Cyber security exercises (CSE) are complex learning experiences aimed at developing expert knowledge and competence through simulation. In this paper we examine pedagogical issues relating to CES, from exercise design to training results and evaluation. In addition, we present a Deliberate Practice -oriented view on expert and competence development for CSEs. We use data gathered from multiple CSE cases, where we have collected field notes, observations, questionnaire results, and other documentary data while organizing these training events. Based on our observations and analysis, integrating pedagogical knowledge and focus with each phase in the CSE lifecycle, i.e. planning, implementation, and feedback phases, the training effectiveness can be improved. We also note that CSE evaluation requires systematic measurements of change ranging from customer experience to organizational change. We also outline avenues for further work relating to various aspects of expert knowledge development and training evaluation in the context of CSEs.
Mika Karjalainen, Tero Kokkonen, Samir Puuska
M. Karjalainen, T. Kokkonen and S. Puuska, “Pedagogical Aspects of Cyber Security Exercises,” 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Stockholm, Sweden, 2019, pp. 103-108.