Building Capacity for Systems Thinking in Higher Education Cybersecurity Programs


  • Esther Enright Boise State University
  • Connie Justice Purdue School of Engineering and Technology, IUPUI
  • Sin Ming Loo Boise State University
  • Eleanor Taylor Idaho National Laboratory
  • Char Sample Idaho National Laboratory
  • D. Cragin Shelton Capitol Technology University


cybersecurity, systems thinking, active learning, higher education


The decentralized nature of cybersecurity programs in higher education leads to a lack of unifying knowledge, skills, and dispositions in the cybersecurity workforce. The emphasis on teaching the latest technologies and techniques without a sufficient foundation in systems thinking could result in graduating students without the capacity to function as constructive agents operating in complex systems. Having a unifying, cohesive cybersecurity systems framework can bridge some of these gaps. In this article, we argue that cybersecurity programs and courses must contextualize their instruction on a specific topic by teaching students to situate their learning on the system level. Additionally, we suggest that active learning strategies, in particular case study analysis and concept mapping, are particularly well suited to support this type of student learning. This article presents a cohesive framework for teaching systems thinking in cybersecurity programs and courses. The framework is designed to support meaningful reform in the currently decentralized, (mostly) unregulated academic ecosystem that manages the preparation of our cybersecurity workforce.