Introducing the Security Mindset
A SIGCSE 2023 Workshop
The “Teaching Security” lessons introduce foundational concepts in cybersecurity, including threat modeling, the importance of identity and authentication, and human factors in security. They are prepared by subject-matter experts with research backgrounds in the technical workings and social implications of cybersecurity. While our lessons were designed to meet the cybersecurity learning objectives in the AP Computer Science Principles framework, they are appropriate for any high school computer science class or program (including dedicated cybersecurity classes).
This will be an interactive workshop for CS educators at all levels; no previous cybersecurity experience is required. Participants will learn how to begin developing the “security mindset” by teaching students a simplified version of threat modeling (our introductory lesson). We will also introduce lessons on authentication and social engineering. In addition, the workshop will provide opportunities for attendees to share their own strategies.
Why teach cybersecurity? Cybersecurity is a growing job field — and even for students that don’t go on to pursue cybersecurity careers, it is crucial to have some level of security awareness! In addition, the real world implications and applied nature of the topic lends itself well to engaging a wide audience, key to catching the interest of a diverse group of students in CS at a younger age.
Presenters: Buffie Holley (Albemarle High School), Dan Garcia (University of California, Berkeley), and Julia Bernd (International Computer Science Institute)
Contact us with questions: firstname.lastname@example.org
Agenda for Workshop
- Brief introduction to the Teaching Security curriculum
- Model Lesson #1: “Cybersecurity Through Threat Modeling” — Part 1: Introduces students to the basic concepts of cybersecurity and the “Security Mindset” through a series of threat modeling exercises
- Model Lesson #1 — Part 2
- Model Lesson #2 (Abbreviated): “What Is Authentication and Why Do We Need It?”: The role of user identification and authentication in keeping systems secure
- Model Lesson #3 (Abbreviated): “Social Engineering: The Oldest Hack”: How both human nature and the structure of the Internet contribute to social engineering attacks
- Turning the Tables: Participants share their experiences (if any) teaching cybersecurity