We developed a novel microlearning approach and up-to-date curriculum for early- and mid-career cybersecurity professionals that supports anytime, anywhere learning. Called Cyber Attack!, it features brief 3- to 5-minute cyberthreat game scenarios from both the hacker and defender perspectives to support cybersecurity professionals in self-directed career learning. Each scenario reflects real world tasks and tools, and a series of quizzes. It also includes a cyberlibrary with more information about cyberthreats.
User testing resulted in high appraisals of the approach and preliminary evidence that these cyber microlessons motivate a form of self-directed learning, specifically, the skill of persisting after failure to master understanding of cybersecurity concepts, procedures, and tools. The field of cybersecurity offers many types of roles and jobs, not just the technical. However, it is challenging to convey the nature of these jobs to nontechnical audiences and youth. Cyber microlessons offer an engaging way to convey the technical and situational aspects of the work in a realistic workplace context. Users found the app to be an engaging way to “learn and grasp” cybersecurity topics compared to other learning resources. They saw it as particularly useful for reinforcing, refreshing, or reviewing content. Users liked having a choice of avatars, particularly those representing women.
Advisory panelists were Matthew Bishop, computer science professor from the University of California, Davis, Frank Marsaglia, emeritus instructor from Lincoln Land Community College, and Julia Bernd, instructional expert at the University of California, Berkeley’s International Computer Science Institute. Cybersecurity expert Jillian Carleton contributed to the development of the scenarios and cyberlibrary information. Aaron Spaulding advised on game design and backend data analytics. Rukman Senanayake advised on game concept, and Ken Wingerden advised on mobile app issues.
Rather than giving learners the lecture first, Cyber Attack! puts them right into making the kinds of decisions that a cybersecurity analyst or hacker makes. Learners get chances to guess a couple times and then take a mini-lesson. This approach gives learners information when they need it.
Each cybersecurity concept within the Cyber Attack! app is presented in a succinct easy-to-digest form called a mini-lesson. Learners look at these in the game only after they fail to make a sound decision in the Q&A section. This way, they look at them according to their need. These mini-lessons boil down the core information to what is needed to do the job.
Cyber Attack! also features a cyberlibrary with a collection of brief stories for learners to review with information on four different types of cyberthreats. Learners can also access Quick Facts and War Stories. In Quick Facts, they get the key information that they need in one condensed summary. In War Stories, they get a summary of famous or recent exploits ripped from the headlines
Defense and Offense
Every cyberthreat scenario in Cyber Attack! is presented from the perspectives of both the defender and the attacker. This unique structure allows learners to become stronger defenders against cyberthreats by understanding the motivations and strategies for attackers.
When learners go through each side of the game, they will see that each approach employs distinct strategies and tools. They will experience different steps in the process and work with different avatars who have different motivations and objectives.
This material is based upon work supported by the National Science Foundation under Grant No. DGE 1821666. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
Associated SRI team members