Dr. Dan Shoemaker received a doctorate from the University of Michigan in 1978. He taught at Michigan State University and then moved to the Directorship of the information systems function for the Medical schools at MSU.
He held a joint teaching and Department Chair position at Mercy College of Detroit. When Mercy was consolidated with the University of Detroit in 1990 he moved to the Business School to Chair their Department of Computer Information Systems (CIS). He attended the organizational roll-out of the discipline of software engineering at the Carnegie-Mellon University Software Engineering Institute in the fall of 1987, and he was already teaching a SEI based software engineering curriculum, which he established as a separate degree program to the MBA within the UDM College of Business Administration.
Dr. Shoemaker’s specific areas of scholarship, publication and teaching were the process based stages of the waterfall; specification, SQA and acceptance/sustainment. He was also a primary consultant in the Detroit area on the CMM/CMMI.
Dr. Shoemaker’s transition into cybersecurity came as a result of the audit and compliance elements of that body of knowledge, as well as the long established SQA/SCM elements of their curriculum. They were designated the 39th Center of Academic Excellence by the NSA/DHS at West Point in 2004, and they have tried to stay on the leading edge in the architectural aspects of cybersecurity system design and implementation as well as software assurance.
As a result of Dr. Shoemaker’s associations with NSA/DHS and his interest in software assurance, he participated in the earliest meetings of the software assurance initiative. He was one of the three authors of the Common Body of Knowledge to Produce, Acquire and Sustain Software (2006), and he Chaired the Workforce Education and Training committee from 2007-2010. He was Chair of Workforce Training and Education for the Software Assurance Initiative at DHS (2007-2012), and he was a subject matter expert for NICE (2009 and NICE II – 2010-11), Securely Provision. Dr. Shoemaker was also an SME for the CSEC2017 (Human Security).
He also published frequently in the Build-Security-In website.
This exposure led to a grant to develop curricula for software assurance and the founding of the Center for Cybersecurity where he currently resides. The Center is a free-standing academic unit in the College of Liberal Arts, which is the administrative locus for Research Centers within UDM. Dr. Shoemaker’s final significant grant was from the DoD to develop a curriculum and teaching and course material for Secure Acquisition (in conjunction with the Institute for Defense Analysis and the National Defense University). A book was subsequently published by CRC press.
University of Detroit Mercy
Email: dan.shoemaker@att.net
DVP term expires December 2023
Presentations
Secure Sourcing of COTS Products: A Critical Missing Element in Software Engineering Education
The aim of this paper is to publicize both the challenge and potential solution for the integration of secure supply chain risk management content into conventional software engineering programs. Specifically, software engineering programs typically do not teach how to ensure that the code produced and sold in commercial off-the-shelf (COTS) products hasn’t been compromised through the sourcing process. We propose four instructional modules and topics based on established principles that can form the basis of a comprehensive course to address secure sourcing of COTS products.
Teaching Secure Acquisition in Higher Education, IEEE Security & Privacy
Acquisition is the most common approach to introducing new technology into organizations. Yet, because of the abstract nature of ICT products their security, and integrity cannot be assured using conventional acquisition risk management techniques. Therefore, it stands to reason that the unique knowledge associated with identifying, assessing, and mitigating ICT supply chain risks ought to be included in every cybersecurity curriculum. Because a formal body of content and a practical educational approach did not exist in 2012, the Department of Defense (DoD) and the Institute for Defense Analysis (IDA) undertook a project to create a common course package for the teaching of methods for secure acquisition. NIST IR-7622 (evolved to NIST 800-161) was the conceptual framework adopted to provide the course content architecture. This paper will discuss the detailed implementation of these findings.
Toward a Discipline of Cyber Security: Some Parallels with the Development of Software Engineering Education
Coordinated programs of education are a powerful engine for social change. That is where the parallel between the evolution of software engineering education and the emerging discipline of cybersecurity is so instructive. This article traces the development of a commonly accepted curriculum for cybersecurity in reference to the emergence of software engineering as an academic discipline. Based on the parallels, it is concluded that cybersecurity is presently at an encouraging watershed.
