How students reason about Cybersecurity concepts

Despite the documented need to train and educate more cybersecurity professionals, we have little rigorous evidence to inform educators on effective ways to engage, educate, or retain cybersecurity students. To begin addressing this gap in our knowledge, we are conducting a series of think-aloud interviews with cybersecurity students to study how students reason about core cybersecurity concepts. We have recruited these students from three diverse institutions: University of Maryland, Baltimore County, Prince George's Community College, and Bowie State University. During these interviews, students grapple with security scenarios designed to probe student understanding of cybersecurity, especially adversarial thinking. We are analyzing student statements using a structured qualitative method, novice-led paired thematic analysis, to document student misconceptions and problematic reasonings. We intend to use these findings to develop Cybersecurity Assessment Tools that can help us assess the effectiveness of pedagogies. These findings can also inform the development of curricula, learning exercises, and other educational materials and policies.

[1]  R. Brown,et al.  Consideration of the origin of Herbert Simon's theory of “satisficing” (1933‐1947) , 2004 .

[2]  Michael C. Loui,et al.  Describing the What and Why of Students’ Difficulties in Boolean Logic , 2012, TOCE.

[3]  Douglas B. Clark,et al.  An Overview of Conceptual Change Theories. , 2007 .

[4]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[5]  Alan T. Sherman,et al.  Identifying Core Concepts of Cybersecurity: Results of Two Delphi Processes , 2018, IEEE Transactions on Education.

[6]  David Perkins,et al.  Fragile knowledge and neglected strategies in novice programmers , 1985 .

[7]  Michael C. Loui,et al.  Flip-Flops in Students' Conceptions of State , 2012, IEEE Transactions on Education.

[8]  Herbert A. Simon,et al.  The Sciences of the Artificial , 1970 .

[9]  Geoffrey L. Herman,et al.  Novice-led paired thematic analysis: A method for conceptual change in en- gineering , 2013 .

[10]  R. Glaser,et al.  Knowing What Students Know: The Science and Design of Educational Assessment , 2001 .

[11]  Martin C. Libicki,et al.  Hackers Wanted: An Examination of the Cybersecurity Labor Market , 2014 .

[12]  Steve Roach,et al.  Computer Science curricula 2013: getting involved and getting ready , 2013, SGCS.

[13]  Andrea A. diSessa,et al.  Coherence versus fragmentation in the development of the concept of force , 2004, Cogn. Sci..

[14]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[15]  Joint Task Force on Computing Curricula Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science , 2013 .

[16]  Michelene T. H. Chi,et al.  Commonsense Conceptions of Emergent Processes: Why Some Misconceptions Are Robust , 2005 .