Observations and reflections on teaching psychological principles and methods to cybersecurity students
Start date: 5 April 2017
Place of Publication: York
We aim to highlight what psychologists can offer to cybersecurity education. It is important to recognise that cybersecurity students may have a certain perception of what Psychology covers (e.g. that it focusses on treating psychological disorders). As a result, at the start of teaching we briefly cover what is and what is not Psychology, and differentiate between academic and ‘popular’ Psychology; this helps to contextualise the wider role of psychology in modern life. We will review how we have been involved in teaching psychology to cybersecurity undergraduate and postgraduate students, highlighting activities that engaged students and those that have been less successful. We focus particularly on social and cognitive psychology (to explain prevention and mitigation strategies for the targets of cybersecurity incidents) and individual differences (to explain the motivation of perpetrators). Psychologists are uniquely placed to also teach principles of research methods and ethics and we use practical activities demonstrate how recommendations based on Psychology can be put into practice. We found that students appreciate detail as to how research was conducted and they need to develop skills to allow them to consider different psychological methods to evaluate the security of online systems. As with all interdisciplinary teaching, materials need to be adapted effectively and we pay special attention to the consideration of characteristics of cybersecurity students in terms of teaching psychology in a way that will be accessible and engaging. We consider gender, life experiences, motivation to study, learning style, and educational stage. Finally, we offer some practical suggestions to incorporate psychology into cybersecurity curricula, e.g. from individual guest lectures/workshops to a full unit in Cyberpsychology.