Pause carousel
Play carousel
One-day workshop equips educators with practical skills for teaching cybersecurity in the classroom
The UK’s first-ever workshop focused on training educators in ethical hacking and cybersecurity took place at Abertay University as part of this year’s Cyber Scotland Week.
The National Teaching Ethical Hacking Workshop (NTEHW) was held at the University on Thursday 27 February 2025, providing a platform for teachers and lecturers from across Scotland to share best practices and explore innovative teaching methods in the field of ethical hacking.
This one-day event aimed to address the resource-intensive nature of teaching offensive cybersecurity while ensuring that students acquire hands-on, practical experience that aligns with the rapidly evolving industry landscape.
A range of presentations and discussions led by prominent academics in cybersecurity covered topics such as the use of cyber ranges for training, cloud-based hacking labs, and Virtual Desktop Infrastructure (VDI)-based hack labs. The sessions provided valuable insights into the latest tools that support ethical hacking education.
Attendees engaged with research-driven teaching methods, such as CHERI systems for memory safety, presented by Dr. Jeremy Singer from the University of Glasgow, and project-based learning for cyber-physical systems, discussed by Jenny Highfield and Alex Deverson from Cardiff University.
The workshop also addressed ethical and legal aspects of cybersecurity education. Dr Natalie Coull, Head of the Department of Cybersecurity and Computing, and Jamie O’Hare, Lecturer and Programme Leader of the BSc Ethical Hacking programme, led a session on supporting students facing disciplinary challenges related to hacking, fostering discussion on better academic approaches.
Jamie O’Hare said:
Teaching ethical hacking presents unique challenges, requiring rigorous technical training. This workshop has been an invaluable opportunity to bring together educators, share expertise, and strengthen our approach to cybersecurity education. By fostering collaboration, we can ensure students are equipped with the skills they need to thrive in this critical field.
Abertay made history in 2006 by becoming the first institution in the world to offer a degree in ethical hacking, pioneering academic programmes that address the growing demand for cybersecurity professionals.
Last year, Abertay was named Cyber University of the Year at the National Cyber Awards.
Event Programme
Session 1 – Teaching Environments
Cyber Ranges for Cybersecurity Training Prof. Shahid Raza & Dr Jeremy Singer (University of Glasgow)
Academics from the University of Glasgow will present a 15-minute lightning talk on the role of Cyber Ranges in cybersecurity training and exercises. This session will explore how Cyber Ranges provide realistic, hands-on environments for enhancing cybersecurity skills.
Procurement of a Cloud-based Virtual Hacking Lab Prof. Andreas Aßmuth (Kiel University of Applied Sciences)
Our university has procured a cloud-based virtual hacking lab for 2025. I will be using this from summer semester 2025 in the Introduction to IT Security and Digital Forensics courses. I will report on my initial experiences with this new virtual hacking lab.
OpenNebula: Our proposed VDI-based Hacklab Dr Karl Van Der Schyff (Abertay University)
This talk will introduce our proposed Virtual Desktop Infrastructure (VDI)-based Hacklab, built using OpenNebula. The session will explore how this setup for intended use in our teaching, discussing the advantages of leveraging OpenNebula for deploying virtualised lab environments, enabling hands-on learning, and facilitating realistic cyber exercises.
Session 2 – Teaching Practice
CHERI for Memory Safety: Research-Led Teaching in Cybersecurity Dr Jeremy Singer (University of Glasgow)
At the University of Glasgow, we anticipate delivering a new Masters in Cybersecurity starting Sep 25. We are currently putting the finishing touches to our degree programme structure and intended learning outcomes. We want to integrate compelling topics from our research projects into our Masters teaching. One such example, which I will outline in this presentation, is the study of new memory-safe processor hardware. With our students, we will motivate the need for spatial and temporal memory safety, then demonstrate how CHERI systems provide these facilities in a low-overhead manner. Practical demonstrations will involve Python code on an embedded FPGA development board.
Cyber Physical System Education Through Project Based Learning Jenny Highfield & Alex Deverson (Cardiff University)
The presentation will discuss the pedagogical approach of project based learning. Undergraduate students at Cardiff University have been involved in cybersecurity research (Operational Technology) through paid research associate roles, where they then applied their learnt skills and projects to inspire their final year dissertation projects. This talk will discuss the approach and the outcomes.
Revamping Our Core Penetration Testing Module Luke Weatherby-Boon (Abertay University)
This talk will explore the revamp of our core Penetration Testing module (CMP210/ CMP506), focusing on enhancing hands-on learning, real-world applicability, and industry alignment. We will discuss key updates, including the integration of modern attack techniques, emerging security tools, and interactive lab environments. The session will also highlight how we’ve incorporated feedback from students and industry professionals to create a more engaging and effective learning experience
Session 3 – Beyond Teaching
Insights from a Black Hat EU Scholarship Experience Neil Moir (Abertay University)
This talk offers a firsthand account of a student’s journey to Black Hat EU through the prestigious scholarship program. Sharing personal experiences, challenges, and key takeaways, this session will provide a unique student perspective on attending one of the world’s leading cybersecurity conferences. From engaging with top security professionals to exploring cutting-edge research and hands-on workshops, this talk will highlight the impact of the experience on both academic and professional growth.
Hacking, Ethics, and Exclusion Dr Natalie Coull & Jamie O’Hare (Abertay University)
This talk explores the challenges faced by cybersecurity academics when students run afoul of non-academic disciplinary actions related to hacking. Whether driven by curiosity, ethical dilemmas, or misunderstandings about cybersecurity experimentation, these situations create complex challenges for both students and educators. Drawing from our own experiences, we will examine the ethical, legal, and institutional factors that come into play when addressing these cases. Most importantly, we will discuss how the cybersecurity academic community can collaborate to develop better approaches.
Session 4 – Teaching Practice
Creating Authentic Command Line Interfaces in LaTeX Jamie O’Hare (Abertay University)
In this quick presentation, I will showcase a LaTeX-based approach to creating authentic command-line interface callouts for educational materials. By accurately mimicking real terminal outputs and prompts, this method bridges the gap between instructional content and practical implementation. The presented LaTeX code generates realistic, clean, and fully customisable command-line interfaces, enabling educators and students to provide examples that learners can copy and paste seamlessly into their native environments without formatting issues.
Developing Dynamic Linux Privilege Escalation Challenges with Docker Jonathan White & Alan Mills (University of the West of England)
This presentation will outline a novel method for delivering personalised, hands-on assessments in Linux privilege escalation for cyber security students. By integrating Capture-the-Flag (CTF) style challenges into a dynamic Docker environment, we ensure that each student experiences a unique set of tasks while maintaining equivalence in difficulty and learning outcomes. Building on prior laboratory exercises, students employ a range of skills such as enumeration, reconnaissance and brute forcing to progress through multiple user accounts, culminating in root access. For each of the five flags, several scenarios of comparable complexity are randomly selected and incorporated into a lightweight Docker container. This approach substantially reduces preparation overhead compared to traditional virtual machines, ensures rapid deployment on limited hardware, and minimises opportunities for academic misconduct.
