Curriculum Example

Building Foundational Skills

Kusto Query Language (KQL) Is the query language used by KC7 to conduct searches on tables of data.

This Guess Who-Inspired slide deck demonstrates some of the more applicable operators used to play KC7. This Is a useful Instructional activity to complete at the beginning of a student's Introduction to KC7.

KQL Guess Who Guide (no animations)

Critical Infrastructure Unit

This is the most recent cybersecurity unit I built and worked through with my students. The goal of this particular unit is for students to understand the role cybersecurity plays in securing the systems that maintain a functional society: power, water, healthcare, transportation, etc.

During week 1, students are asked to research sectors of the Cybersecurity and Infrastructure Security Agency (CISA), examine real-world incidents such as the Colonial Pipeline and Oldsmar Water Plant attacks, and act as incident response teams tasked with auditing a water supply company's infrastructure. This week culminates with an audit report and press briefing to deliver critical information to two very different audiences.

For week 2, students play through the KC7 module: Critical Compromise in Chicago where a threat actor causes a power outage. Throughout this week, students use KQL to sort through data tables to uncover an email phishing campaign, trace malware deployment reminiscent of the 2015 Ukrainian Power Grid attack, and observe the process the attacker takes to cover their tracks. Daily bellringers and mini-lessons highlight both the tactics, techniques, and procedures students will see during the module and the strategies needed to best query the data.

Week 3 asks students to understand the MITRE ATT&CK framework as it provides a playbook for which they can understand the process of the attacker. After mapping out the KC7 module attack, students are asked to prepare their investigation notes for presentation at the CTRL ALT DEFEAT cybersecurity conference. This scenario prepares the threat hunters of the future to understand how to best present sensitive, technical information to a general audience in an engaging way.

Critical Infrastructure - Unit Walkthrough

KC7 Module: Critical Infrastructure

Water Supply Plan Scenario Wk 1.3-4

Welcome to Blue River City

This video lays out the simulated experience where students will act as an incident response team for the Blue River City water supply plant.

Blue River City - Scenario Brief - 1741266383382.mp4

Breaking News

After preparing their briefing, students were shown the breaking news clip which is the result of private meetings being leaked. This challenges students to adapt on the fly to changing information.

Water Rumor Leak - 1740758344090.mp4

Handouts

City Brief: Protecting Blue River City’s Water System

Blue River City - Wk 1.3

Scenario Overview

Possible Threats Handout – “Threats to Blue River City’s Water System”

Blue River City - Wk 1.3

Water Plant Possible Threats

Critical Compromise in Chicago: Case Summary

Critical Compromise Case Summary - Wk. 2.1

Critical Compromise In Chicago: Threat Report

Critical Infrastructure Attribution Presentation

Ctrl Alt Defeat Conference Presentation - Wk 3.3

Attribution Activity

Student Work Samples

Student Example: Water Plant Security Audit - Breakpoint

This audit report was created by Breakpoint Security Co. for the administration of the Blue River City Water Supply Plant.

Student Example: Water Supply Plant Press Briefing - Breakpoint - 1742755041895.mp4

Breaking News: Breakpoint Security Co. responds to swirling rumors of contaminated water at press briefing!

This attribution report is a cybersecurity conference style presentation for the Critical Compromise KC7 Module. Open up to view presenter notes to read the narration.

Ryan - Critical Infrastructure - Blog Attribution

This article-style attribution report for the Critical Compromise module was done in the style of an article for the Chicago Times.

Breakpoint - Unscatter the SCADA - 1743027408545.mp4

Breakpoint's Ctrl Alt Defeat presentation: Scatter the SCADA makes the Chicago attack understandable and engaging to a general audience by relating it to Minecraft.

Observation Feedback from AP

This lesson feedback is for my second observation during the 24-25 school year and was conducted by Assistant Principal, Chris Johnstone. The lesson he observed would be from Day 3 of this unit when students were introduced to the Blue River City Water Supply Plant Scenario.

Quillen Observation #2 2024-25

Quotes from Bold Bear Publishing

An independent audit of my curriculum was conducted so I could better shape my materials for teachers and students in more than my classroom alone. My goal is to provide teachers with the supports they need to effectively engage students in cybersecurity education no matter where they are in their cyber journey.

Alignment and Appropriateness

"The content is well-suited for a secondary CTE program, ensuring relevance for high school students. It gives students the opportunity to work with standards that pertain to ‘durable skills’ such as communication, peer collaboration, and problem-solving."

Student Engagement and Accessibility

"The content effectively captures student interest through engaging warmups, real-world connections, localized material, and occasional humor, making lessons more relatable. Opportunities for peer collaboration are embedded throughout, and instructional materials, including slides and visuals, are appropriate and effective. Additionally, the use of scaffolding and tiered challenges supports student learning at different levels."

Assessment and Learning Outcomes

"The 5E Framework and IB approaches to learning are present in the instructional methodology, ensuring a structured progression of knowledge. Groupwork assessments, such as case summaries and attribution reports, provide opportunities for collaborative evaluation, while queries within the Encryptodera Module offer real-time feedback to support learning."

Report abuse