways of working over a period of 2 years. I noted down that there would be 4 phases of change: prep to migration, development of processes and procedures (up until 22J), and in 23D the deployment of a workload management system.

A key difference between the old and the new contract is that tutors will no longer need to apply for contracts. Instead, there will be a discussion between a tutor and their line manager (staff tutor or student experience manager), and this will give security and certainty. Spare or unused capacity can be allocated to extra students or modular work, and tutors will be working to a defined FTE figure that relates to an annualised salary which will be paid over 12 months rather than just for the period of the contract. There is also a longer term idea, which is that tutors will have one line manager.

Other updates include that the FTE for practice tuition has been agreed, and the provisional FTE (which is currently calculated from October 20) will be updated with any further appointments that have been made.

Management summary

Cary stated that the new contract will bring ALs in line with other staff, and the FTE score represents the workload rather than the tasks. Tutors can expect an agreed FTE value to be maintained.

From this session, I noted down some questions and answers, such as: how can I increase my FTE before the official start of the new contract? The answer was: you will need to apply to modules as you did before.  Also, how can I decrease my FTE before the start? There will be a query and appeals process which can be used before the start of the contract.

An important question was: what is meant by historic tuition related activities? These are additional duty contracts, which are all gathered together, and averaged out over a 3 year period between August 17 through to July 20.

Key workload areas (in terms of making the contract work) includes a new capability procedure, a skills audit process, and prioritising conversations with ALs whose modules are coming towards the end of their presentation. There is also the need for guidance to help faculties to maintain a tutor’s FTE and developing workload allocation processes to manage workload fluctuations

A good question was: will I have the same flexibility to decide what work I will take on? “There may be occasions where you have capacity and are reasonably requested to take on a piece of work that you can do but would not normally consider.” There will be a conversation where you may be asked to take on a piece of work.

Also, rather than taking a personal leave of absence, tutors will be able to submit an “agile working request”. Another important point is that if student numbers fall, tutors may be asked to carry out additional duties to make up their time that is expressed within the FTE score.

I made a note of the important question: how will these TRAs be managed? The answer I’ve noted down was: “we’re at the ‘how do we do this’ phase?”

Q&A session

Q: I have over 0.3 of historical duties. I haven’t seen any statement of what are covered and what are not. Can we have one? A: you would have to go through your payslips over the last 3 years.

Q: I want to reduce my FTE. Is there a minimum FTE? What will be the notice period of a contract? A: There is no minimum. A reduction should be a sensible one. Term of notice is not known. 

Q: Will we be recompensed for IT use? A: Currently under negotiation.

Q: I’ve only had the one appraisal over 15 years. Will the time be made for this? A: We envisage an annual workload and CDSA meeting; an annual conversation; this will be a right and an expectation.

Q: Would it be possible to remain FTE and move onto a different module before October? A: speak with your line manager.

Q: Will assistant staff tutor roles and activities be counted? A: No; it isn’t in the contract.

Q: I want to get my workload spaced out better. Is this possible? A: Make sure your line manager is aware of your needs; have a chat with your staff tutor.

Q: I have a LLM that I have never met; it would be nice to meet them face to face. A: Ideally, yes.

A staff tutor’s reflection

I chose to go to this session for two reasons: the first was to add my understanding of what is going on, and secondly, to try to understand what the official UCU and management line on the contract was. The session confirmed some key fears that I have long held: that some very important aspects of the detail hasn’t yet been worked out. I have, for example, no idea how the historical tuition related activities will be managed, and nor do I know how to get an overview of which tutors are doing what, or how to get a quick summary of a tutor’s FTE score.

Faculty of Science, Technology, Engineering and Mathematics (STEM)

The session provided an opportunity for STEM ALs to meet each other. It was said to be: “informal, giving ALs the chance to converse, raise questions, and discuss the priorities within the STEM Faculty”. Approximately 40 tutors were able to attend, which was great to see. 

Michael Bowkis from the School of Computing and Communications and Fiona Aiken from the School of Earth and Environmental Sciences gave a summary of updates to the curriculum.

For the School of Computing and Communications, Michael summarised the key qualifications that were run from the school. These are: Q62 BSc (Honours) Computing and IT, Q67 BSc Computing and IT & second subject, R62 BSc (Hons) Computing with electronic engineering (which starts this year, and has four compulsory modules: T193. T194. T212 and T312), R38 BSc (Hons) Data Science (which is technically managed by Maths and Statistics), and R60 BSc (Hons) Cyber security.

The BSc (Hons) Cyber security (R60) started in 2020, and is a specialist qualification that is aligned with industry certification (CompTIA  Security+, CeH (Certified Ethical Hacking) and is accredited by the British Computer Society (BCS). It comprises of 3 new modules: TM256 Computer Security and Digital Forensics, which starts in February 2022, which addresses aspects of systems security and introductory concepts of digital forensics. There is also, TM311 Information security, which is linked to InfoSec standards for cyber security analysts. TM311 starts in October 2021. There is also TM359, System penetration testing, which is concerned with building secure systems, testing, ethical hacking methodology including certification as ethical hackers. This final module begins in February 2023.

On the postgraduate front, there is a new qualification: F87 MSc Cyber security. GCHQ certification and BCS accreditation will be applied for. An important module will be: M817 Cyber Security Fundamentals, which will complement M811 Information Security, and M812 Digital Forensics. Also, advanced networking qualifications are being withdrawn, but networking will remain as a pathway option in the main MSc programme.

Finally, the school offers four undergraduate degree apprenticeship qualifications, and one postgraduate. These are: R24 BSc (Honours) Digital and Technology Solutions (England), R32 BSc (Honours) IT: Software Development (Scotland), R33 BSc (Honours) IT: Cyber Security (Scotland), and R40 BSc (Honours) Applied Software Engineering (Wales). The postgraduate programme has the title of: F83 MSc Cyber Security (Scotland).

What hasn’t been mentioned is also new machine learning and artificial intelligence module, TM358. The School of Computing and Communications is a busy place!

Refreshing your practice: working across disciplines to enhance the student experience

We were given a choice of what session we would like to attend, and I opted for this session, which was facilitated by Heather Richardson and Clare Taylor. I was attracted by the abstract. Here’s a section: “In this practical workshop you’ll explore how experimenting with the teaching approaches of a different discipline can help you look at your own subject in a new light. Drawing on the findings of the FASS scholarship project ‘Creative Interactions’, which brought together the disciplines of Art History and Creative Writing, you’ll first take part in some hands-on activity, and then move on to consider potential ‘interactions’ between your own and other disciplines.”

I was drawn to this session, partly because I’ve been studying an arts module, A111, and have also recently completed a creative writing assignment. I was curious about what these activities might be, and how the activities might relate to my own discipline of Computing. The abstract also went on to say: “In the first part of the workshop you will analyse and respond to a piece of visual art from the Open University’s art collection, firstly conducting an Art-Historical visual analysis of the artwork, and then being guided through producing your own Creative Writing response to the piece.” The session was related to a Faculty of Art and Social Sciences project called ‘Creative Interactions’. 

There was a reference to the university art collection, which is mostly hung in corridors and shared spaces. During this session, we were show a number of works, and introduced to some terms that could be used to create (or write) a formal analysis of a piece. Key terms that we were introduced to included: scale, space and composition, viewpoint, subject matter, material/medium, line, colour and light, display and function.

There was then a shift towards creative writing. With an artwork used as a prompt, we were asked: “imagine you’re in the space that is depicted in a picture; what do you feel through your senses, and what is your emotional state?” We were asked to comment on three questions and respond through text chat: how did you respond to the image? Which approach was more helpful? What did you gain by trying two approaches?

What I got out of this session was how our online teaching tool, Adobe connect could be used, to create an interesting, and thoughtful tutorial experience. In our breakout rooms we were asked to discuss the question: what other disciplines could your own discipline interact with? In the breakout room that I attended, we discussed the connections between our own disciplines, and others.

To summarise, this was a popular session, with over 50 delegates attending. It made me reflect on how I use the online teaching tools, and consider how I might be able to draw on other subjects to (potentially) make my online tutorials more interesting and engaging.

Reflections

 I always get something from AL development conferences. It was useful to hear the official line about the new AL contract, and I did really enjoy the final session, which certainly got me thinking. I can’t help but feel that whilst online conferences useful and helpful, nothing quite beats being able to share tips and experiences over a cup of coffee at a face-to-face AL development conference. I look forward to a time when these can happen again. 

Permalink
Share post

This blog might contain posts that are only visible to logged-in users, or where only logged-in users can comment. If you have an account on the system, please log in for full access.

Total visits to this blog: 1212046