A Longitudinal Study of Students in an Introductory Cybersecurity Course

Abstract

While some aspects of information assurance can be traced back to the earliest implementations of cryptography, the field of cybersecurity is relatively new, and thus, pedagogical “best practices” have not been adequately investigated. The tremendous growth within the field over the past two decades has resulted in a substantial number of organizations (academic, governmental and commercial) implementing a wide variety of educational approaches in an attempt to meet the growing demand for graduates and employees possessing skills in cybersecurity. This growth has been so rapid that no one has taken the time to ask the question: are we doing this the right way? In order for us to identify and promote instructional best practices within cybersecurity courses, an instrument capable of measuring these values is needed. This paper contains the results of the initial phase in our development of such an instrument. This work is a longitudinal and cross-sectional study of students enrolled in an introductory cybersecurity course. The purpose of the study is to identify course components and instructional approaches that affect both students’ success in the classroom and the likelihood that they will continue to pursue cybersecurity both in the classroom and as part of their career. Given the variation in the content being presented in such courses, we focus this effort on student characteristics that have been shown to lead towards success in the classroom and influence student career selection. These characteristics include self-efficacy in relation to cybersecurity, student interest in further coursework, and research or jobs that involve cybersecurity concepts3,12. By interviewing students enrolled in a cybersecurity course, at multiple points during the semester, we are able to identify student interests and perceptions of cybersecurity and document changes in student self-efficacy and interest that occur as the semester progresses. Furthermore, we identify pedagogical practices which students found most useful through this semester-long investigation. The results from this study will be used to construct a Likert-type scale survey that will allow cybersecurity educators to evaluate student outcomes consistently between various teaching approaches. This will allow for systematic, informed pedagogical changes to improve outcomes in the cybersecurity classroom.