CAPTURE THE FLAG, ABET CAC-ACCREDITED CYBERSECURITY CURRICULUM AND NIST NICE FRAMEWORK: STUDY OF A HYBRID HIGHER EDUCATION MODEL IN DIGITAL FORENSICS

The worldwide need for highly skilled cybersecurity professionals have dramatically increased year by year, especially in the wake of fourth industrial revolution. Because of this demanding need, it is up to the higher education institutions to equip and train these budding professionals via curriculum, instruction and assessment. However, when traditional curriculum meets an ever-changing domain like cybersecurity, it often lack to identify various orientations of learners leading to loose transferability of knowledge and skills. When educators keep sticking to traditional instruction practices like lecture and lab-based activities even though tied to relevant student learning objectives and program educational objectives, it leads to a huge skills gap because cybersecurity industry demands time-sensitive critical thinking and complex challenge solving. One of the ways this gap can be addressed is through strategic partnership between academia and industry, and this is where a liaison NIST comes in.

NIST provides a National Initiative for Cybersecurity Education (NICE) framework to promote collaboration between academia and industry to bridge the ever-increasing training gap in cybersecurity. NICE provides a systematic and granular taxonomy, locally translated into its building blocks, called as -- NICE's Knowledge, Skills and Tasks (or KSTs) for at least fifty-two separate cybersecurity work roles. So, this dissertation explores a study on how academic curriculum, especially ABET CAC- accredited ones that are tied to specific SLOs and PEOs, can leverage the NICE framework. To integrate NICE framework into existing curriculum can be challenging as traditional lecture-based pedagogies limit the practical application of NICE's KSTs. This is where Capture the Flag (CTF) and underlying gamification principles comes into play. Gamification is simply defined as the use of game design elements in non-game contexts towards increasing engagement, motivation and better learning outcomes.

Therefore, in this dissertation, researchers explores a hybrid higher education model in Digital Forensics (a sub-domain of cybersecurity) which brings together NICE-by-design CTF framework and ABET CAC-accredited cybersecurity curriculum. The back-end design of this study is guided by behaviorism, cognitivism and constructivism --foundational adult education theories of learning. Finally, the implementation of this hybrid model (CTF + curriculum) is compared with traditional (curriculum --only) model to assess the enhancement (if any) in knowledge and skills in Digital Forensics domain via scores obtained on pre- and post-test.

The results from the one-way ANCOVA indicated a statistically significant difference between the participants who takes the hybrid model intervention (test group) vs those who don't (control group) after controlling for pre-test scores F(1, 23) = 33.096,p < .001, with a large effect size r = .51. This effect size meant that 51% of the variance in post-test scores can be attributed to the random group assignment (test or control) after accounting for pre-test performance. From the researchers end, after KST mapping was completed, it was concluded that through the proposed alignment, the pilot study covered - 46% NIST NICE Tasks, 46% NIST NICE Knowledge and 57% NIST NICE Skills in Digital Forensics work role. Thus, indicating there is much mapping left to explore in the next iteration of this study. After the CTF, participants were also asked to indicate their perception on alignment of NICE's KST alignment on each twenty-one CTF challenges. The results from descriptive statistics indicated most participants felt exercises were "aligned" to "strongly aligned" with some exercises coded as "neutrally aligned", indicating areas of improvement for researchers in the next iteration of the study. Through this first-of-its-kind pilot study conducted in the entire Midwestern region of the United States, researchers, in the end, shares technical, conceptual and theoretical best practices. The lessons learned will guide the future studies in scaling and long-term impact of hybrid instructional models across diverse learner populations and institutional settings.