Cybercamp: an experience report on the transformations of an intensive Cybersecurity summer camp for high school students
Abstract
I. Introduction
The Cybercamp is an intensive Cybersecurity summer program for high school students that has been continuously offered since 2016 at the University of Puerto Rico, a Hispanic-serving institution. Originally conceived as part of a National Science Foundation initiative to build cybersecurity capacity at the University of Puerto Rico, the Cybercamp has undergone significant transformations in response to budget constraints, natural disasters, and the COVID-19 pandemic. These adaptations have resulted in a sustainable, resource-efficient, and replicable model for teaching cybersecurity in resource-constrained environments.
The Cybercamp is structured around nine core modules:
- Introduction to Cybersecurity
- Introduction to the file system
- Intro to the Unix command line
- Phishing
- Hashing and Password cracking
- Introduction to Computer Networks
- Network Forensics
- Introduction to Computer Forensics
- Introduction to Cryptography
II. Educational Materials
Each module integrates lectures, short videos, culturally relevant case studies, quizzes, and Capture The Flag (CTF)-style exercises [1],[2]. The camp culminates in a group-based CTF competition designed to consolidate knowledge through collaborative problem-solving. By embedding local case studies and culturally responsive teaching practices [3], the program enhances student engagement and situates cybersecurity concepts in meaningful contexts.
The delivery of the Cybercamp relies on open-source tools and a virtualized infrastructure that minimizes costs while maximizing accessibility. Exercises are conducted on virtual machines running Kali Linux Operating System[4], hosted in a small departmental virtualization cluster. This infrastructure ensures equitable access, enabling remote participation even during crises such as the COVID-19 lockdown. Educational materials were developed in alignment with Universal Design for Learning (UDL) guidelines to support students with diverse learning needs and limited technological resources [5]-[7].
Active learning is central to the Cybercamp’s pedagogy [8]-[10]. Hands-on tasks and CTF challenges encourage students to apply theoretical knowledge in practical scenarios, with quizzes and iterative feedback sustaining engagement. Peer-leaders, undergraduate students, many of whom are camp alumni, play a critical role by providing mentorship, academic support, and cultural relatability. Their involvement not only reduces attrition but also fosters a collaborative learning environment where participants support one another.
III. Lessons Learned
Over nine years of implementation, several lessons have emerged. Introducing the Unix command line remains a pedagogical challenge, but limiting content to essential commands has proven effective. Embedding culturally and socially relevant case studies [11]-[13], such as cyberattacks on Puerto Rican infrastructure, has increased student interest and participation. Most importantly, implementing UDL practices has resulted in flexible materials resilient to disruptions caused by natural disasters and pandemics.
IV. Learning Evaluations and Outcomes
Learning outcomes are evaluated through pre- and post-tests, continuous quizzes, and final CTF performance. Results indicate significant learning gains: in recent years, 100% of participants achieved at least 80% on module quizzes, and all successfully completed hands-on activities. Anecdotal evidence further suggests that participation in the Cybercamp has motivated several alumni to pursue higher education in computing and cybersecurity-related fields.
V. Conclusion
In conclusion, the Cybercamp experience demonstrates that intensive, hands-on cybersecurity training can be delivered effectively in resource-limited contexts. Through the integration of active learning, UDL, and culturally responsive pedagogy, the program provides a replicable model for broadening participation in cybersecurity education while fostering awareness, confidence, and foundational skills among high school students.
References
[1] J. Vykopal, V. ˇSv´abensk`y, and E.-C. Chang, “Benefits and pitfalls of using capture the flag games in university courses,” in Proceedings of the 51st ACM Technical Symposium on Computer Science Education, 2020, pp. 752–758. [Online]. Available: https://doi.org/10.1145/3328778.3366893
[2] K. Leune and S. J. Petrilli Jr, “Using capture-the-flag to enhance the effectiveness of cybersecurity education,” in Proceedings of the 18th annual conference on information technology education, 2017, pp. 47–52. [Online]. Available: https://doi.org/10.1145/3125659.3125686
[3] F. M. Mensah, “Culturally relevant and culturally responsive,” Science and Children, vol. 58, no. 4, pp. 10–13, 2021.
[4] R. Messier, Learning Kali Linux: Security testing, penetration testing & ethical hacking. O’Reilly Media, Inc., 2024.
[5] CAST. (2018) Universal design for learning guidelines version 2.2. Ac- cessed: 2023-08-15. [Online]. Available: https://udlguidelines.cast.org/
[6] A. Meyer, D. H. Rose, and D. Gordon, “Universal design for learning: Theory and practice,” (No Title), 2014.
[7] S. Burgstahler, “Universal design: Implications for computing education,” ACM Transactions on Computing Education (TOCE), vol. 11, no. 3, pp. 1–17, 2011. [Online]. Available: https://doi.org/10.1145/2037276.2037283
[8] S. Freeman, S. L. Eddy, M. McDonough, M. K. Smith, N. Okoroafor, H. Jordt, and M. P. Wenderoth, “Active learning increases student performance in science, engineering, and mathematics,” Proceedings of the national academy of sciences, vol. 111, no. 23, pp. 8410–8415, 2014. [Online]. Available: https://doi.org/10.1073/pnas.1319030111
[9] J. J. McConnell, “Active learning and its use in computer science,” in Proceedings of the 1st Conference on integrating Technology into Computer Science Education, 1996, pp. 52–54. [Online]. Available: https://doi.org/10.1145/237466.237526
[10] R. Caceffo, G. Gama, and R. Azevedo, “Exploring active learning approaches to computer science classes,” in Proceedings of the 49th ACM Technical Symposium on Computer Science Education, 2018, pp. 922–927. [Online]. Available: https://doi.org/10.1145/3159450.3159585
[11] C. Ashcraft, E. Eger, and M. Friend, “Girls in it: The facts,” National Center for Women & IT. Boulder, CO, 2012.
[12] J. J. Ryoo, T. Tanksley, C. Estrada, and J. Margolis, “Take space, make space: How students use computer science to disrupt and resist marginalization in schools,” Computer Science Education, vol. 30, no. 3, pp. 337–361, 2020. [Online]. Available: https://doi.org/10.1080/08993408.2020.1805284
[13] M. Buckley, H. Kershner, K. Schindler, C. Alphonce, and J. Braswell, “Benefits of using socially-relevant projects in computer science and engineering education,” in Proceedings of the 35th SIGCSE technical symposium on Computer science education, 2004, pp. 482–486. [Online]. Available: https://doi.org/10.1145/971300.971463
We decided to go with the Extended Abstract for the conference and full paper for the Journal
MS #1173 - Attention to Reviewer Comments.pdf (52 kB)
Minor Revision Attention
Cybercamp: an experience report on the transformations of an intensive Cybersecurity summer camp for high school students
I. Introduction
The Cybercamp is an intensive Cybersecurity summer program for high school students that has been continuously offered since 2016 at the University of Puerto Rico, a Hispanic-serving institution. Originally conceived as part of a National Science Foundation initiative to build cybersecurity capacity at the University of Puerto Rico, the Cybercamp has undergone significant transformations in response to budget constraints, natural disasters, and the COVID-19 pandemic. These adaptations have resulted in a sustainable, resource-efficient, and replicable model for teaching cybersecurity in resource-constrained environments.
The Cybercamp is structured around nine core modules:
- Introduction to Cybersecurity
- Introduction to the file system
- Intro to the Unix command line
- Phishing
- Hashing and Password cracking
- Introduction to Computer Networks
- Network Forensics
- Introduction to Computer Forensics
- Introduction to Cryptography
II. Educational Materials
Each module integrates lectures, short videos, culturally relevant case studies, quizzes, and Capture The Flag (CTF)-style exercises [1],[2]. The camp culminates in a group-based CTF competition designed to consolidate knowledge through collaborative problem-solving. By embedding local case studies and culturally responsive teaching practices [3], the program enhances student engagement and situates cybersecurity concepts in meaningful contexts.
The delivery of the Cybercamp relies on open-source tools and a virtualized infrastructure that minimizes costs while maximizing accessibility. Exercises are conducted on virtual machines running Kali Linux Operating System[4], hosted in a small departmental virtualization cluster. This infrastructure ensures equitable access, enabling remote participation even during crises such as the COVID-19 lockdown. Educational materials were developed in alignment with Universal Design for Learning (UDL) guidelines to support students with diverse learning needs and limited technological resources [5]-[7].
Active learning is central to the Cybercamp’s pedagogy [8]-[10]. Hands-on tasks and CTF challenges encourage students to apply theoretical knowledge in practical scenarios, with quizzes and iterative feedback sustaining engagement. Peer-leaders, undergraduate students, many of whom are camp alumni, play a critical role by providing mentorship, academic support, and cultural relatability. Their involvement not only reduces attrition but also fosters a collaborative learning environment where participants support one another.
III. Lessons Learned
Over nine years of implementation, several lessons have emerged. Introducing the Unix command line remains a pedagogical challenge, but limiting content to essential commands has proven effective. Embedding culturally and socially relevant case studies [11]-[13], such as cyberattacks on Puerto Rican infrastructure, has increased student interest and participation. Most importantly, implementing UDL practices has resulted in flexible materials resilient to disruptions caused by natural disasters and pandemics.
IV. Learning Evaluations and Outcomes
Learning outcomes are evaluated through pre- and post-tests, continuous quizzes, and final CTF performance. Results indicate significant learning gains: in recent years, 100% of participants achieved at least 80% on module quizzes, and all successfully completed hands-on activities. Anecdotal evidence further suggests that participation in the Cybercamp has motivated several alumni to pursue higher education in computing and cybersecurity-related fields.
V. Conclusion
In conclusion, the Cybercamp experience demonstrates that intensive, hands-on cybersecurity training can be delivered effectively in resource-limited contexts. Through the integration of active learning, UDL, and culturally responsive pedagogy, the program provides a replicable model for broadening participation in cybersecurity education while fostering awareness, confidence, and foundational skills among high school students.
References
[1] J. Vykopal, V. ˇSv´abensk`y, and E.-C. Chang, “Benefits and pitfalls of using capture the flag games in university courses,” in Proceedings of the 51st ACM Technical Symposium on Computer Science Education, 2020, pp. 752–758. [Online]. Available: https://doi.org/10.1145/3328778.3366893
[2] K. Leune and S. J. Petrilli Jr, “Using capture-the-flag to enhance the effectiveness of cybersecurity education,” in Proceedings of the 18th annual conference on information technology education, 2017, pp. 47–52. [Online]. Available: https://doi.org/10.1145/3125659.3125686
[3] F. M. Mensah, “Culturally relevant and culturally responsive,” Science and Children, vol. 58, no. 4, pp. 10–13, 2021.
[4] R. Messier, Learning Kali Linux: Security testing, penetration testing & ethical hacking. O’Reilly Media, Inc., 2024.
[5] CAST. (2018) Universal design for learning guidelines version 2.2. Ac- cessed: 2023-08-15. [Online]. Available: https://udlguidelines.cast.org/
[6] A. Meyer, D. H. Rose, and D. Gordon, “Universal design for learning: Theory and practice,” (No Title), 2014.
[7] S. Burgstahler, “Universal design: Implications for computing education,” ACM Transactions on Computing Education (TOCE), vol. 11, no. 3, pp. 1–17, 2011. [Online]. Available: https://doi.org/10.1145/2037276.2037283
[8] S. Freeman, S. L. Eddy, M. McDonough, M. K. Smith, N. Okoroafor, H. Jordt, and M. P. Wenderoth, “Active learning increases student performance in science, engineering, and mathematics,” Proceedings of the national academy of sciences, vol. 111, no. 23, pp. 8410–8415, 2014. [Online]. Available: https://doi.org/10.1073/pnas.1319030111
[9] J. J. McConnell, “Active learning and its use in computer science,” in Proceedings of the 1st Conference on integrating Technology into Computer Science Education, 1996, pp. 52–54. [Online]. Available: https://doi.org/10.1145/237466.237526
[10] R. Caceffo, G. Gama, and R. Azevedo, “Exploring active learning approaches to computer science classes,” in Proceedings of the 49th ACM Technical Symposium on Computer Science Education, 2018, pp. 922–927. [Online]. Available: https://doi.org/10.1145/3159450.3159585
[11] C. Ashcraft, E. Eger, and M. Friend, “Girls in it: The facts,” National Center for Women & IT. Boulder, CO, 2012.
[12] J. J. Ryoo, T. Tanksley, C. Estrada, and J. Margolis, “Take space, make space: How students use computer science to disrupt and resist marginalization in schools,” Computer Science Education, vol. 30, no. 3, pp. 337–361, 2020. [Online]. Available: https://doi.org/10.1080/08993408.2020.1805284
[13] M. Buckley, H. Kershner, K. Schindler, C. Alphonce, and J. Braswell, “Benefits of using socially-relevant projects in computer science and engineering education,” in Proceedings of the 35th SIGCSE technical symposium on Computer science education, 2004, pp. 482–486. [Online]. Available: https://doi.org/10.1145/971300.971463