Coltrane vision on cyber security teaching
The COLTRANE VISION on cybersecruity lies at the core of the COLTRANE Framework, is designed to give teachers and learners the opportunity to engage in cybersecurity learning in a different way. Replacing traditional frontal lectures is as overdue as the limitation of cybersecurity to mere technical content is removed from real life necessities. Therefore, COLTRANE follows an activity-based, problem-oriented, and collaborative teaching model that is aimed at raising awareness and understanding, not only of the problem/case to be solved, but also of the environment in which a cybersecurity issue occurs and of the impacts and consequences of an action.
This principle forces learners to critically reflect on the soundness of decisions they suggest and solutions they develop. From an educational perspective the major advantage of the COLTRANE model is that it allows a more interactive style of teaching, puts cybersecurity into a context that is of practical relevance, and allows the embedding of soft skills that are in high demand, such as communication, collaboration, problem solving, and working in multidisciplinary teams. The exercises and pracs designed around this model offer an additional major benefit in the form of making it easier for teachers to be more inclusive in terms of considering multilingual student teams, different professional backgrounds, knowledge, and diverse cultures.
The COLTRANE Framework
The COLTRANE Framework, following the principles established by the COLTRANE Model, such as openness to diversity and new teaching styles, equips cybersecurity educators with the necessary guidelines, processes and technology support required for delivering practically relevant cybersecurity education. Complemented by templates and a variety of examples/case studies, it equips educators with the tools necessary to provide learners with realistic situations in which they can apply and test their domain knowledge and their soft skills. As educator interests might range from the pure reuse of materials, to adaptations and making their own contributions, the COLTRANE Framework provides three core processes for teaching/learning unit development, preparation and integration, and the actual delivery. As reusability is a major goal of the COLTRANE Framework, it offers templates to allow the mapping of content to established curricular guidelines, such as CyBOK and the IEEE/ACM curricular documents. At the same time, to assure the relevance for practitioners, a mapping to the NIST/CSF Functions is provided. A repository containing guides for learners, educators, and management, templates for the development of contributions, fully developed models and technological infrastructure elements and suggestions facilitate the use and application of COLTRANE principles in cybersecurity teaching. The major strength of the COLTRANE Framework lies in its combination of highly interactive content delivery, the imbedding of soft skills, the use of current technology, realistic scenarios, the focus on collaborative awareness creation and problem understanding, complemented by its ability to incorporate established curricular guidelines. When fully deployed, including COLTRANE SPOD and the AIT Cyber Range, learners can be exposed to simulated situations that are a mirror of real-world cybersecurity events.
Core COLTRANE Process Architecture
The proposed process architecture is intended to cover the entire teaching cycle, which in our approach is structured into three main phases (see Fig.): Requirements elicitation, course/module configuration and course/module delivery. The requirements elicitation phase involves gathering information and feedback from various sources to understand the needs and requirements of learners, teachers and the market. In this phase, potential difficulties and needs can be identified to ensure that the course content is relevant, up-to-date and effective.
The course/module configuration phase involves the development of courses and modules based on the gathered requirements. In this phase, the curriculum is developed and the course content is elaborated, including learning objectives, teaching materials, examinations and evaluations. This phase also enables the course structure to be defined to ensure that the content is presented effectively and the learning objectives are achieved. The course/module delivery phase involves the implementation of the developed course and module. In this phase, the teaching and learning activities are carried out and the evaluation results are collected to ensure that the course content and teaching methods are effective and that the learners can achieve their learning objectives.
These phases form a logical sequence with possible feedback loops from course/module configuration and course/module delivery to requirements elicitation and from course/module delivery to course/module configuration. As this feedback can be either on the content developed or on the process phase, we follow Argyris’ proven double learning loop approach. This feedback mechanism is the central basis for maintaining and adapting process and content materials, which is essential in a field that is changing as fast as cyber security.