Pedagogical Approach to Eﬀective Cybersecurity Teaching

. Initial research ruled out many factors that were thought may correlate to student academic performance. Finally, a strong correlation was found between their academic performance and their motivation. Following on from this research teaching practice was restructured to improve student motivation, engagement, and interest in cybersecurity by contextualizing teaching material with current real-world scenarios. This restructuring led to a very signiﬁcant improvement in student academic performance, engagement and interest in cybersecurity. Students were found to attend more of their lectures and practical sessions and that this had a strong positive correlation with their academic performance.


Introduction
Learning as a concept can mean different things to different people. Some might see it as a way of exploring a giving fact and driving a new meaning or understanding of an existing theory or fact. While others might just see it as an abstract form of knowing or memorizing an existing fact without the need to analyze or re-interpreted that fact into a body of knowledge. Learning can also be different depending on the size of the class and facilities used to convey such a message to the audience.
The need for careful and deliberate considerations in designing and implementing educational and training activities to enhance cybersecurity teaching and adaptability is of paramount importance, so as to make it more of an interactive, engaging and exciting discipline. The current skills gap in the field of cybersecurity is growing. Some employers have to wait for up to six months to the recruit suitable candidate for a role. Therefore; there is a need for a change in the pedagogical approach to teaching cybersecurity so as to provide the necessary technical skills to reduce the skills gap. The current practice makes use of some available tools and textbook oriented teaching methodologies.
In this paper, we explored the use of real-world and live scenarios with aid of available tools to contextual learning and teaching in cybersecurity so as to provide the concept of students as co-creators and higher learners rather than just presenting theoretical and textbook materials with some out of date scenarios.
This paper has drawn its data from a various practical approaches that have been tested with three sets of cohorts, where teaching materials are contextualized with real-world scenarios, judging the engagement of students within these cohorts in terms of their active engagement within and outside lectures with the teaching materials and teaching team. At the end of each cohort statistical data has been kept and evaluated to compare the end result both in terms of technical cybersecurity capability, obtaining placements/full-time work after graduation and final marks for taught cybersecurity and programming technical modules.
The rest of the paper is structured as follows: related background work in terms of teaching theories, pedagogy used in industrial controls systems and the use of available tools are presented. We then addressed the issues of technical programming skills and use of real-world examples to contextualize learning and its effect on enhancing teaching and learning in cybersecurity. The paper further presents our finding from a different set of cohort and compared this to available data when such methodologies have not been used. Finally, the paper then concludes with our concluding remarks and future study to enhance and provide a better road map and pedagogy for enhanced technical skills and students engagement for teaching cybersecurity.

Background
Ramsden (1992) classifies the concepts of learning into three main theories: teaching as a means of transmission, teaching as student activity and teaching as making learning possible [1]. The basic concept of the first theory lies in the fact that, the teacher is the main source of authoritative content/body of knowledge, while the student role is just a positive receiver of such knowledge; without the need of analyzing it. The theory utilize the input-output model without any processing in-between. It fosters a surface learning approach as explained by Biggs [2]. The theory is also of the opinion that there are good and bad students. If a student fails, it is entirely their fault but nothing to do with the teacher, programme or the institution. Biggs (1999) also discusses two concepts of constructive alignment: students get meaning from what they do to learn and teachers align such derivatives to planned learning activities with the expected learning outcomes [2]. Hence, constructive alignment is all about trying to associate assessment and outcomes. Ramsden's second theory was the principle that teaching is seen as a student activity [1]. The theory emphasis is on the need to establish procedural rules by improving teaching via the use of a set of strategies; the content not being important whereas the conditions of learning are. Ramsden's third theory focuses on the combination of the first two theories [1]. Saying that teaching is a process of making learning possible; hence, teaching, students, and subjects are inter-linked. Each takes their own responsibilities and work in harmony to enhance and provide a more positive environment. The major principle of this theory is that a teacher needs to en-gage with and get involved with their students by; encouraging students interest, demonstrating concern and respect for students, providing appropriate feedback, presenting students with clear goals, giving students independence and modifying ones teaching practice in response to student learning outcomes.
Development of reflective thinking and practice needs to be a cornerstone of each discipline and part of the pedagogy of teaching cybersecurity to students. This is, however, not an area of learning and teaching which is regularly discussed, despite being recognized across the literature as complex and challenging for lecturers for a variety of reasons teaching reflective practice is neither obvious or easy [3]. The range of reflective approaches available is extensive for example the work of [4] , [5], [6], [7], [8], [9], [10], [11] and [16]. The challenges of introducing reflective practice are varied. For example, the literature suggests that theory is needed to underpin learning as without a guiding theory/structure, student reflections may remain shallow, not providing the anticipated depth of learning [12]. However, use of simplified and technicity prescriptions in the implementation of a theory or structure can mean that reflection becomes a checklist ticking or recipe following exercise [13]. There is potential tension between reflection as a personal, individual experience but also one that is undertaken to be assessed [14]. The risk of gamification and emotional performativity in reflective assessment writing can arise with more sophisticated students [15]. Most resonant is Wongs (2016) experience that despite the introduction of models and examples and provision of writing examples and templates, it never quite works for them [17] and that many students still write descriptively rather than reflectively.
Cybersecurity students need to be proficient in computer programming. Much research has already been done on how to teach computer programming. A tremendous variation in the ability to learn computer programming was reported by Bishop-Clark as long ago as 1995 [27]. Ranjeeth and Naidoo (2007) used of statistical analysis of students performances in computer programming related assessments tasks to conclude the same [28]. However it is believed that an aptitude for computer programming is closely related to an aptitude for mathematics [29].
Student motivation has been found to play a large part in students learning programming [20] [21]. Learning how to motivate students will improve teacher effectiveness and student learning [22]. The motivating factors individual attitude and expectation, clear direction and reward and recognition have been identified [23] as have the ability to make decisions that positively affect the quality of your work and the perception that your work is interesting and challenging [24]. However, it may not be easy measuring the motivation of new students rather it is something that must be instilled by the teacher; this aligns with the theories put forward by Ramsden (1992) [1].
Statistical analysis by Turley and Bieman (1995) found that exceptional computer programmers were more likely to be people that saw the big picture, had a bias for action, were driven by a sense of mission, exhibited and articulated strong convictions, played a proactive role with management, and helped other programmers [18]. They also found that programming ability improved with ex-perience. Colley et al (1996) interviewed computer programmers and found that enjoying working with machines, liking technology and enjoying solving complex problems were linked to programming ability whereas being good at maths and being good at science were not [19].

Introducing Computing and Cybersecurity
In their first year, students were introduced to computer architecture and cybersecurity via lectures supported by formative self-assessment tests. There were two pieces of programming coursework which were designed to be very different. As many of the students had never programmed before, the first piece of coursework had the students doing a lot of repetitive programming under the guidance of their module tutors. They were required to write a computer program in the C programming language to emulate the instruction set of an 8-bit microprocessor. The objective was to get students familiar with both computer programming and computer architecture. This piece of coursework was designed to be grueling whereas the next was designed to be fun. The second piece of programming coursework had the students working on an open problem. They had to write software that controlled a battleship that they could see on a large screen. Their battleship bot was in competition with their fellow students bots, marks were allocated based on how many of their fellow student's battleship bots that they had sunk. This piece of coursework was aimed at developing students networking and problem-solving skills. To stretch the better students they were encouraged to think of creative solutions to this task. Students were not punished for using underhanded techniques such as man-in-the-middle or denial-of-service attacks against their fellow students but rewarded with bonus marks instead.
Student performance in both pieces of coursework was recorded along with their responses to a questionnaire, 76 students took part. The questionnaire contained questions relating to students programming experience, technology experience, problem-solving experience, work plans and programming attitude. • How much do you enjoy computer programming (Please answer 0 to 10 where 0=not at all, 10=very much)?
• How many hours a week did you spend doing your battleship bots assignment?
Similarly student performance in both pieces of coursework was recorded against their aptitude test results. A number of students volunteered to take the following aptitude tests; numeric (30), verbal (28) and non-verbal (25). The lessons learnt, from the student survey and aptitude tests, were then fed back into their teaching in following years.

Cybersecurity In-depth
Ramsden's (1992) third theory is applied to teaching cybersecurity in-depth. Teachers make use of a well-established framework rather than relying on an authoritative body of knowledge or an encyclopedic transmission of information to students. This theory works better if the teacher is able to be dynamic, reflective, make use of the wealth of experience form students and link the concept of teaching, student and subject by applying to real world and current examples to help students conceptualize the principles and how it can be applied in the world of work (WOW), we refer to this as a WOW factor. Being dynamic is part of the framework of teaching, using these principles helps students in understanding ideas and linking of ideas to form meaning wholes rather than just as a surface of possible facts and concepts. It also makes and identifies the big ideas that structured the course, as this might not be in any one part of the lectures or seminars or practicals. By way of linking this concept from session to session and pointing out the possible applications in life, it stimulates discussion and engagement with students in both large and small groups. Coursework marks and student attendance before and after the introduction of the new WOW teaching framework were recorded for later analysis. vbensk et all [25], has pointed out adversary thinking as an essential skill that is required for cybersecurity experts. These is enable them to understand possible cyber-attacks as well as to set up effective defences. Their study is based on a set of practical classroom scenarios that enables participants to cope with numerous interdisciplinary tasks throughout the semester while at the same time exercising a broad spectrum of technical and soft skills such as: system administration, penetration testing, game design, teamwork, project planning, communication, and presentation.
Rob Byrd [26], has also conducted a study that indicates/clarifies the importance of certain math topics as a core set of skills that is essential or crucial for the developing and can be helpful for a program of study in cybersecurity which will eventually that will enable such individual with this skill set to succeed in the profession and evolving cybersecurity environment.

Introducing Computing and Cybersecurity in the First Year
Student Prior Programming Experience It was reasonable to believe that those students with prior programming experience, either while at school or at work, would outperform the other students in their programming coursework. However, tests using Person Correlation showed that there was no significant correlation between the experience of programming at school or work and programming performance in their coursework, see Table 1. This was unexpected and is most likely explained by the students without prior experience quickly catching up with those that had prior experience.  Table 2, showed that none of these activities correlated to better performance in either piece of coursework.
Student Prior Problem Solving Experience Solving puzzles and playing chess involve the ability to apply concentration. The results of the Mann-Whitney Tests were very interesting, see Table 3. They showed that a like for solving puzzles did not help students with their first piece of coursework (U = 541, p = 0.914) but it was very helpful with their second piece of coursework (U = 309.5, p = 0.004) and similarly being good at Chess did not help students with their first piece of coursework (U = 595, p = 0.497) but it did help with their second piece of coursework (U = 470, p = 0.039). This is most likely explained by the nature of the two pieces of coursework, the first requiring a lot of directed repetitive programming and the second undirected problem-solving. This agrees with the findings of Colley et al (1996) were "enjoying solving complex problems" was one of the attributes linked to programming ability [19].
Student Plans for Work Students planning their work career has little effect on their performance in their first-year coursework, see Table 4, only the wish to work in a technical role had any correlation. Wishing to work in a technical role did not help with the first piece of coursework (U = 93.5, p = 0.094) but did help with the second piece of coursework (U = 80.5, p = 0.050). This is a similar result to enjoying solving puzzles and being good at chess. It may be those students who wish to work in a technical role enjoy the challenges that come with solving technical problems, again as found by Colley et al (1996) [19].

Student Attitude Towards Programming
It was believed if a student enjoyed programming then they would be more motivated when carrying out the programming components of their piece of coursework. The Pearson Correlation  Table 3. Correlation between student prior problem solving experience and their first year coursework performance test, shown in Table 5, shows a correlation between programming enjoyment and the marks received for the programming portion of each piece of coursework. For the first piece of coursework (r = 0.447, p = 0.000) the enjoyment of programming contributed 20% to the mark given and for the second piece of coursework (r = 0.303, p = 0.008) enjoyment contributed 9%. However we cannot say which is the dependent variable, it could be that when a student finds that they are good at programming the task becomes enjoyable. This result again agrees with the findings of Colley et al (1996) [19]. It is also reasonable to expect that the longer a student spent working on a piece of coursework the higher the mark that they would achieve. The Pearson Correlation test, see Table 5, showed that the time spent on the Emulator positively correlated (r = 0.292, p = 0.010) to the marks achieved, emulating an Intel 8080 microprocessor involved a lot of repetitive programming and the more time spent would expectantly lead to a higher mark. This link between student motivation and programming achievement was reported by Jiau et al (2009) and Serrano-Cmara et al (2014) [20] [21]. The contribution time made to the mark achieved, however, was not great (< 1%). There, however, was no strong correlation between the time spent working on the Battleship Bots piece of coursework and the mark achieved. This is most likely explained by the fact that the second piece of coursework required a brain, not brawn.

Student Aptitude Test Results
Aptitude tests are frequently used in industry as a means of selecting suitable applicants for jobs that entail computer programming. In the literature positive correlations have been found between the ability to score highly in numeric aptitude tests and the ability to programme computers. The Pearson Correlation test was used to determine the strength of the relationship between the students aptitude test results and their coursework performance; the results are shown in Table 6. No significant correlations were found between the numeric, verbal or non-verbal aptitudes of the students and their coursework performance. A possible correlation (< 1%) between the nonverbal aptitude of the students and the second piece of coursework may indicate that a strength in non-verbal reasoning may help with problem solving.

Cybersecurity In-depth
The coursework marks achieved by the 2015-16 cohort of year 2 students was compared to that of the 2016-17 cohort of year 2 students. The 2015-16 cohort was taught prior to the introduction of the new teaching framework, the WOW factor and the 2016-17 cohort after. The coursework marks were compared using the Wilcoxon Signed Ranks Test, it showed with 99.9% confidence that the marks were significantly different. Table 7 shows that the average coursework mark is significantly better for the 2016-17 cohort. This improvement was explained by students being more motivated and their improved attendance at both lectures and practical sessions where discussion of the latest cybersecurity news, and its implications, took place. This improvement agrees with results published in [20] [21]. A Pearson's Correlation Test between attendance (the independent variable) and the 2016-17 cohort coursework mark was carried out. It showed that with > 99.9% confidence that a positive correlation (R = 0.750) exists between student attendance and the coursework mark  Table 7. Average coursework marks for the year 2015-16 and 2016-17 cohorts that they achieve. Further, it implies that 56.3% of the coursework mark can be attributed to students attending their lectures and practicals. Figure 1 shows a scatter plot of coursework marks by student attendance.
Feedback from students has been highly positive. This includes students always eager to contribute their understanding of materials and applying it to current news/trends. Wanting to contribute in the lectures on how the topics linked to what is happening with the week. Waiting for lectures to discuss current trends, emailing staff with current trends in cybersecurity and talking to staff in the corridors. Some of the feedbacks include -"Lectures and Labs are interesting, I am always engaged, we cover interesting news which is useful." -"Good examples used/analogies and interactive in class".
-"Excellent contextualization of materials with real-world scenarios"

Conclusion
Very little correlation was found between students academic performance and their prior use of technology or the results of their aptitude tests. Where correlation was found it tended to relate to student motivation; this agreed with previously published work that student motivation was a key factor in their academic success. Items of interest that linked current topics being taught to current real-world events were gleaned from the news and other sources. Incorporating this material into a new teaching framework for the second-year students has significantly improved their academic performance. This success is attributed to their increased engagement and interest in applying their skills to real-world scenarios.