Article

Increasing Cybersecurity Career Interest through Playable Case Studies

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In this paper we introduce an approach to cybersecurity education and helping students develop professional understanding in the form of a Playable Case Study (PCS), a form of educational simulation that draws on affordances of the broader educational simulation genre, case study instruction, and educational Alternate Reality Games (or ARGs). A PCS is an interactive simulation that allows students to “play” through an authentic scenario (case study) as a member of a professional team. We report our findings over a multi-year study of a PCS called Cybermatics, with data from 111 students from two different U.S. universities who interacted with the PCS. Cybermatics increased student understanding about certain key aspects of professional cybersecurity work, improved their confidence in being able to successfully apply certain skills associated with cybersecurity, and increased about half of the students’ interest in pursuing a cybersecurity career. Students also reported a number of reasons why their perceptions changed in these areas (both positive and negative). We also discuss design tensions we experienced in our process that might be encountered by others when creating simulations like a PCS, as they attempt to balance the authenticity of designed learning experiences while also sufficiently scaffolding them for newcomers who have little background in a discipline.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Two of the most common features are that students (a) communicate with in-game characters who interact as would actual supervisors, peers, clients, and so on; and (b) are assigned professional tasks they complete as both in-class activities and homework. For more background on the PCS format see Giboney et al. (2021) and Winters et al. (2020). ...
... A PCS is designed to nurture students' development of professional identities, and learning of professional practices, within a particular domain of knowledge (Giboney et al., 2021). The primary goal is to help students gain a more realistic view of professional work and understand the importance of situational constraints when communicating within these contexts. ...
... We intend that this approach gives teachers data points that will inform classroom discussion, helping teachers decide what to emphasize and how to respond to students' experiences within the simulation. We have used the PCS format to develop students' interest in exploring a potential discipline as a possible career (Giboney et al., 2021), help novices develop a sense of self-efficacy as they start to explore a discipline (Winters et al., 2020), improve writing skills (Balzotti et al., 2022), and prepare them for important professional realities like how to address ethical dilemmas (Neupane et al., 2021). ...
Article
Full-text available
In this design case, we report our design and playtest of a form of alternative reality, educational simulation that we call a playable case study (PCS). One of the features that make our simulations unique is how they are designed to implement a principle called This Is Not a Game, or TINAG, meaning that the affordances we design into the simulation suggest to students that the experience they are having is real, in contrast to the way the artificial nature of the experience is highlighted in many computer games. In this case, we describe some challenges we encountered in designing a PCS to align with TINAG, along with how the situation in which we play tested the simulation highlighted other ways in which the principle of TINAG was challenging to achieve. Jason K. McDonald is a professor in the department of Instructional Psychology and Technology at Brigham Young University. Jonathan Balzotti is an associate professor in the English department at Brigham Young University. Melissa Franklin is a graduate student in the department of Instructional Psychology and Technology at Brigham Young University. Jessica Haws is a graduate student in the English department at Brigham Young University. Jamin Rowan is an associate professor in the English department at Brigham Young University.
... Game-based and experiential learning studies have long investigated how role-playing activities (e.g., "playing as an urban planner") enable learners to adopt epistemic frames, or ways of knowing in simulated contexts that may transfer to "real world," professional contexts (e.g., Shaffer et al., 2005;Arastoopour et al., 2014). This Interactive Tools and Demo paper introduces a new genre of interactive, role-based simulation called a Playable Case Study (PCS) (Balzotti et al., 2019;Giboney et al., 2021). The PCS architecture is a "designed experience" rather than a content delivery platform (Squire, 2006), enabling learners to take on various professional roles and interact with peers and fictional characters to carry out discipline-specific tasks. ...
... The online experience can be augmented by in-class activities designed to provide educational scaffolding. The PCS provides a scalable way to simulate high-risk activities for novices to experience in a safe environment, as well as a platform in which to study individual and group activities (Giboney et al., 2021). As players take on unique roles in a PCS, they enact principles of productive disciplinary engagement (Engle & Conant, 2002) by (1) tackling disciplinary problems, (2) gaining authority to make in-game decisions, (3) holding each other and themselves to disciplinary norms, and (4) using resources provided by the PCS. Figure 1 presents the core elements of a PCS, using our team-based, Risk Analysis cybersecurity PCS as an example. ...
... Cybermatics is a single-player PCS that has been run with hundreds of students at multiple universities and high schools, resulting in several publications about its design and impact (Balzotti et al., 2019;Giboney et al., 2021). Players take on the role of a junior cybersecurity penetration tester, working with a team of fictional characters to perform ethical hacking on a client's website (https://riptech.xyz). ...
Conference Paper
Full-text available
Playable Case Studies (PCSs) are online simulations that allow learners to adopt (play) a professional role within an authentic scenario (case) as they solve realistic problems alongside fictionalized experts in an unfolding narrative. The PCS architecture offers scalable options for creating learning activities for individual learners and student teams, and the means for observing and analyzing these activities. This interactive demo will showcase PCSs the team has developed for topics ranging from cybersecurity to technical writing to disaster response, illustrating how we embed learning assessments and research surveys and run them in classroom environments. Participants and potential collaborators will interact with and provide feedback on the prototype PCS Authoring Tool, designed to streamline the creation of new PCSs.
... More consistent with all cognitive transfer theories, professionally authentic activities "exhibit features of problem-solving, creation, experimentation, and inquiry that mirror or are directly connected to the culture, practices, and communities of computing professionals" (2021, p. 30). The authenticity of such practices is usually defined by instructors and experts rather than learners; such professionally authentic experiences are well represented in cybersecurity education (e.g., Giboney et al., 2021) and are central to the K-12 GenCyber summer camps sponsored by the U.S. National Security Agency and the National Science Foundation (Payne et al., 2016). The ten first principles of cybersecurity that organize the GenCyber program (e.g., domain separation, least privileges modularity, etc.) present a detailed framework for offering professionally authentic experiences to younger learners. ...
... For example, Shivapurkar et al. (2020) compared cybersecurity problem-based learning with a "traditional lecture-based approach followed by laboratory exercises," which "fails to provide students with an opportunity to completely explore the multi-faceted and illdefined problems prevalent in the real-world cybersecurity scenarios" (p. 1). Other noteworthy socio-constructivist cybersecurity innovations include playable case studies from Giboney et al. (2021) and the collaborative learning laboratory from Murphy et al. (2014). ...
... Cybermatics is an interactive simulation that allows students to "play" through an authentic scenario (case study) as a member of a professional team [83]. The applications saw increased student understanding about certain key aspects of professional cybersecurity work, improved their confidence in being able to successfully apply certain skills associated with cybersecurity, and increased nearly half of the students' interest in pursuing a cybersecurity career [83]. ...
... Cybermatics is an interactive simulation that allows students to "play" through an authentic scenario (case study) as a member of a professional team [83]. The applications saw increased student understanding about certain key aspects of professional cybersecurity work, improved their confidence in being able to successfully apply certain skills associated with cybersecurity, and increased nearly half of the students' interest in pursuing a cybersecurity career [83]. ...
Article
Full-text available
Gamification in education presents a number of benefits that can theoretically facilitate higher engagement and motivation among students when learning complex, technical concepts. As an innovative, high-potential educational tool, many educators and researchers are attempting to implement more effective gamification into undergraduate coursework. Cyber Security Operations (CSO) education is no exception. CSO education traditionally requires comprehension of complex concepts requiring a high level of technical and abstract thinking. By properly applying gamification to complex CSO concepts, engagement in students should see an increase. While an increase is expected, no comprehensive study of CSO gamification applications (GA) has yet been undertaken to fully synthesize the use and outcomes of existing implementations. To better understand and explore gamification in CSO education, a deeper analysis of current gamification applications is needed. This research outlines and conducts a methodical, comprehensive literature review using the Systematic Mapping Study process to identify implemented and evaluated GAs in undergraduate CSO education. This research serves as both a comprehensive repository and synthesis of existing GAs in cybersecurity, and as a starting point for further CSO GA research. With such a review, future studies can be undertaken to better understand CSO GAs. A total of 74 papers were discovered which evaluated GAs undergraduate CSO education, through literature published between 2007 and June 2022. Some publications discussed multiple GAs, resulting in a total of 80 undergraduate CSO GAs listing at https://bit.ly/3S260GS. The study outlines each GA identified and provides a short overview of each GA. It also provides a summary of engagement-level characteristics currently exhibited in existing CSO education GAs and discusses common themes and findings discovered in the course of the study.
... Though ARG designers were the first to describe TINAG, researchers since then have applied the construct to other participatory genres. For example, researchers have explicitly incorporated TINAG into educational simulations and games to provide students with a sense of authenticity and application (Bonsignore, 2016;Flushman et al., 2015;Giboney et al., 2021;Hansen et al., 2013Hansen et al., , 2017McDonald et al., 2019). They have described the role of TINAG in enhancing urban games (Ferri & Coppock, 2013). ...
... These games were meant to be fun and educational but were not designed with TINAG in mind. The second was a cybersecurity playable case study (PCS) named Cybermatics (Giboney et al., 2021) (see Appendix B for an image), which researchers designed explicitly to include elements of TINAG, though it is a pre-scripted experience. We chose the three different simulations as they had varying degrees of TINAG elements. ...
Article
Participatory narratives are compelling, at least partly because of their ability to help players suspend disbelief in the fictional world in which they engage. Game makers have used the phrase “This is Not a Game” (TINAG) to capture the willingness of players to buy into such narratives in ways that promote productive roleplaying and authentic engagement. Although TINAG has permeated the academic and popular literature on gaming and immersive narratives for decades, there has not been a scientific grounding for the term that provides researchers support for a more rigorous study of the topic. This paper makes two primary contributions. First, it provides a definition of the Perception of TINAG based on a systematic literature review of 50 articles that define or describe critical characteristics of TINAG: The Perception of TINAG is a player’s acceptance that they are embedded in and able to influence a fictional story woven into the real world . Second, the paper develops and validates a survey instrument that researchers can use to measure the Perception of TINAG and its three unique components: 1) the player accepts that they are embedded in a fictional story, 2) the player believes their actions influence the narrative, and 3) the player perceives that the story is woven into the real world . We evaluated the instrument using exploratory factor analysis using expert reviewers and game players. We include a table of the 50 articles describing TINAG and our final scale to facilitate future research.
... Cybermatics is an interactive simulation that allows students to "play" through an authentic scenario (case study) as a member of a professional team [83]. The applications saw increased student understanding about certain key aspects of professional cybersecurity work, improved their confidence in being able to successfully apply certain skills associated with cybersecurity, and increased nearly half of the students' interest in pursuing a cybersecurity career [83]. ...
... Cybermatics is an interactive simulation that allows students to "play" through an authentic scenario (case study) as a member of a professional team [83]. The applications saw increased student understanding about certain key aspects of professional cybersecurity work, improved their confidence in being able to successfully apply certain skills associated with cybersecurity, and increased nearly half of the students' interest in pursuing a cybersecurity career [83]. ...
... Sim4. Cybermatics is an interactive simulation that allows students to "play" through an authentic scenario (case study) as a member of a professional team (Giboney et al., 2021). The applications saw increased student understanding about certain key aspects of professional cybersecurity work, improved their confidence in being able to successfully apply certain skills associated with cybersecurity, and increased nearly half of the students' interest in pursuing a cybersecurity career. ...
Preprint
Full-text available
This listing contains a total of 80 gamification applications (GA)s used in cyber security operations (CSO) undergraduate education, from 74 publications, published between 2007 and June 2022. The listing outlines each GA identified and provides a short overview of each. This listing serves as both a comprehensive repository of existing GAs in cybersecurity undergraduate education, and as a starting point for adding new CSO GAs to the list. Contact the first author to add a CSO GA to the next version of the list.
... Given the growing cybersecurity workforce gap (ISC2, 2023), this theme highlights the potential of employing teaching cases as a strategic opportunity to bridge this gap. By leveraging engaging cases that increase curiosity about the cybersecurity field, educators can remove perceived barriers to cybersecurity, increase students' confidence, and ultimately increase their interest in pursuing a cybersecurity career (Giboney et al., 2021). Relevance is a key criterion in the selection of teaching cases in order to actively engage students (Hackney et al., 2003). ...
Article
Over 600,000 people go missing every year in the US alone. Despite the extensive resources allocated to investigating these cases, the high volume of missing person cases constitutes one of the biggest challenges for law enforcement agencies. One approach to tackle this challenge is using crowdsourcing. That is, volunteers use freely available tools and techniques to aid the existing efforts to investigate missing person cases. Open-Source Intelligence (OSINT) refers to gathering information from publicly available sources and analyzing it through a comprehensive set of open-source tools to produce meaningful and actionable intelligence. OSINT has been applied to address various societal challenges and crimes, including environmental abuse, human rights violations, child exploitation, domestic violence, disasters, and locating missing people. Building on this premise, this case examines a crowdsourced initiative called Trace Labs that aims to assist law enforcement agencies in solving missing person cases using OSINT tools. The case emphasizes socio-technical aspects of cybersecurity, highlighting both the bright and dark sides of technology. It demonstrates the potential of information systems to serve the public good by examining topics such as open-source software, crowdsourcing, and intelligence gathering, while acknowledging that the very same underlying technology can be used for malicious purposes.
... As we explore LXD practices that align with these dimensions of expertise, we illustrate each by describing how they have been implemented in a specific learning environment: a type of educational simulation called a playable case study (PCS). Modeled on what is known as alternate reality gaming (Bonsignore et al., 2013), a PCS supports students' cultivation of various forms of professional expertise (e.g., cybersecurity, technical writing) as they interact with fictional professionals and perform authentic job tasks (Balzotti et al., 2022;Giboney et al., 2021). The simulations implement numerous features that are compatible with the expanded view of expertise described above. ...
Article
Full-text available
In this paper we consider how learning experience design (LXD) improves designers’ capacities to influence learning. We do this by exploring what LXD offers the design of learning environments that help develop learners’ expertise. We discuss how LXD (a) attunes designers to different learning affordances than are emphasized in traditional ID; (b) challenges the universal applicability of common ID techniques; and (c) expands designers’ views of the outcomes for which they can design. These insights suggest that LXD is useful because it refocuses and reframes designers' work around flexible design approaches that are often deemphasized in traditional ID.
... A playable case study where students can act out a virtual internship and learn cybersecurity skills showed that using such experiential career exploration can allow students to make a better decision whether or not to pursue a career, understand the skills and trait needed for a career and increase their confidence to succeed in a specific career (Giboney et al., 2019). The proposed framework aims to provide students with a "weekin-the-life" simulated experience of a cybersecurity professional where the character is hired for a company called Cybermatics and has to solve intriguing problems as part of a storyline (Giboney et al., 2021). A comprehensive platform that can integrate the various career clusters (States Career Clusters, 2007) into a NL-based application has the potential to revolutionize career exploration and guidance. ...
Article
Full-text available
Career and technical education play a significant role in reducing high school and college dropouts as well providing necessary skills and opportunities to make suitable career decisions. The recent technological advances have benefited the education sector tremendously with the introduction of exciting innovations including virtual and augmented reality. The benefits of NL and game-based learning are well-established in the literature. However, their implementation has been limited to the education sector. In this research, the design and implementation of a Narrative Integrated Career Exploration (NICE) platform is discussed. The platform contains four playable tracks allowing students to explore careers in artificial intelligence, cybersecurity, internet of things, and electronics. The tracks are carefully designed with narrative problem-solving reflecting contemporary real-world challenges. To evaluate the perceived usefulness of the platform, a case study involving university students was performed. The results clearly reflect students’ interest in narrative and game-based career exploration approaches.
Preprint
Full-text available
This paper explores the potential of using educational simulations, specifically Playable Case Studies (PCS), in Human-Computer Interaction (HCI) courses. We present Cyclops, a PCS developed for an introductory HCI class, as an example of how simulations can provide immersive learning opportunities for students in the field of HCI. The PCS Cyclops places learners in a fictional Virtual Reality game company where they take on the role of a user experience (UX) researcher. Through this simulation, learners experience HCI roles in an authentic workplace context, develop skills in analyzing user testing data, and practice ethical decision making in a low-risk environment. We report on a case study where we deployed and evaluated the use of the Cyclops PCS in an introductory HCI design class. Students reported an improved understanding of the UX profession after completing the PCS, including both the social and technical skills required for the work. They also reported an increased confidence in pursuing careers in HCI/UX. While the realism embedded in the PCS played a key role in fostering a genuine sense of the professional UX context, the paper acknowledges challenges in balancing workplace ambiguity and complexity with the need to provide students with clear structure to complete the simulation. Strategies for improving the PCS are discussed. We demonstrate how PCSs offer a versatile and adaptable educational framework that can be tailored to suit the unique challenges and objectives of HCI/UX as well as different fields.
Chapter
Technology and its applications are advancing rapidly, making it challenging to assess the implications of its use. Exacerbating these issues is a lack of cybersecurity professionals in the workforce. In Summer 2022, the researchers implemented GenCyber as a six-day professional development camp for middle and high school teachers, focusing on a broad range of cybersecurity principles. Participants designed two lesson plans to foster cybersecurity learning across the content areas. This case study explored how participants perceived the impacts of GenCyber on their instructional practices. Data sources included their lesson plans and a focus group interview. It was found that participants perceived the camp as impactful on their teaching practices. They were able to address needs and issues of practice, increase student engagement, and foster interdisciplinary and career connections; however, the participants' lesson plans aligned to a limited scope of technology and engineering contexts. Conclusions and implications are shared, including ways to improve future professional development.
Article
Full-text available
This study aimed to address the challenges of cybersecurity in education. As kindergarten through twelfth-grade education shifts to online and remote learning, educators and governments are increasingly vulnerable to the risks of cyberattacks and cybercrimes. This study focused on the strategies that institutions can employ to increase their students’ cybersecurity awareness and simultaneously motivate them to pursue cybersecurity as a career. To achieve the research objectives, a systematic review of ten studies was performed, and the results showed that game-based strategies were effective in increasing students’ awareness about cybersecurity and their interest in pursuing cybersecurity as a career. The study’s implications suggest that game designers and developers may want to develop advanced games that gauge students’ cybersecurity skills and ability to respond to aggressive forms of cyberattacks in addition to enhancing their knowledge of cybersecurity.
Article
Full-text available
This study aimed to address the challenges of cybersecurity in education. As kindergarten through twelfth-grade education shifts to online and remote learning, educators and governments are increasingly vulnerable to the risks of cyberattacks and cybercrimes. This study focused on the strategies that institutions can employ to increase their students' cybersecurity awareness and simultaneously motivate them to pursue cybersecurity as a career. To achieve the research objectives, a systematic review of ten studies was performed, and the results showed that game-based strategies were effective in increasing students' awareness about cybersecurity and their interest in pursuing cybersecurity as a career. The study's implications suggest that game designers and developers may want to develop advanced games that gauge students' cybersecurity skills and ability to respond to aggressive forms of cyberattacks in addition to enhancing their knowledge of cybersecurity.
Article
Cybersecurity awareness and education initiatives are being designed and expanded for the workforce and K-20 education institutions. Predominately, K-12 cybersecurity education programs and research have focused on student learning experiences; however, there is a need to also concentrate cybersecurity education resources on K-12 teacher professional development. Teacher professional development supporting self-confidence in knowledge building and modeling of instructional practices may positively influence K-12 teachers’ integration of cybersecurity concepts within classroom instruction. This study documented K-12 teachers’ (n=17) perceived self-confidence in designing and implementing cybersecurity-related lessons when participating in a week-long cybersecurity education workshop experience funded by the National Security Agency's GenCyber grant program called the [Redacted Program Name]. Teachers were asked to rate their perceived self-confidence (pre and post) related to cybersecurity lesson development. Results showed that all self-confidence survey items increased after engaging in the GenCyber workshop; however, two items focused on creating engaging, inquiry-based lessons were not significant at the alpha value level of 0.003. These findings suggest that effective professional development aimed to increase K-12 teachers’ cybersecurity knowledge and to support development and implementation of cybersecurity-related lesson plans is an important factor in advocating for cybersecurity education efforts in K-12 education.
Article
Full-text available
Cybersecurity jobs are in demand around the country in response to the rapidly growing number of cyberattacks on businesses and government entities. While there is some consensus on core technical skills needed to fill these positions, many hiring employers are not aware of or deemphasize the importance of soft skills in these positions. Using a semantic network analysis of job advertisements, this study sought to answer two research questions: what are the most critical soft skills cybersecurity employers seek? And how are the soft skills related to the hard skills based on industry expectations? This study reports the analysis of 17,929 cybersecurity job advertisements. Our results found that three categories of soft skills emerged: Knowledge management and systems, big data analytical skills, and teamwork and diversity are all highly sought after. In addition, our study findings reinforce a critical role information system is playing in cyber security.
Article
italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Contribution: Based on a previous exploratory study, this research further investigated learning mode contributions from simulations and live competitive activities compared to a traditional classroom, laboratory, and testing approach to instruction in order to assess the applied behavioral contributions of each. Background: Cybersecurity capabilities in organizations lag behind the threats; consequently, there is a renewed emphasis on cybersecurity education. However, education appears to lack its full potential in most settings. Few empirical studies have systematically tested the efficacy of various training methods and modes, and those that have been conducted have yielded inconsistent findings. Recent literature on the use of gamified simulations have suggested that they may improve cybersecurity behaviors. Similarly, live activities, such as hackathons and capture the flag events, have been surmised to augment learning and capabilities. This study sought to systematically investigate this question. Research Questions: 1) Do cybersecurity simulations improve applied learning performance; 2) do live competitive activities improve applied learning performance; and 3) do any or each of these modes amplify applied learning performance when used in combination? Methodology: This study randomly assigned computer science students to one of four sections using different modalities. It used pretest scores on an applied exam as the co-variate, with post-test scores as the dependent variable. Results: Simulations improved learning performance over traditional classroom/lab instruction alone whereas live competitive activities did not. However, the greatest learning outcomes achieved was structured cybersecurity simulated environments combined with live competitive activities.
Conference Paper
Full-text available
Nowadays, basic cybersecurity education and awareness is deemed necessary, even for children as young as elementary school-aged. If knowledge on this topic is delivered in the form of a digital game-based activity, then it has greater chances of being more joyful and efficient. The paper at hand discusses the development of a novel mobile app called CyberAware, destined to cybersecurity education and awareness. At present, the game is designed for K-6 aged children and can be used to support either or both formal or informal learning. Also, due to its mobile nature, it can be experienced as an outdoor or classroom activity. Opposite to similar studies found in the literature so far, our attention is not solely drawn to game’s technological aspects but equally to the educational factor.
Article
Full-text available
The paper motivates, presents, demonstrates in use, and evaluates a methodology for conducting design science (DS) research in information systems (IS). DS is of importance in a discipline oriented to the creation of successful artifacts. Several researchers have pioneered DS research in IS, yet over the past 15 years, little DS research has been done within the discipline. The lack of a methodology to serve as a commonly accepted framework for DS research and of a template for its presentation may have contributed to its slow adoption. The design science research methodology (DSRM) presented here incorporates principles, practices, and procedures required to carry out such research and meets three objectives: it is consistent with prior literature, it provides a nominal process model for doing DS research, and it provides a mental model for presenting and evaluating DS research in IS. The DS process includes six steps: problem identification and motivation, definition of the objectives for a solution, design and development, demonstration, evaluation, and communication. We demonstrate and evaluate the methodology by presenting four case studies in terms of the DSRM, including cases that present the design of a database to support health assessment methods, a software reuse measure, an Internet video telephony application, and an IS planning method. The designed methodology effectively satisfies the three objectives and has the potential to help aid the acceptance of DS research in the IS discipline.
Article
Full-text available
We present a novel paradigm for providing authentic engineering experiences in the first year curriculum--engineering virtual internships--that is individualized but accommodates large numbers of students. Engineering virtual internships have been shown to increase women's interest in engineering degrees. We demonstrate that our approach (a) enables students to solve complex engineering problems in a mentored, collaborative environment; (b) allows educators to assess engineering thinking; and (c) provides an introductory experience that students enjoy and find valuable. When implemented in first-year engineering curricula more broadly, the potential impact of engineering virtual internships on the size and diversity of the engineering workforce may be dramatic.
Article
Full-text available
Educators and sponsors endorse competitions as a strong, positive influence on career choice. However, empirical studies of cybersecurity competitions are lacking, and evidence from computer science and mathematics competitions has been mixed. Here we report initial results from an ongoing study of the National Cyber League to provide a glimpse of the role of competitions in fostering cybersecurity career engagement. Preliminary results suggest that cyber competitions attract experienced individuals who will remain in the profession for the long-term, but future research is needed to understand how cyber competitions may engage women and those new to the field.
Article
Full-text available
An evidence-based framework offers a guide for efforts to increase student persistence in STEM majors.
Article
Full-text available
In December of 2009, several founders of the Information Systems (IS) academic discipline gathered for a panel discussion at the International Conference on Information Systems to present their visions for the future of the field, and their comments were summarized in the inaugural issue of TMIS [Davis et al., 2010; J. F. J. Nunamaker et al., 1991]. To assure a robust future, they argued, IS journals, conferences, reviewers, promotion committees, teachers, researchers, and curriculum developers must broaden the scope of IS. This article explores the need for a broader vision to drive future development of the IS discipline.
Book
Full-text available
Drawing on the foundational theories of John Dewey and Kurt Lewin, we examine recent developments in theory and research on experiential learning and explore how this work can enhance experiential learning in higher education. We introduce the concept of learning space as a framework for understanding the interface between student learning styles and the institutional learning environment. We illustrate the use of the learning space framework in three case studies of longitudinal institutional development. Finally, we present principles for the enhancement of experiential learning in higher education and suggest how experiential learning can be applied throughout the educational environment by institutional development programs, including longitudinal outcome assessment, curriculum development, student development, and faculty development.
Article
Full-text available
The paper motivates, presents, demonstrates in use, and evaluates a methodology for conducting design science (DS) research in information systems (IS). DS is of importance in a discipline oriented to the creation of successful artifacts. Several researchers have pioneered DS research in IS, yet over the past 15 years, little DS research has been done within the discipline. The lack of a methodology to serve as a commonly accepted framework for DS research and of a template for its presentation may have contributed to its slow adoption. The design science research methodology (DSRM) presented here incorporates principles, practices, and procedures required to carry out such research and meets three objectives: it is consistent with prior literature, it provides a nominal process model for doing DS research, and it provides a mental model for presenting and evaluating DS research in IS. The DS process includes six steps: problem identification and motivation, definition of the objectives for a solution, design and development, demonstration, evaluation, and communication. We demonstrate and evaluate the methodology by presenting four case studies in terms of the DSRM, including cases that present the design of a database to support health assessment methods, a software reuse measure, an Internet video telephony application, and an IS planning method. The designed methodology effectively satisfies the three objectives and has the potential to help aid the acceptance of DS research in the IS discipline.
Article
Full-text available
Two paradigms characterize much of the research in the Information Systems discipline: behavioral science and design science. The behavioral-science paradigm seeks to develop and verify theories that explain or predict human or organizational behavior. The design-science paradigm seeks to extend the boundaries of human and organizational capabilities by creating new and innovative artifacts. Both paradigms are foundational to the IS discipline, positioned as it is at the confluence of people, organizations, and technology. Our objective is to describe the performance of design-science research in Information Systems via a concise conceptual framework and clear guidelines for understanding, executing, and evaluating the research. In the design-science paradigm, knowledge and understanding of a problem domain and its solution are achieved in the building and application of the designed artifact. Three recent exemplars in the research literature are used to demonstrate the application of these guidelines. We conclude with an analysis of the challenges of performing high-quality design-science research in the context of the broader IS community.
Article
There’s no consensus on what constitutes a solid undergraduate cybersecurity education. With the upcoming release of CSEC2017 curricular guidelines from the Joint Task Force of the ACM, IEEE Computer Society, AIS, and IFIP, along with the proposed undergraduate cybersecurity accreditation criteria from ABET, now’s the perfect time to reexamine the future landscape in this space.
Conference Paper
As the world grows more technology involved, teaching some measure of cybersecurity has become imperative. Our research lab aims to help increase the cybersecurity interest and awareness among those of all ages. To aid us in this endeavor, we decided to introduce an interesting method that gamifies cybersecurity. Our methodology tests whether our new method is a viable vehicle for cybersecurity education. To do this, we asked participants to take surveys and included our own observations. We conclude our paper with our analysis of survey results and future improvements for an effective educational tool.
Article
This article presents the growth of cybersecurity education on American college campuses as a challenge and an opportunity for all librarians to liaise across schools and departments. Drawing on the experiences of one business and systems librarian serving as library liaison to the College of Business and the newly formed Cyber Institute at Augusta University, this article details the challenges of organizing to liaise with disparate constituencies in a new and rapidly growing subject area. In addition, it looks at the effects that the establishment of Army Cyber Command and the new cybersecurity studies program can have on librarianship now and in the future. Finally, this article considers the usefulness of this new liaison model in light of current and future innovations in higher education.
Article
With the increasing demand for cybersecurity professionals, the authors examined how business schools are meeting that demand, specifically the core requirements of their cybersecurity curricula related to information systems programs. They examined 518 Association to Advance Collegiate Schools of Business–accredited business schools in the United States and identified 278 schools that offered undergraduate information systems (IS) and information technology (IT) programs, of which 27 had cybersecurity programs. Both the IS 2010 curriculum model and Centers of Academic Excellence knowledge units are used to guide data collection. The top three security-related courses required are IT security, IT risk management/managerial issues, and digital forensics. A descriptive cybersecurity curriculum model is developed based on the results, which can also serve as baselines for future studies on business-school cybersecurity programs.
Article
This paper presents the main results of a large-scale survey on cybersecurity competition participants in the past decade. 588 participants of the Cybersecurity Awareness Week (CSAW) competition were surveyed with measures of personality, interests, culture, decision-making and attachment styles in an exploratory study designed to identify the characteristics of cybersecurity competition participants. Subgroups analyses were performed to examine individual differences between self-proclaimed hackers and non-hackers, males and females, and cybersecurity employees versus students. Regression analyses were used to identify variables that influenced the extent to which cybersecurity competitions were effective at convincing participants to pursue a future career in cybersecurity. Cybersecurity participants who displayed higher self-efficacy, rational decision-making style, and more investigative interests were more likely to declare an interest in a career in cybersecurity after the competition.
Article
Utilizing qualitative data gleaned from focus groups with adolescent girls participating in a cybersecurity summer program (N = 38, mean age = 16.3), this study examines the following research questions: (a) How do adolescent girls perceive the cybersecurity field? (b) What are the promising practices that engage girls in cybersecurity education? Guided by ecological and social role theories, findings reveal that single-sex collaborative settings with encouraging and supportive teachers and female mentors are practices that contribute to girls’ increased interest in the field of cybersecurity. Findings also suggest that an emphasis on creative and collaborative problem-solving processes and the real-world application inherent to cybersecurity are likely to increase girls’ engagement in the field. Results have implications for educators, researchers, and policy makers aiming to close gender gaps in the field of computer science and build interest in cybersecurity, an area of critical national need.
Article
There has been a heightened interest among U.S. government agencies to fund cybersecurity workforce develop-ment. These efforts include offering universities funding for student scholarships, funding for building capacity in cyberse-curity education, as well as sponsoring cybersecurity competi-tions, games, and outreach programs. This paper examines the effectiveness of cybersecurity competitions in educating students. Our study shows that though competitions do pique students' interest, the effectiveness of this approach in producing more high quality professionals can be limited. One reason is that the knowledge barrier to compete in these competitions is high. To be successful, students have to be proficient in operating systems, application services, software engineering, system administra-tion and networking. Many Computer Science and Information Technology students do not feel qualified, and consequently this reduces participation from a wider student audience. Our approach takes aims at lowering this barrier to entry. We employ a hands-on learning methodology where students attend lectures on background knowledge on weekdays and practice what they learn in weekend workshops. A virtual networking environment is provided for students to practice network defense in the workshops and on their own time.
Article
This paper presents the work done by the ACM ITiCSE, 2013 Conference Working Group (WG) on Cybersecurity, Women and Minorities: How to Succeed in the Career! The ITiCSE 2013 conference was held July 1-3, 2013, in Canterbury, United Kingdom. The overall goal of the WG was to conduct a preliminary investigation into the reasons behind the lack of women and minorities within the field of Cybersecurity. This is not just an issue of academic or research interest, but is important in ensuring that a greater number of women and minorities progress through a full career in Cybersecurity. There are currently no statistics available on the numbers of women and minorities either currently enrolled in or graduated from these programs. There is a need to explore the full range of factors that influence women and minority's decisions not to consider a career in Cybersecurity.
Conference Paper
Many popular and well-established cyber security Capture the Flag (CTF) exercises are held each year in a variety of settings, including universities and semiprofessional security conferences. CTF formats also vary greatly, ranging from linear puzzle-like challenges to team-based offensive and defensive free-for-all hacking competitions. While these events are exciting and important as contests of skill, they offer limited educational opportunities. In particular, since participation requires considerable a priori domain knowledge and practical computer security expertise, the majority of typical computer science students are excluded from taking part in these events. Our goal in designing and running the MIT/LL CTF was to make the experience accessible to a wider community by providing an environment that would not only test and challenge the computer security skills of the participants, but also educate and prepare those without an extensive prior expertise. This paper describes our experience in designing, organizing, and running an education-focused CTF, and discusses our teaching methods, game design, scoring measures, logged data, and lessons learned.
Conference Paper
This session reports on a workshop convened by the ACM Education Board with funding by the US National Science Foundation and invites discussion from the community on the workshop findings. The topic, curricular directions for cybersecurity, is one that resonates in many departments considering how best to prepare graduates to face the challenges of security issues in employment and future research. The session will include presentation of the workshop context and conclusions, but will be open to participant discussion. This will be the first public presentation of the results of the workshop and the first opportunity for significant response.
Conference Paper
An Alternate Reality Game (ARG) is a form of transmedia storytelling that engages players in scavenger hunt-like missions to collectively uncover, interpret, and reassemble the fragments of a story that is distributed across multiple media, platforms, and locations. ARGs are participatory experiences, because players have a central role in reconstructing the storyline. Furthermore, players interact with the game as themselves, not via avatars. Although transmedia formats like ARGs have garnered increasing attention in entertainment and education, most have been targeted for adults 18 and older. Few studies have explored the design process of education-based ARGs for children. In this paper, we detail the design and implementation of an ARG for middle school students (13--15 years old). We describe the strategies we used to distribute story elements across various media and to encourage players to participate in an authentic inquiry process. We found that a "protagonist by proxy", or in-game character with whom players related closely, served as a strong motivator and a model for positive participation. We highlight student interactions and offer insights for designers who implement ARGs and similar immersive learning experiences.
Conference Paper
Cybersecurity awareness and cyber skills training are vitally important and challenging. A huge number of attacks against everyday users occur routinely. Prevention techniques and responses are wide ranging but are only effective if used effectively. The objective of this research is to teach everyday users the requisite cybersecurity skills through gaming, beyond the current state of practice. Because the skill level of the trainees is also wide ranging, from causal computer users to software engineers to system administrators to managers, the games must also be capable of training this wide range of computer users. Computer games can provide a media for delivering training in an engaging format at levels appropriate for the individual trainees. In this paper we (1) describe the state of practice by describing the gaming tool used in most cyber challenges at high schools and colleges in the U.S, i.e., the cybersecurity gaming tool CyberNEXS™ (Science Applications International Corporation), (2) outline some of the additional topics that should be addressed in cybersecurity training and (3) note some other approaches to game design that might prove useful for future cybersecurity training game development beyond CyberNEXS.
Article
Cybersecurity challenges, such as capture-the-flag competitions, test multidisciplinary teams' security and hacking skills. Besides appealing to hackers' competitive nature, participation in these events has become essential to developing successful cybersecurity professionals. Competitors benefit by experiencing the adversarial nature of live cyberincidents akin to traditional military and law enforcement training. Industry, government, and academia benefit by using these competitions for training and to spot emerging talent.
Data
Two paradigms characterize much of the research in the Information Systems discipline: behavioral science and design science. The behavioral-science paradigm seeks to develop and verify theories that explain or predict human or organizational behavior. The design-science paradigm seeks to extend the boundaries of human and organizational capabilities by creating new and innovative artifacts. Both paradigms are foundational to the IS discipline, positioned as it is at the confluence of people, organizations, and technology. Our objective is to describe the performance of design-science research in Information Systems via a concise conceptual framework and clear guidelines for understanding, executing, and evaluating the research. In the design-science paradigm, knowledge and understanding of a problem domain and its solution are achieved in the building and application of the designed artifact. Three recent exemplars in the research literature are used to demonstrate the application of these guidelines. We conclude with an analysis of the challenges of performing high-quality design-science research in the context of the broader IS community.
Article
In recent years, libraries have made efforts to create games, often for the purpose of information literacy instruction. Games can provide an interactive alternative to traditional instruction by introducing research tools and resources while also teaching problem solving skills within a collaborative learning environment. Despite the benefits, the limited resources of most libraries make it difficult to build games that appeal to a generation of students accustomed to games like World of Warcraft. It is a challenge to find a balance between the right format and the available skills and assets. The desire to create an engaging game within the confines of existing resources led the University of Alabama Libraries to create the Web-based alternate reality game Project Velius. Serving the research needs of faculty and more than 30,000 students, the University Libraries are a vital part of Alabama's oldest public university. University of Alabama librarians leveraged popular social media sites and applications, including Facebook and YouTube, along with the story-driven alternate reality game format, to build a game that would engage undergraduate students. The game's two main goals were to provide informal information literacy instruction and highlight important library resources, balanced with the desire to provide a fun and interesting game experience. In the creation and execution of Project Velius, the librarians-turned-game developers learned much about this new medium, including the complexity of writing a compelling story, the importance of precisely tracking player progress, and the need for an easily re-playable game. Looking forward, the successes and shortcomings of this initial project will guide the plans and, through this article, hopefully help colleagues understand some of the challenges and rewards.
Article
This quasi-experimental study investigated a game intervention--specifically, an alternate reality game (ARG)--as a means to influence college students' physical activity (PA). An ARG is an interactive narrative that takes place in the real world and uses multiple media to reveal a story. Three sections of a college health course (n = 115 freshman students) were assigned either to a game group that played the ARG or to a comparison group that learned how to use exercise equipment in weekly laboratory sessions. Pre- and post-intervention measures included weight, waist circumference, body mass index (BMI), percentage body fat (PBF), and self-reported moderate physical activity (MPA) and vigorous physical activity (VPA), and PA (steps/week). A significant group x time interaction (p = .001) was detected for PA, with a significant increase in PA for the game (p < .001) versus a significant decrease (p = .001) for the comparison group. Significant within-group increases for weight (p = .001), BMI (p = .001), and PBF (p = .001) were detected. A significant group x time interaction (p = .001) was detected when analyzing self-reported VPA, with both groups reporting decreases in VPA over time; however, the decrease was only significant for the comparison group (p < .001). No significant group differences were found for MPA. It is important that any intervention meet the needs and interests of its target population. Here, the ARG was designed in light of the learning preferences of today's college students--collaborative and social, experiential and media-rich. Our results provide preliminary evidence that a game intervention can positively influence PA within the college student population.
Chapter
A model of instruction described by Wenger (1987) identifies three elements that are active during instruction: the mental model the instructor wishes to share with the learner, the external experience used to communicate the mental model, and the evolving mental model of the learner. Gibbons (2003a), writing in response to Seel (2003), noted this three-part description as a bridge concept relating learning and instruction. This view has important practical implications for designers of instruction. For example, Gibbons and Rogers (in press) propose that there exists a natural layered architecture within instructional designs that corresponds with instructional functions. Among these layers is the content layer, which determines the structural form in which learnable subject-matter is stored and supplied to the learner. This may include the expression of the content in terms of tasks, semantic networks, rules, or other structures. The designer’s com- mitment at the content layer strongly constrains all other parts of the design, making some future decisions imperative, some irrelevant, and defining the range of possibilities for still others. One possible content layer commitment is to select the model structure as the basic unit of analysis. Having made the model the primary content structure commitment influences designer choices within other layers. This chapter describes the implications for designers of a model content commit ment. It describes the constraints automatically placed on other layers of the design.
Article
This paper, develops the concept of epistemic frames as a mechanism through which students can use experiences in video games, computer games, and other interactive learning environments to help them deal more effectively with situations outside of the original context of learning. Building on ideas of islands of expertise [Crowley, K., & Jacobs, M. (2002). Islands of expertise and the development of family scientific literacy. In G. Leinhardt, K. Crowley, & K. Knutson (Eds.), Learning conversations in museums. Mahwah, NJ: Lawrence Erlbaum], communities of practice [Lave, J., & Wenger, E. (1991). Situated learning: Legitimate peripheral participation. Cambridge, UK: Cambridge University Press], and ways of knowing [Broudy, H. (1977). Types of knowledge and purposes of education. In R. C. Anderson, R. J. Spiro, & W. E. Montague (Eds.), Schooling and the acquisition of knowledge (pp. 1–17). Hillsdale, NJ: Lawrence Erlbaum], epistemic frames are described as the ways of knowing, of deciding what is worth knowing, and of adding to the collective body of knowledge and understanding of a community of practice. Data from two experiments [Shaffer, D. W. (2004a). Pedagogical praxis: the professions as models for post-industrial education. Teachers College Record, 106(7); Shaffer, D. W. (2004b). When computer-supported collaboration means computer-supported competition: professional mediation as a model for collaborative learning. Journal of Interactive Learning Research, 15(2); Shaffer, D. W. (2005a). Studio mathematics: The epistemology and practice of design pedagogy as a model for mathematics learning (WCER Working Paper Series No. 2005-3). Madison, WI: University of Wisconsin-Madison, Wisconsin Center for Educational Research] are used to show that students can incorporate epistemic frames into their identities when engaged in extended educational role-playing games. Epistemic frames are thus proposed as a possible mechanism through which sufficiently rich experiences in computer-supported games based on real-world practices may help students deal more effectively with situations in the real-world and in school subjects.
Conference Paper
The authors developed and tested a hyper-local air quality sensor network and a fictional game narrative to evaluate the pedagogical potential of Alternate Reality games for high school students in Los Angeles. This study examined how Deweyan concepts of learning can be applied to game play. The authors found that students developed a unique language to discuss real pollution issues within a fictional construct. Engaging in both civic engagement and educational rigor, student learning was situated in a framework of instruction John Dewey outlines as counter to traditional models of schooling. Despite limitations, including some authoritarian and competitive structures implicit in games, students found new reasons to communicate with real-world adults in verbal and written form. Game-based learning inspired substantial qualitative progress and high levels of engagement among students, compared to traditional teaching methods.
Article
In this article, I propose a theory of pedagogical praxis. Pedagogical praxis begins with the premise that under the right conditions, computers and other information technologies can make it easier for students to become active participants in meaningful projects and practices in the life of their community and suggests that professional practices such as architecture, mediation, and journalism can provide constructive models for helping students learn from such experiences. In this vision, new technology reinvigorates Dewey's (1915) idea of linking school with society. Technology builds a bridge that allows young people to participate in the learning practices of professionals; in the process, they develop epistemological frameworks that organize the skills, habits, and understandings they need to thrive in a complex, postindustrial society. Although further work needs to be done to explore the processes through which such learning can take place, studies suggest that this perspective may be a productive avenue for continuing research. This article presents an overview of the theories and methods that inform such work.
Article
This paper presents a simple and widely ap- plicable multiple test procedure of the sequentially rejective type, i.e. hypotheses are rejected one at a tine until no further rejections can be done. It is shown that the test has a prescribed level of significance protection against error of the first kind for any combination of true hypotheses. The power properties of the test and a number of possible applications are also discussed.
Striving for effective cyber workforce development
  • M Baker
Baker, M. (2016). Striving for effective cyber workforce development. Retrieved from https://resources.sei.cmu.edu/asset_files/ WhitePaper/2016_019_001_473577.pdf. Accessed 22 Jan 2021.
A cybersecurity camp for girls
  • C Cornel
  • C M Cornel
  • D C Rowe
  • S Moses
Cornel, C., Cornel, C. M., Rowe, D. C., & Moses, S. (2016, June). A cybersecurity camp for girls. In Conference for the American Society for Engineering Education.Washington, DC: ASEE.
This is not a game: Early observations on using alternate reality games for teaching security concepts to first-year undergraduates
  • T Flushman
  • M Gondree
  • Z N Peterson
Flushman, T., Gondree, M., Peterson, Z. N. (2015, August). This is not a game: Early observations on using alternate reality games for teaching security concepts to first-year undergraduates. In 8th Workshop on Cyber Security Experimentation and Test ({CSET} 15). Berkley, CA: USENIX.
Model-centered instruction
  • A S Gibbons
Gibbons, A. S. (2001). Model-centered instruction. Journal of Structural Learning and Intelligent Systems, 14, 511-540.
Worlding through play: Alternate reality games, large-scale learning, and The Source
  • P Jagoda
  • M Gilliam
  • P Mcdonald
  • C Russell
Jagoda, P., Gilliam, M., McDonald, P., & Russell, C. (2015). Worlding through play: Alternate reality games, large-scale learning, and The Source. American Journal of Play, 8(1), 74.
Preparing the pipeline: The U.S. cyber workforce for the future. Defense Horizons
  • D J Kay
  • T J Pudas
  • B Young
  • DJ Kay
Kay, D. J., Pudas, T. J., & Young, B. (2012). Preparing the pipeline: The U.S. cyber workforce for the future. Defense Horizons, 72(August), 1-16.
Women in cybersecurity
  • J Leclair
  • D Pheils
LeClair, J., & Pheils, D. (2016). Women in cybersecurity. Albany: NY: Excelsior College.
Alternate reality games for learning: A frame by frame analysis. Alternate Realities Games and the Cusp of Digital Gameplay
  • A Pellicone
  • E Bonsignore
  • K Kaczmarek
  • K Kraus
  • J Ahn
  • D Hansen
Pellicone, A., Bonsignore, E., Kaczmarek, K., Kraus, K., Ahn, J., & Hansen, D. (2017). Alternate reality games for learning: A frame by frame analysis. Alternate Realities Games and the Cusp of Digital Gameplay, 5, 78.