Lessons Learned from Using Cyber Range to Teach Cybersecurity at Different Levels of Education

Abstract

In today’s modern society, it is difficult, nearly impossible, to work and study effectively without using the internet. With services moving into cyberspace and the ever-increasing number of users, new cyber threats are emerging with the potential to cause devastation to both organizations and individuals. For this reason, it is necessary to educate users regardless of their age, gender, and qualification. This paper addresses the challenges associated with the need for cybersecurity education and presents lessons learned from applying an interactive and gamified approach within a cyber range (CR), a controlled environment that enables the deployment of virtual machines and networks for research, training, and testing purposes. In our work, we utilized the CR platform to teach cybersecurity at the primary, secondary, and high school levels of education. Through a series of tests, different approaches, surveys, and feedback collected from students and teachers, we identified their perceptions and critical aspects of CR-based cybersecurity education. We found that gamification positively influences learning, with students emphasizing the fun aspect and teachers highlighting engagement and motivation. Both groups value interactivity for developing practical skills and reinforcing theoretical concepts. Although scoring encourages competition, some students find it stressful. Similarly, penalizing hints can motivate problem solving, but may also deter those needing assistance. These and other findings presented in this paper may be useful for building and further developing cyber ranges to improve the effectiveness of teaching, learning and training cybersecurity.