Research Squid Works

  1. Home
  2. Training

Theory Behind Curriculum Design

The cyber domain is so interconnected and expansive that there is little chance of an expert knowing everything that they need to do their job on a day to day basis, much less a novice. A technical baseline is required to be successful, but for people who operate in this domain the majority of time is spent doing research and applying critical thinking to the complex interactions that occur at the boundaries between areas of knowledge. As a result, education that intends to prepare a student for success in this field must emphasize how a student should learn and the right way to approach problems, rather than what to learn and how to solve problems. Competency Based Education is designed to test mastery and develop the desired mindset through assessments, while still being accessible for the new student, which makes it the optimal framework to engineer a cyber education curriculum around.

The training portion of the site is designed to teach the competencies identified by the Cyber Intelligence Tradecraft Project. While the project was intended to identify the core competencies and skills required for cyber intelligence analysts, the items listed form the core competencies and skills for anyone hoping to participate meaningfully in the cyber domain.


Here is a link to download our proposal on this.

Applying Competency Based Education to Introductory Cyber Training

If you want to see the content for our introductory class, Foundations of Hacking, it is a text file at this link.

Theory Behind Site Design

In addition to the six competency areas laid out in the CITP framework, sections are added for introducing the theory behind the framework, the site the framework is hosted on, and building the student’s digital classroom.

Just as important as well designed competencies is the educational framework to host the training material and challenges. Without the ability to have an online space which seamlessly integrates the idea of competency based learning into its structure, the entire concept falls flat. Luckily there is Moodle, an open source course management system (CMS) licensed under the Gnu General Public License, which is designed to enable educators to build customized curricula for their students. Moodle has integrated support for CBE and allows the creation of competency frameworks to assess students. This natural integration allows educators to seamlessly create and modify frameworks, which improves the experience both for the content creators and those taking the course as no extra work needs to be done to adhere to CBE principles. Badges can be awarded in recognition of completing competencies, allowing a student to publicly demonstrate progress in their profile. Moodle also has a built in instant messaging system which enables students to receive instant assistance from educators. Due to the overall ease of use and tailored integration of CBE principles, Moodle CMS is the best option for building a framework to address the needs outlined in the paper.

It is not enough to create the training framework and have that stand alone. While the training is intended to teach and measure the application of skills, the best way for a novice to build real world skills is through competition. Whether that is through Jeopardy-style Capture the Flags, Attack/Defense Challenges, Policy Competitions, or Hackathons, nothing is better for developing a student than a time constrained competition on a subject they have not had experience with before. These competitions mirror the real time learning required to be successful in the field, and are the most accurate measure of ability available. As most competitions are team based, these events also build important interpersonal skills in addition to technical skills, providing experiences and knowledge that are impossible to simulate in an academic setting. These competitions can be integrated with the competency framework for education and exposure, but will also be used by advanced members and educators as ways to stay sharp and continue the process of lifelong learning essential for this field. Any site that hosts training should have its own competitive teams, as well as host their own internal competitions and occasional public events for recruiting.

Along with the training and competition, a site hoping to be successful must build a strong community. The strength of any site, from GitHub to HackForums, is drawn from the strength of the community. The willingness to teach, to help, and to learn is what differentiates the great sites from the good sites, because no matter how good the content is, it doesn’t mean much if there is no one to share it with. By engineering the community properly, a site can cultivate the culture required to be successful and grow. An active forum is an excellent indicator of the strength of a community, and should be a centerpiece of the website. Hackers have historically been known to congregate on Internet Relay Chat (IRC) but recent years have seen the rise of Slack, so it is recommended that a community have both of those available. Social media, especially Twitter, is essential for recruiting and passing word. Overall, anything that keeps people on the site and engaged is a net positive, so engineering places where members can be active, constantly applying or creating knowledge, should always be a priority.