Teaching Cybersecurity in CSP (or Any CS Class):

Introducing the Security Mindset


A SIGCSE 2019 Pre-Symposium Workshop

Join us at SIGCSE 2019 for an introduction to the Teaching Security lessons!

Wednesday, February 27, 2019 (before SIGCSE proper)

8:30 a.m. to 12:00 noon

Greenway A (2nd floor), Hyatt Regency Minneapolis

Free and open to all!

The “Teaching Security” lessons introduce the broad idea of cybersecurity through threat modeling and the human-centered nature of authentication. They are prepared by subject-matter experts with research backgrounds in the technical workings and social implications of cybersecurity. While our lessons were specifically designed to meet the cybersecurity learning objectives in the AP Computer Science Principles framework, they are appropriate for any high school computer science class or program (including dedicated cybersecurity classes).

This will be an interactive workshop for CS educators at all levels; no previous cybersecurity experience required. Participants will learn how to begin developing the “security mindset” by teaching students a simplified version of threat modeling. We will also preview lessons on authentication and social engineering. In addition, the workshop will provide opportunities for attendees who teach cybersecurity learning objectives to share their own strategies.

Why teach cybersecurity? Cybersecurity is vital to a technology-driven society. Daily headlines demonstrate that we cannot ignore the potential security risks inherent to our increasingly more networked lives. Cybersecurity is a growing job field — but even for students that don’t go on to pursue cybersecurity careers, it is crucial to have some level of security awareness! But until very recently, young people were usually not introduced to the intrigue and opportunity of cybersecurity until advanced undergraduate CS courses. However, the real world implications and applied nature of the topic lends itself well to engaging a wide audience, key to catching the interest of a diverse group of students in CS at a younger age.

Presenters: Dan Garcia, Buffie Holley, Serge Egelman, (remotely) Maritza Johnson

Contact us with questions: contact@teachingsecurity.org

RSVPs encouraged but not required:

Draft Agenda for Workshop:
  • Opening: Welcome, overview of agenda, quick survey of attendees’ interests, introduction to the Teaching Security curriculum.
  • Model Lesson #1: Cybersecurity Through Threat Modeling: Presenters lead a model lesson that uses threat modeling exercises to introduce the “security mindset”. Will include breaks for questions, discussion, and feedback.
  • Break (30 min.)
  • Turning the Tables: Participants share their experiences (if any) teaching cybersecurity — favorite content, successes/teaching tips, challenges, frequent student questions or misconceptions.
  • Abbreviated Model Lesson #2: What Is Authentication and Why Do We Need It?
  • Other Resources: Presenters briefly cover our third lesson, on Social Engineering, and the resources on the Teaching Security website.
  • Technical Q&A: Presenters answer participants’ technical questions (“ask the experts”). (Depending on time.)
  • Closing: Wrap-up and request for feedback.

Laptops optional.