Jail, Hero or Drug Lord? Turning a Cyber Security Course Into an 11 Week Choose Your Own Adventure Story

Tom Chothia; Sam Holdcroft; Andreea Radu; Richard Thomas

Jail, Hero or Drug Lord? Turning a Cyber Security Course Into an 11 Week Choose Your Own Adventure Story

Tom Chothia, Sam Holdcroft, Andreea Radu, Richard Thomas

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

15 Citations (Scopus)

78 Downloads (Pure)

Abstract

In this paper we argue that narrative and story are important elements of gamification, and we describe a framework that we have developed which adds a story to an 11 week cyber security course. The students play the part of a new IT security employee at a company and are asked to complete a number of security tasks, for which they receive flags. The students can send the flags they find to a number of different characters to move the story along in different ways. As the story unfolds they find deceit, corruption and ultimately murder, and their choices lead them to one of three different endings. Our framework for running the story and the exercises is completely contained in a single VM, which the students each download at the start of the course. This means that no backend or cloud support is needed. We report on the results of qualitative and quantitative evaluations of the course that provides evidence that the story increased student engagement and results.

Original language	English
Title of host publication	2017 USENIX Workshop on Advances in Security Education (ASE 17)
Place of Publication	Vancouver, BC
Publisher	USENIX Association
Publication status	Published - 15 Aug 2017
Event	2017 USENIX Workshop on Advances in Security Education - Sheraton Vancouver Wall Centre Hotel, Vancouver, Canada Duration: 15 Aug 2017 → 15 Aug 2017 https://www.usenix.org/conference/ase17

Conference

Conference	2017 USENIX Workshop on Advances in Security Education
Abbreviated title	ASE '17
Country/Territory	Canada
City	Vancouver
Period	15/08/17 → 15/08/17
Internet address	https://www.usenix.org/conference/ase17

Bibliographical note

Funding Information:
Acknowledgement This work was supported by the grant GEN1214 from “The Higher Education Academy”.

Publisher Copyright:
© ASE 2017 - 2017 USENIX Workshop on Advances in Security Education, co-located with USENIX Security 2017. All rights reserved.

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

ase17PaperFinal published version, 1.12 MBLicence: Creative Commons: Attribution (CC BY)

https://www.usenix.org/conference/ase17/workshop-program/presentation/chothiaLicence: None: All rights reserved

Cite this

@inproceedings{4d86cfab1dad4986b97a704741975bd5,

title = "Jail, Hero or Drug Lord? Turning a Cyber Security Course Into an 11 Week Choose Your Own Adventure Story",

abstract = "In this paper we argue that narrative and story are important elements of gamification, and we describe a framework that we have developed which adds a story to an 11 week cyber security course. The students play the part of a new IT security employee at a company and are asked to complete a number of security tasks, for which they receive flags. The students can send the flags they find to a number of different characters to move the story along in different ways. As the story unfolds they find deceit, corruption and ultimately murder, and their choices lead them to one of three different endings. Our framework for running the story and the exercises is completely contained in a single VM, which the students each download at the start of the course. This means that no backend or cloud support is needed. We report on the results of qualitative and quantitative evaluations of the course that provides evidence that the story increased student engagement and results. ",

author = "Tom Chothia and Sam Holdcroft and Andreea Radu and Richard Thomas",

note = "Funding Information: Acknowledgement This work was supported by the grant GEN1214 from “The Higher Education Academy”. Publisher Copyright: {\textcopyright} ASE 2017 - 2017 USENIX Workshop on Advances in Security Education, co-located with USENIX Security 2017. All rights reserved.; 2017 USENIX Workshop on Advances in Security Education, ASE '17 ; Conference date: 15-08-2017 Through 15-08-2017",

year = "2017",

month = aug,

day = "15",

language = "English",

booktitle = "2017 USENIX Workshop on Advances in Security Education (ASE 17)",

publisher = "USENIX Association",

url = "https://www.usenix.org/conference/ase17",

}

Chothia, T, Holdcroft, S, Radu, A & Thomas, R 2017, Jail, Hero or Drug Lord? Turning a Cyber Security Course Into an 11 Week Choose Your Own Adventure Story. in 2017 USENIX Workshop on Advances in Security Education (ASE 17). USENIX Association, Vancouver, BC, 2017 USENIX Workshop on Advances in Security Education, Vancouver, British Columbia, Canada, 15/08/17. <https://www.usenix.org/conference/ase17/workshop-program/presentation/chothia>

TY - GEN

T1 - Jail, Hero or Drug Lord? Turning a Cyber Security Course Into an 11 Week Choose Your Own Adventure Story

AU - Chothia, Tom

AU - Holdcroft, Sam

AU - Radu, Andreea

AU - Thomas, Richard

N1 - Funding Information: Acknowledgement This work was supported by the grant GEN1214 from “The Higher Education Academy”. Publisher Copyright: © ASE 2017 - 2017 USENIX Workshop on Advances in Security Education, co-located with USENIX Security 2017. All rights reserved.

PY - 2017/8/15

Y1 - 2017/8/15

N2 - In this paper we argue that narrative and story are important elements of gamification, and we describe a framework that we have developed which adds a story to an 11 week cyber security course. The students play the part of a new IT security employee at a company and are asked to complete a number of security tasks, for which they receive flags. The students can send the flags they find to a number of different characters to move the story along in different ways. As the story unfolds they find deceit, corruption and ultimately murder, and their choices lead them to one of three different endings. Our framework for running the story and the exercises is completely contained in a single VM, which the students each download at the start of the course. This means that no backend or cloud support is needed. We report on the results of qualitative and quantitative evaluations of the course that provides evidence that the story increased student engagement and results.

AB - In this paper we argue that narrative and story are important elements of gamification, and we describe a framework that we have developed which adds a story to an 11 week cyber security course. The students play the part of a new IT security employee at a company and are asked to complete a number of security tasks, for which they receive flags. The students can send the flags they find to a number of different characters to move the story along in different ways. As the story unfolds they find deceit, corruption and ultimately murder, and their choices lead them to one of three different endings. Our framework for running the story and the exercises is completely contained in a single VM, which the students each download at the start of the course. This means that no backend or cloud support is needed. We report on the results of qualitative and quantitative evaluations of the course that provides evidence that the story increased student engagement and results.

M3 - Conference contribution

BT - 2017 USENIX Workshop on Advances in Security Education (ASE 17)

PB - USENIX Association

CY - Vancouver, BC

T2 - 2017 USENIX Workshop on Advances in Security Education

Y2 - 15 August 2017 through 15 August 2017

ER -

Jail, Hero or Drug Lord? Turning a Cyber Security Course Into an 11 Week Choose Your Own Adventure Story

Abstract

Conference

Bibliographical note

ASJC Scopus subject areas

UN SDGs

Access to Document

Fingerprint

Cite this