This project will help motivate students early to pursue Cybersecurity careers by providing capture-the-flag (CTF) Cybersecurity contest that is scalable, effective, and approachable for a large and diverse group of students. This project will enhance PicoCTF 2013 organized by the Principal Investigator (PI) Brumley with more than 10,000 participating students from over 950 schools, making it the largest Cybersecurity competition ever held. The proposed research seeks to leverage CTF events to provide an engaging education environment that introduces middle and high school students to fundamental ideas in Cybersecurity. In addition, the proposed work will investigate novel ideas, including auto-generated problems and just-in-time teaching. The competition will be built on an open-source platform, using extensive collected data to evaluate the effectiveness of new techniques, and improve subsequent versions of PicoCTF. This data-driven approach, combined with efforts to integrate CTFs into the classroom will help expand the current scale of Cybersecurity education. The Secure and Trustworthy Cyberspace (SaTC) program funds proposals that address Cybersecurity from a Trustworthy Computing Systems perspective; a Social, Behavioral and Economic Sciences perspective; and proposals focusing entirely on Cybersecurity Education.
Large-scale Cybersecurity education currently takes predominately two forms: online classes with structured curricula and competitions with ad-hoc learning objectives. Massive open online courses (MOOCs) can be a cost-effective way to educate students at scale, but recent studies have found these courses suffer from extremely low retention rates and mostly serve students who have already completed undergraduate degrees. In contrast, large-scale CTFs succeed at engaging students, but often fail to help them learn new concepts or gain deep understanding. The proposed work will focus on a combined approach where CTFs promote initial encouragement and problem-driven engagement, which is backed-up by well-integrated learning materials. The project will have a considerable impact by improving both the quality and the scale of Cybersecurity education in the United States. By developing an integrated Cybersecurity curriculum, the proposed research will supplement the engaging nature of CTF competitions with a cohesive educational experience. PicoCTF will be provided as an open-source platform for running independent CTF competitions, allowing others to experiment with ideas of their own.
