Evaluating Cybersecurity Class Activities Based on the Cognitive Continuum Theory: An Exploratory Case Study


  • Thomas Heverin The Baldwin School, Bryn Mawr, USA
  • Addison Lilholt The Baldwin School, Bryn Mawr, USA https://orcid.org/0009-0004-2740-0896
  • Emily Woodward The Baldwin School, Bryn Mawr, USA




cybersecurity education, cybersecurity information seeking, cognitive modes


With the cybersecurity workforce estimated to have grown to 5.5 million in 2023 but still facing a significant shortage, there is an urgent need for educational strategies that can effectively enhance decision-making skills in this domain. This paper explores the application of Hammond's Cognitive Continuum Theory (CCT) in the context of K-12 cybersecurity education, aiming to address the global cybersecurity workforce shortage and skills gap by preparing the next generation of cybersecurity professionals. This study adopts a case-study methodology to investigate the use of CCT in a high school "Cybersecurity and Ethical Hacking" class, analysing 104 tasks across six class activities to determine how different cognitive modes (Analytical Cognition, Quasi-Rational Cognition, and Intuitive Cognition) are induced by various task characteristics from CCT’s Task Continuum Index (TCI). Analytical cognition consists of rational decision making while Intuitive Cognition represents intuitive decision making. Quasi-Rational Cognition represents a blend of these two decision making styles. 


Directed content analysis and thematic analysis reveal that most tasks in the case promoted Analytical Cognition, with a significant presence of tasks inducing Quasi-Rational Cognition and fewer tasks facilitating Intuitive Cognition. The findings also highlight the dominance of information retrieval and analysis, methodical approaches in information seeking, and synthesis and decision-making across the cognitive modes, pointing towards the critical role of information behaviour in cybersecurity tasks. This research provides insights into how CCT can potentially inform the design of educational activities in cybersecurity, suggesting that a balanced inclusion of tasks across the cognitive spectrum can better prepare students for the complexities of the cybersecurity field. The paper discusses the implications for cybersecurity education, emphasising the need for instructional strategies that encompass a range of cognitive modes to reflect real-world challenges and enhance decision-making capabilities in future professionals. Additionally, the findings make a connection between cybersecurity tasks and school library instruction which focuses heavily on information behaviours. Limitations and directions for future research, including expanding data collection and connecting CCT to other theoretical frameworks, are also discussed.

Author Biographies

Thomas Heverin, The Baldwin School, Bryn Mawr, USA

Dr. Thomas Heverin serves as the "Cybersecurity and Ethical Hacking" teacher at the Baldwin School, an all-girls college preparatory school. He holds over 10 years of experience in cybersecurity and teaching, the CISSP certification, a Ph.D. in Information Science, and a U.S. Navy patent focused on cyber-risk assessments.

Addison Lilholt, The Baldwin School, Bryn Mawr, USA

Addison Lilholt has over a decade in education, focusing on teaching engineering and computer science. Addison is a seasoned presenter at various conferences and a guest on multiple podcasts.  He currently serves as the Computer Science and Engineering Department Chair at the Baldwin School.

Emily Woodward , The Baldwin School, Bryn Mawr, USA

Emily Woodward is currently the Lower School Library/Media Specialist at the Baldwin School, an all-girls college preparatory school. She has a Masters in Library and Information Science and has worked in Libraries for over 15 years. She is President-Elect of AISL (Association of Independent School Libraries).