Skip to content Skip to footer

How to Coordinate Your Cybersecurity Curriculum

I am the Tech Lead at RITSEC, RIT’s Cybersecurity Club. One of my biggest challenges this year has been coordinating our curriculum between the education presentations and hands-on demos. I am responsible for the demos, while the Head of Education and presenter are responsible for the educational presentations. The development of these components is often completely separate from each other. Therefore, the contents of the demos and presentations has almost always been significantly different.

Additionally, we spend significant amounts of time doing the same work over-and-over again. Typically, the Tech Lead and presenter would independently look at last year’s presentation, and find some things that looked interesting. Then, they would come up with new ideas. The learning opportunities and ideas captured from previous years completely disappeared. It was clear that new solutions were needed to streamline our operations and offer a better experience to new members.

Tailoring Curriculum to Background Knowledge with Participant Profiles

One of our greatest challenges with curriculum development is ensuring that our content is approachable to students with no prior experience. Since our members come from a variety of majors, we cannot assume that they are taking certain classes. Instead, we must ensure that our content is continuous, and that slides only assume base knowledge on the previous weeks.

To ensure continuity in curriculum, we developed participant profiles. These are documents (one per week/topic) that track:

  • Background + Preexisting Knowledge
  • What to Evaluate and Why
  • Blocking Issues
  • How to Help Meet Objectives

All documents track a fictious member “Jane” who comes in with no experience. She is the prototype of what our “ideal” member looks like: no prior experience but shows up to all of our meetings and is engaged.

Background + Preexisting Knowledge

This step documents:

  • What we expect people to know (based on previous lessons)
  • The participant’s relevant thoughts/feelings
  • Other considerations to help meet our members where they are

For example, our Week 1 (Intro to Linux) participant profile says:

  • Jane is brand new to computer security and has no computer science background. 
  • She is very intimidated by the university environment, as well as CLI environments. 
  • Everything feels very foreign and scary, and she is filled with self-doubt. 
  • This week is pivotal for retaining her in future meetings.

As you can see, we address the technical and emotional state of our participant, as well as a note that this week is vital for future participation. With these considerations in mind, we can further address the needs of our members.

What to Evaluate and Why

Now that we have established where our members are, we now need to establish what we want them to learn. The content that we evaluate should be meaningful, so that we can be sure our members get the maximum value out of hands-on time. Therefore, we try to justify why the evaluated content matters.

Here is Week 1’s:

  • This week is critical to ensuring that she has the basic skill set to drive future learning.
  • This includes a basic understanding of command line interfaces and how Linux systems are structured.
  • Understanding the basics of navigating the file system is the highest priority, since that is instrumental to future learning
  • She should feel comfortable navigating the bash CLI and run common commands within the interface.

We have a clear purpose at the top: basic skill set to drive future learning. Everything we evaluate should be based around this basic skill set and future needs. If something does not drive future learning, then it may not be the best use of our, or our members’, time.

Blocking Issues

This section focuses mainly on where our members may be blocked. If we can identify these blocks before the Friday meeting, we can be prepared to help them through the blocking issues (either by changes to the demos or changes in how e-board supports students). Week 1 is a great example:

  • She is most likely to be blocked for three reasons:
    • A failure to understand what is expected
    • A failure to know the steps to implement said steps
    • Being overwhelmed generally
  • These can be mitigated through more precise questions, support from returning students, and positive reinforcement.

Here we have identified likely risks and created ways to mitigate them. While they may not address all of them, you can learn about common blocks from experience and reduce the friction that our members experience.

How to Help Meet Objectives

This section addresses specific things that club leadership should do to make sure that we are helping our member meet their objectives. It may be pointers on how we interact with them, changes to how we run our meetings, changes to the presentation or demos, or anything else. Here is week 1’s:

  • Returning students must patiently help participants throughout the process, especially on easy and medium challenges.
  • Returning students should also reinforce positive feedback to help build participant confidence. 
  • For this day, smaller group work would be good to both drive confidence and build strong relationships between returning and new members.

We have a clear set of changes that will allow our new members to have the greatest experience possible, and our returning members can be cognizant of these as they help new students.

Defining Technical Curriculum with Skill Cards

Now that we have addressed the high level needs of our members, we must now address the technical concepts to cover. Here are where skill cards come in. Skill cards enable our presenters and Tech Lead to be creative while providing a base list of educational concepts and inspiration. Our documentation covers the concept extensively:

To streamline the development of education slides and their related demos, RITSEC is trialing a system of Skill Cards. These cards help meet our objectives in several ways:

  • Provides a starting point for presenters to design presentations
  • Standardizes learning year-over-year while giving presenters the freedom to expand requirements
  • Allows for simultaneous development of presentations and demos while ensuring continuity between various components
  • Reduces the creative overhead for demo creation

Skill cards should not reduce creativity. Instead, they provide a baseline knowledge while giving presenters the freedom to expand. Ideas for expansion should be integrated into the cards, to help inspire future presenters. Skill cards are living documents, and presenters should help make them better for future years.

Skill Types

There are three types of skills:

  • Core skills (identified by “must”)
  • Supplementary skills (identified by “should”)
  • Advanced skills (identified by “can”)

Skills should, whenever possible, be written as an evaluable verb. This makes it easy for all parties involved to extract useful information. For example: participants must create a file, write to a file using nano, read a file using cat, and delete a file. This sentence communicates a lot of useful information to all relevant parties:

  • The presenter must cover this topic, and with a dedicated slide since understanding the skill is vital
  • The presenter must teach nano and cat, since there are many different tools to achieve the same result, and these tools are vital for working with other people in the club
  • The Tech Lead should build a challenge around these skills (likely an easy challenge since it is addressed in the presentation) or include these skills in another challenge
  • The club can assume that students will have this skill for future engagements, including future education sessions or interest group meetings

Core Skills

Core Skills are identified by “must.” They:

  • Are skills that are vital for participants to understand the topic or participate in further club activities
  • Must all be covered effectively in the education session
  • May be repeated throughout the education session to ensure understanding
  • Should be differentiated in some form from other skills featured in the education session
  • May be used for easy demos or be included in medium or hard demos as part of a greater objective

Supplementary Skills

Supplementary Skills are identified by “should.” They:

  • Are skills that are helpful to have, but may not be vital to understand the topic or participate in further club activities
  • Should be covered in the presentation subject to presenter or Head of Education discretion
    • Not all topics must be covered in the presentation, and the presentation can also cover topics outside of Supplementary Skills
  • Are subject to less scrutiny about delivery effectiveness than Core Skills
  • Form the basis of medium demos, or may be included in hard demos as part of a greater objective
  • May be included in Step 4 (“read more”) readings and Step 5 (“help members focus”) activities, primarily focusing on introductory students

Advanced Skills

Advanced Skills are identified by “can.” They:

  • Are skills that are good for in-depth understanding, but are not required for a basic understanding of the topic or for club contributions outside of specialization
  • Should only be included in the presentation if it does not significantly dilute the delivery or understanding of the topic
  • May form the basis of hard demos
  • May be included in Step 3 (“research presentations”), Step 4 (“read more”) readings, and Step 5 (“help members focus”) activities, primarily focusing on returning students

Curriculum Ideas

Ideas are different from the rest of the secionds, they can be:

  • Ideas for presentation or challenge demos
  • Uncategorized skills
  • Ideas for how to improve the presentations or demos

They allow for information to be carried year-over-year that may not be explicitly related to skills.

Skill Card/Curriculum Repositories

To reduce year-over-year workloads, stakeholders should keep skill cards up to date. To facilitate the continual development of these cards:

  • The Head of Education must facilitate the creation of a new Skill Card whenever a new topic is scheduled
    • Involved stakeholders must place the card in a shared folder and organized as appropriate
  • The Head of Education should encourage feedback from E-Board and active members of the club
  • Topic experts and presenters should place ideas in the respective skill cards
    • This will provide inspiration to future presenters
  • The Head of Education and Tech Lead must maintain the skill categories