Lessons from the cybersecurity industry

By Katharine Childs. Posted

Using prompt cards and values cards can help to stimulate positive conversations about cybersecurity issues

Originally published in Hello World Issue 18: Cybersecurity, March 2022. All information true at the time of original publishing.

Cybersecurity topics in school computer science curricula often focus on defending against cybersecurity attacks and on understanding the ethical and societal implications of data privacy. In programming topics, however, a proactive approach to writing secure code is also important. A research project called Motivating Jenny (motivatingjenny.org), supported by the UK’s National Cyber Security Centre, has created a number of tools to help developers consider the security of their code and embed a workplace culture in which software security is seen as a fundamental value. Although this research has been conducted in industry, there are many ways in which educators can translate the findings into good classroom practice.

Real-world industry perspectives

In a 2019 study by the Motivating Jenny project, researchers took an ethnographic perspective. An ethnographic research study aims to find out more about the behaviours and routines of a group through direct observation, and researchers conducting this study met with professional developers in their workplaces to find out more about their beliefs, attitudes, and experiences with writing secure code. The write-up of the study provides a real-world example of a computing career and is useful for both teachers and pupils.

The researchers ran a series of workshops with groups of professional developers, with the aim of finding out more about how social interactions and a culture of software development contributed to supporting developers in writing secure code. In the first part of the workshop, participants read various examples of a security compromise that had taken place, each with a different focus or perspective. They then all read a first-person account of the impact of the security breach. Finally, the workshop concluded with a discussion of participants’ own experiences. Prompt cards and values cards kept the group conversations focused on attitudes, beliefs, and behaviours, to create discussions that were “refreshingly different” and “participatory”.

Applying findings to the classroom

The findings from the workshops were designed to be applied to professional settings. However, the themes that emerged could be equally relevant to the computing classroom:

Personal stories resonate:

Cybersecurity can often seem like an abstract or intimidating topic. However, all software and systems are designed and implemented by people. Consider how to use examples of real-life security compromises, such as the first-person account that was used in the research, in teaching and learning (helloworld.cc/firstperson).

Values can support positive discussions:

In the research, using values helped to create positive, non-confrontational conversations. Your school community is likely to have a set of values to help each pupil shape their understanding of the world. For example, a classroom wall display that links cybersecurity considerations to the school’s values is a powerful way of modelling this and providing discussion prompts.

Group discussion through play is effective:

The researchers gamified group discussions by using a timer and prompt cards. This provided a valuable structure to conversations and helped to give each participant a chance to speak. Consider how this approach could work when you are leading classroom discussions with your pupils.

Further reading


More articles from Hello World magazine

See more articles


Free - UK only

If you’re a UK-based teacher, volunteer, librarian or something in between, we'll send each issue free to your door.



Just want to read the free PDF? Get each new issue delivered straight to your inbox. No fuss and no spam.


From £6

If you’re not a UK-based educator, you can buy print copies from our store.