Cybersecurity students show higher engagement when the work feels tangible. A new study from Airbus Cybersecurity and Dauphine University describes what happens when courses move beyond lectures and place students inside structured hacking scenarios, social engineering exercises, and competitive games.
From theory fatigue to hands on pressure
Cybersecurity courses often emphasize tools, frameworks, and technical controls. The study highlights that common incidents still involve human behavior. Phishing emails, weak password practices, policy shortcuts, and misplaced trust remain frequent entry points into systems.
The researchers describe challenges in conveying these risks through lectures alone. Student engagement increased once the course asked participants to take on attacker, analyst, and incident response roles. In these exercises, students worked through scenarios based on known attack techniques and organizational weaknesses.
Each exercise ended with a written or verbal explanation of decisions made during the scenario. The authors report that this structure encouraged students to reflect on attack sequences and decision points rather than focusing only on outcomes.
Learning attacker logic step by step
The course opened with short foundational sessions on information systems, cryptography, and security lifecycles. Practical work followed quickly.
Early exercises focused on mapping attack paths against a simulated organization. Students identified exposed services, user behavior issues, and weak assumptions. Planning mattered more than tooling.
Later sessions moved students into threat intelligence roles. Groups reviewed published attack reports and summarized how adversaries operated. This helped connect abstract threat names to documented techniques.
The final technical scenario introduced digital forensics. Students examined files tied to a fictional kidnapping case. Hidden metadata, encrypted content, and planted clues required careful analysis rather than brute force.
The researchers observed that confidence grew over time. Students showed more persistence and were more willing to test ideas as the exercises progressed.
Turning insiders into the lesson
A major portion of the course focused on insider driven risk. The study divides this work into three categories: unintentional actions, intentional non malicious behavior, and deliberate misuse.
One exercise placed students in a lab environment with phishing emails. They marked which elements made messages seem trustworthy or suspicious. After reviewing the results together, students designed their own phishing messages using the same signals.
Another session staged a policy conflict. One group played security leaders drafting strict rules. Another group played employees looking for ways to get work done. The discussion exposed how rigid controls often lead to predictable workarounds.
The final insider exercise asked students to design future attack scenarios involving trusted users. Groups outlined attack paths and then discussed detection and response options.
These scenarios improved student awareness of social influence and ethical boundaries. Learners showed better understanding of how ordinary actions can escalate into incidents.
Capture the flag
The course ends with a capture the flag challenge spread across physical and digital spaces. Students unlock devices, decode clues, and interact with staff members who consented to participate. Each step requires technical skill, observation, and persuasion.
The researchers observed high levels of collaboration and competition during this phase. Some groups located more than one flag, showing persistence and adaptive thinking. Debrief sessions focused on which techniques were used and how similar attacks could be prevented in operational environments.
This final challenge linked technical hacking with social engineering, reinforcing the idea that security failures often depend on both.
Engagement driven by problem solving
The study leans on qualitative feedback, and student responses told a consistent story. Participants repeatedly described the course as challenging but engaging. Many highlighted the satisfaction of uncovering clues on their own and making sense of incomplete information. Group discussions grew more animated over time, and collaboration often carried on beyond the scheduled sessions.
That experience aligns with findings from an external study, which reported that 86% of hackathon participants take part primarily to learn, reinforcing the idea that challenge-driven formats resonate strongly with learner motivation.
Exam prep hacked: Study tips and tricks that really work