Despite the documented need to train and
educate more cybersecurity professionals, we have little
rigorous evidence to inform educators on effective ways to
engage, educate, or retain cybersecurity students. To begin
addressing this gap in our knowledge, we are conducting a
series of think-aloud interviews with cybersecurity
students to study how students reason about core
cybersecurity concepts. We have recruited these students
from three diverse institutions: University of Maryland,
Baltimore County, Prince George’s Community College,
and Bowie State University. During these interviews,
students grapple with security scenarios designed to probe
student understanding of cybersecurity, especially
adversarial thinking. We are analyzing student statements
using a structured qualitative method, novice-led paired
thematic analysis, to document student misconceptions
and problematic reasonings. We intend to use these
findings to develop Cybersecurity Assessment Tools that
can help us assess the effectiveness of pedagogies. These
findings can also inform the development of curricula,
learning exercises, and other educational materials and
policies.
more »
« less
Student misconceptions about cybersecurity concepts: Analysis of student think-a-loud interviews in Journal of Cybersecurity Education, Research & Practice
We conducted an observational study to document student misconceptions about cybersecurity using
thematic analysis of 25 think-aloud interviews. By understanding patterns in student misconceptions, we
provide a basis for developing rigorous evidence-based recommendations for improving teaching and
assessment methods in cybersecurity and inform future research. This study is the first to explore student
cognition and reasoning about cybersecurity. We interviewed students from three diverse institutions. During
these interviews, students grappled with security scenarios designed to probe their understanding of
cybersecurity, especially adversarial thinking. We analyzed student statements using a structured qualitative
method, novice-led paired thematic analysis, to document patterns in student misconceptions and
problematic reasoning that transcend institutions, scenarios, or demographics. Themes generated from this
analysis describe a taxonomy of misconceptions but not their causes or remedies. Four themes emerged:
overgeneralizations, conflated concepts, biases, and incorrect assumptions. Together, these themes reveal that
students generally failed to grasp the complexity and subtlety of possible vulnerabilities, threats, risks, and
mitigations, suggesting a need for instructional methods that engage students in reasoning about complex
scenarios with an adversarial mindset. These findings can guide teachers’ attention during instruction and
inform the development of cybersecurity assessment tools that enable cross-institutional assessments that
measure the effectiveness of pedagogies.
more »
« less
- Award ID(s):
- 1819521
- NSF-PAR ID:
- 10110287
- Date Published:
- Journal Name:
- Journal of cyber security
- Volume:
- 1
- Issue:
- 5
- ISSN:
- 2579-0064
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
null ; null ; null ; null (Ed.)We reflect on our ongoing journey in the educational Cybersecurity Assessment Tools (CATS) Project to create two concept inventories for cybersecurity. We identify key steps in this journey and important questions we faced. We explain the decisions we made and discuss the consequences of those decisions, highlighting what worked well and what might have gone better. The CATS Project is creating and validating two concept inventories—conceptual tests of understanding—that can be used to measure the effectiveness of various approaches to teaching and learning cybersecurity. The Cybersecurity Concept Inventory (CCI) is for students who have recently completed any first course in cybersecurity; the Cybersecurity Curriculum Assessment (CCA) is for students who have recently completed an undergraduate major or track in cybersecurity. Each assessment tool comprises 25 multiple-choice questions (MCQs) of various difficulties that target the same five core concepts, but the CCA assumes greater technical background. Key steps include defining project scope, identifying the core concepts, uncovering student misconceptions, creating scenarios, drafting question stems, developing distractor answer choices, generating educational materials, performing expert reviews, recruiting student subjects, organizing workshops, building community acceptance, forming a team and nurturing collaboration, adopting tools, and obtaining and using funding. Creating effective MCQs is difficult and time-consuming, and cybersecurity presents special challenges. Because cybersecurity issues are often subtle, where the adversarial model and details matter greatly, it is challenging to construct MCQs for which there is exactly one best but non-obvious answer. We hope that our experiences and lessons learned may help others create more effective concept inventories and assessments in STEM.more » « less
-
We reflect on our ongoing journey in the educational Cybersecurity Assessment Tools (CATS) Project to create two concept inventories for cybersecurity. We identify key steps in this journey and important questions we faced. We explain the decisions we made and discuss the consequences of those decisions, highlighting what worked well and what might have gone better. The CATS Project is creating and validating two concept inventories—conceptual tests of understanding—that can be used to measure the effectiveness of various approaches to teaching and learning cybersecurity. The Cybersecurity Concept Inventory (CCI) is for students who have recently completed any first course in cybersecurity; the Cybersecurity Curriculum Assessment (CCA) is for students who have recently completed an undergraduate major or track in cybersecurity. Each assessment tool comprises 25 multiple-choice questions (MCQs) of various difficulties that target the same five core concepts, but the CCA assumes greater technical background. Key steps include defining project scope, identifying the core concepts, uncovering student misconceptions, creating scenarios, drafting question stems, developing distractor answer choices, generating educational materials, performing expert reviews, recruiting student subjects, organizing workshops, building community acceptance, forming a team and nurturing collaboration, adopting tools, and obtaining and using funding. Creating effective MCQs is difficult and time-consuming, and cybersecurity presents special challenges. Because cybersecurity issues are often subtle, where the adversarial model and details matter greatly, it is challenging to construct MCQs for which there is exactly one best but non-obvious answer. We hope that our experiences and lessons learned may help others create more effective concept inventories and assessments in STEM.more » « less
-
Artificial intelligence (AI) and cybersecurity are in-demand skills, but little is known about what factors influence computer science (CS) undergraduate students' decisions on whether to specialize in AI or cybersecurity and how these factors may differ between populations. In this study, we interviewed undergraduate CS majors about their perceptions of AI and cybersecurity. Qualitative analyses of these interviews show that students have narrow beliefs about what kind of work AI and cybersecurity entail, the kinds of people who work in these fields, and the potential societal impact AI and cybersecurity may have. Specifically, students tended to believe that all work in AI requires math and training models, while cybersecurity consists of low-level programming; that innately smart people work in both fields; that working in AI comes with ethical concerns; and that cybersecurity skills are important in contemporary society. Some of these perceptions reinforce existing stereotypes about computing and may disproportionately affect the participation of students from groups historically underrepresented in computing. Our key contribution is identifying beliefs that students expressed about AI and cybersecurity that may affect their interest in pursuing the two fields and may, therefore, inform efforts to expand students' views of AI and cybersecurity. Expanding student perceptions of AI and cybersecurity may help correct misconceptions and challenge narrow definitions, which in turn can encourage participation in these fields from all students.more » « less
-
null (Ed.)As our nation’s need for engineering professionals grows, a sharp rise in P-12 engineering education programs and related research has taken place (Brophy, Klein, Portsmore, & Rogers, 2008; Purzer, Strobel, & Cardella, 2014). The associated research has focused primarily on students’ perceptions and motivations, teachers’ beliefs and knowledge, and curricula and program success. The existing research has expanded our understanding of new K-12 engineering curriculum development and teacher professional development efforts, but empirical data remain scarce on how racial and ethnic diversity of student population influences teaching methods, course content, and overall teachers’ experiences. In particular, Hynes et al. (2017) note in their systematic review of P-12 research that little attention has been paid to teachers’ experiences with respect to racially and ethnically diverse engineering classrooms. The growing attention and resources being committed to diversity and inclusion issues (Lichtenstein, Chen, Smith, & Maldonado, 2014; McKenna, Dalal, Anderson, & Ta, 2018; NRC, 2009) underscore the importance of understanding teachers’ experiences with complementary research-based recommendations for how to implement engineering curricula in racially diverse schools to engage all students. Our work examines the experiences of three high school teachers as they teach an introductory engineering course in geographically and distinctly different racially diverse schools across the nation. The study is situated in the context of a new high school level engineering education initiative called Engineering for Us All (E4USA). The National Science Foundation (NSF) funded initiative was launched in 2018 as a partnership among five universities across the nation to ‘demystify’ engineering for high school students and teachers. The program aims to create an all-inclusive high school level engineering course(s), a professional development platform, and a learning community to support student pathways to higher education institutions. An introductory engineering course was developed and professional development was provided to nine high school teachers to instruct and assess engineering learning during the first year of the project. This study investigates participating teachers’ implementation of the course in high schools across the nation to understand the extent to which their experiences vary as a function of student demographic (race, ethnicity, socioeconomic status) and resource level of the school itself. Analysis of these experiences was undertaken using a collective case-study approach (Creswell, 2013) involving in-depth analysis of a limited number of cases “to focus on fewer "subjects," but more "variables" within each subject” (Campbell & Ahrens, 1998, p. 541). This study will document distinct experiences of high school teachers as they teach the E4USA curriculum. Participants were purposively sampled for the cases in order to gather an information-rich data set (Creswell, 2013). The study focuses on three of the nine teachers participating in the first cohort to implement the E4USA curriculum. Teachers were purposefully selected because of the demographic makeup of their students. The participating teachers teach in Arizona, Maryland and Tennessee with predominantly Hispanic, African-American, and Caucasian student bodies, respectively. To better understand similarities and differences among teaching experiences of these teachers, a rich data set is collected consisting of: 1) semi-structured interviews with teachers at multiple stages during the academic year, 2) reflective journal entries shared by the teachers, and 3) multiple observations of classrooms. The interview data will be analyzed with an inductive approach outlined by Miles, Huberman, and Saldaña (2014). All teachers’ interview transcripts will be coded together to identify common themes across participants. Participants’ reflections will be analyzed similarly, seeking to characterize their experiences. Observation notes will be used to triangulate the findings. Descriptions for each case will be written emphasizing the aspects that relate to the identified themes. Finally, we will look for commonalities and differences across cases. The results section will describe the cases at the individual participant level followed by a cross-case analysis. This study takes into consideration how high school teachers’ experiences could be an important tool to gain insight into engineering education problems at the P-12 level. Each case will provide insights into how student body diversity impacts teachers’ pedagogy and experiences. The cases illustrate “multiple truths” (Arghode, 2012) with regard to high school level engineering teaching and embody diversity from the perspective of high school teachers. We will highlight themes across cases in the context of frameworks that represent teacher experience conceptualizing race, ethnicity, and diversity of students. We will also present salient features from each case that connect to potential recommendations for advancing P-12 engineering education efforts. These findings will impact how diversity support is practiced at the high school level and will demonstrate specific novel curricular and pedagogical approaches in engineering education to advance P-12 mentoring efforts.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- The DOI is not currently available.
