Today’s cybersecurity and software development students spend years in the classroom honing their skills for gainful employment once they graduate. They’re being equipped with deep knowledge of application vulnerabilities, real-world attack scenarios, and extensive software development expertise that includes secure coding practices. The many students the universities are educating today are being better equipped than ever before. Most would agree that the best way to train someone is while they’re doing the activity themselves. For example, if someone wanted to train for a sporting competition of sorts, they would likely spend significant amounts of their training-time doing the sporting activity. In the world of sports, it seems that this type of training produces the best athletes. However, in comparison to cybersecurity training, are there any studies that demonstrate that this type of real-world training is capable of delivering the desired results? Fortunately, there is. In a recent webinar, Michael Workman, Ph.D., Professor at Texas A&M University discussed with Kurt Risley, Global SME Codebashing at Checkmarx about his recent study that demonstrated real-world simulated training produced the highest results in the context of secure coding education for tomorrow’s cybersecurity pros and software developers. In Michael’s study, he first broke down the four types of education and training he used for his students in various settings. They are as follows:
- Class / Reading / Labs / Quizzes-Tests
- Class / Reading / Labs / Simulation Challenges
- Class / Reading / Labs / Live Activities (e.g., Hackathon, Capture the Flag)
- Class / Reading / Labs / Simulations / Live Activities (e.g., Hackathon, Capture the Flag)