Hacking exercises are a common tool for security education, but there is limited investigation of how they teach security concepts and whether they follow pedagogical best practices. This paper enumerates the pedagogical practices of 31 popular online hacking exercises. Specifically, we derive a set of pedagogical dimensions from the general learning sciences and educational literature, tailored to hacking exercises, and review whether and how each exercise implements each pedagogical dimension. In addition, we interview the organizers of 15 exercises to understand challenges and tradeoffs that may occur when choosing whether and how to implement each dimension.We found hacking exercises generally were tailored to students’ prior security experience and support learning by limiting extraneous load and establishing helpful online communities. Conversely, few exercises explicitly provide overarching conceptual structure or direct support for metacognition to help students transfer learned knowledge to new contexts. Immediate and tailored feedback and secure development practice were also uncommon. Additionally, we observed a tradeoff between providing realistic challenges and burdening students with extraneous cognitive load, with benefits and drawbacks at any point on this axis. Based on our results, we make suggestions for exercise improvement and future work to support organizers.
more »
« less
How Do Students Feel About Automated Security Static Analysis Exercises?
This Innovative Practice, work in progress (WIP) paper presents our experience related to two exercises that focus on automated security static analysis, a practice used to integrate security into development and operations (DevOps). The concept has gained popularity amongst information technology (IT) organizations. However, security-related concerns, such as security weaknesses in DevOps artifacts can cause serious consequences. Our preliminary findings indicate that (i) students positively perceive the introduced exercises; and (ii) the students perform well if they are provided necessary background on the exercises. Our WIP paper lays the groundwork to build course materials that will facilitate development, deployment, and dissemination of DevOps-related education materials that also incorporate cybersecurity concepts.
more »
« less
- Award ID(s):
- 2026869
- NSF-PAR ID:
- 10343036
- Date Published:
- Journal Name:
- 2021 IEEE Frontiers in Education Conference (FIE)
- Page Range / eLocation ID:
- 1 to 4
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Hands-on practice is a critical component of cybersecurity education. Most of the existing hands-on exercises or labs materials are usually managed in a problem-centric fashion, while it lacks a coherent way to manage existing labs and provide productive lab exercising plans for cybersecurity learners. With the advantages of big data and natural language processing (NLP) technologies, constructing a large knowledge graph and mining concepts from unstructured text becomes possible, which motivated us to construct a machine learning based lab exercising plan for cybersecurity education. In the research presented by this paper, we have constructed a knowledge graph in the cybersecurity domain using NLP technologies including machine learning based word embedding and hyperlink-based concept mining. We then utilized the knowledge graph during the regular learning process based on the following approaches: 1. We constructed a web-based front-end to visualize the knowledge graph, which allows students to browse and search cybersecurity-related concepts and the corresponding interdependence relations; 2. We created a personalized knowledge graph for each student based on their learning progress and status; 3.We built a personalized lab recommendation system by suggesting more relevant labs based on students’ past learning history to maximize their learning outcomes. To measure the effectiveness of the proposed solution, we have conducted a use case study and collected survey data from a graduate-level cybersecurity class. Our study shows that, by leveraging the knowledge graph for the cybersecurity area study, students tend to benefit more and show more interests in cybersecurity area.more » « less
-
The Hispanic Serving Institution Advanced Technological Education Hub 2 (HSI ATE Hub 2) is a three-year collaborative research project funded by the National Science Foundation (NSF) that builds upon the successful outcomes of two mentoring and professional development (PD) programs in a pilot that translates foundational theory related to culturally responsive pedagogy into practice using a 3-tier scaffolded faculty PD model. The goal of HSI ATE Hub 2 is to improve outcomes for Latinx students in technician education programs through design, development, pilot, optimization, and dissemination of this model at 2-year Hispanic Serving Institutions (HSIs). The tiered PD model has been tested by two faculty cohorts at Westchester Community College (WCC), an HSI in the State University of New York (SUNY) system. In year one, Cohort A piloted the PD modules in Tier 1 which featured reflective exercises and small culturally responsive activities to try with their STEM students. In year two, Cohort A piloted the PD modules in Tier 2 and peer-mentored Cohort B as they piloted optimizations introduced to Tier 1 from Cohort A feedback. Three types of optimizations came from faculty feedback. The first considered feedback regarding delivery and/or nature of the content that influenced a subsequent module. The second involved making changes to a particular module before it was delivered to another faculty cohort. The third takes into account what worked and what didn’t to decide which content to bring into virtual webinars for the broader advanced technician education community. Dissemination of the tiered PD model has been achieved in annual webinars with the broader ATE community and at conferences for advanced technician educators to achieve broader impacts in the ATE Community. Longer term, providing professional development in culturally responsive pedagogy and practices can help existing and future faculty learn to productively engage their students in more inclusive ways. As faculty mindsets shift to asset-based thinking and a climate of mutual respect is developed, the learning environment for all students in technician education programs will improve. When students learn in a supportive environment, their chances for success increase. The professional development provided in the HSI ATE Hub 2 project will lead to longer term improvements in four ways: 1) Retainment of Culturally responsive practices by those directly engaged after the project ends; 2) Inserting top activities from the PD into national webinars to extend the reach of the training; 3) Strengthening grant proposals as faculty integrate culturally responsive strategies, knowledge and experience within their ATE proposals to the NSF; and 4) Meeting industry demand for a diverse technician workforce. This second paper in a three-part series describes ongoing progress and lessons learned in developing and piloting the 3-Tier PD model with two Cohorts of STEM faculty at a 2-year HSI.more » « less
-
The Hispanic Serving Institution Advanced Technological Education Hub 2 (HSI ATE Hub 2) is a three-year collaborative research project funded by the National Science Foundation (NSF) that builds upon the successful outcomes of two mentoring and professional development (PD) programs in a pilot that translates foundational theory related to culturally responsive pedagogy into practice using a 3-tier scaffolded faculty PD model. The goal of HSI ATE Hub 2 is to improve outcomes for Latinx students in technician education programs through design, development, pilot, optimization, and dissemination of this model at 2-year Hispanic Serving Institutions (HSIs). The tiered PD model has been tested by two faculty cohorts at Westchester Community College (WCC), an HSI in the State University of New York (SUNY) system. In year one, Cohort A piloted the PD modules in Tier 1 which featured reflective exercises and small culturally responsive activities to try with their STEM students. In year two, Cohort A piloted the PD modules in Tier 2 and peer-mentored Cohort B as they piloted optimizations introduced to Tier 1 from Cohort A feedback. Three types of optimizations came from faculty feedback. The first considered feedback regarding delivery and/or nature of the content that influenced a subsequent module. The second involved making changes to a particular module before it was delivered to another faculty cohort. The third takes into account what worked and what didn’t to decide which content to bring into virtual webinars for the broader advanced technician education community. Dissemination of the tiered PD model has been achieved in annual webinars with the broader ATE community and at conferences for advanced technician educators to achieve broader impacts in the ATE Community. Longer term, providing professional development in culturally responsive pedagogy and practices can help existing and future faculty learn to productively engage their students in more inclusive ways. As faculty mindsets shift to asset-based thinking and a climate of mutual respect is developed, the learning environment for all students in technician education programs will improve. When students learn in a supportive environment, their chances for success increase. The professional development provided in the HSI ATE Hub 2 project will lead to longer term improvements in four ways: 1) Retainment of Culturally responsive practices by those directly engaged after the project ends; 2) Inserting top activities from the PD into national webinars to extend the reach of the training; 3) Strengthening grant proposals as faculty integrate culturally responsive strategies, knowledge and experience within their ATE proposals to the NSF; and 4) Meeting industry demand for a diverse technician workforce. This second paper in a three-part series describes ongoing progress and lessons learned in developing and piloting the 3-Tier PD model with two Cohorts of STEM faculty at a 2-year HSI.more » « less
-
Quantum information science (QIS) is of growing importance to economic and national security, commerce, and technology. The development of a "quantum smart" workforce needs to begin before college since most students will not major in physics. Thus, it is vital to expose K-12 students to quantum concepts that are relevant to everyday experiences with credit card security, phones, computers, and basic technology and to prepare teachers to teach this content. The logical venue for exposure to basic ideas in quantum science might be a high school physics course, or even a physical science course if a full physics course is not offered. Professional development (PD) for educators typically includes 1-2 weeks of intensive instruction, usually in the summer. Teachers are then expected to remember what they learned and implement it several months after the PD. The model is based on prior research indicating that an educator needs a minimum of 80 hours of PD to become comfortable enough to implement the new instruction in their classroom. However, little research has been done as to how much they actually implement. For the past three years, we have been engaged in a project funded by the US National Science Foundation to build mechanisms (materials and PD strategies) for educating a quantum-ready workforce. Our PD model is based on pedagogical techniques used in classrooms, specifically the components of learn then practice in order to avoid cognitive overload. Instruction is more effective when the learners (teachers or students) are given opportunities to actively engage in the learning process through interaction/collaboration with peers, exploring challenges, and practicing what they have learned. This paper will share the logistics of our new PD new model, challenges, finding from our current research, and implications for future PD in K-16.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/FIE49875.2021.9637201
