Integrating Generative AI in Cybersecurity Education: Case Study Insights on Pedagogical Strategies, Critical Thinking, and Responsible AI Use
Mahmoud Elkhodr, Ergun Gide
TL;DR
This paper addresses the challenge of integrating Generative AI (GenAI) into cybersecurity management education to enhance critical thinking and regulatory awareness. It proposes a two-stage framework that embeds GenAI in tutorials and assessments, demonstrated through three case studies: SecSDLC-based planning, AI-assisted email policy development, and layered security design for financial institutions. Findings show that GenAI-augmented learning improves policy evaluation, risk refinement, and real-world problem solving, while revealing concerns about over-reliance and AI-literacy variation, underscoring the need for human oversight and structured guidance. The study offers a replicable, scalable approach that balances AI-generated insights with expert judgement, with implications for adaptive assessments and long-term competency in cybersecurity education.
Abstract
The rapid advancement of Generative Artificial Intelligence (GenAI) has introduced new opportunities for transforming higher education, particularly in fields that require analytical reasoning and regulatory compliance, such as cybersecurity management. This study presents a structured framework for integrating GenAI tools into cybersecurity education, demonstrating their role in fostering critical thinking, real-world problem-solving, and regulatory awareness. The implementation strategy followed a two-stage approach, embedding GenAI within tutorial exercises and assessment tasks. Tutorials enabled students to generate, critique, and refine AI-assisted cybersecurity policies, while assessments required them to apply AI-generated outputs to real-world scenarios, ensuring alignment with industry standards and regulatory requirements. Findings indicate that AI-assisted learning significantly enhanced students' ability to evaluate security policies, refine risk assessments, and bridge theoretical knowledge with practical application. Student reflections and instructor observations revealed improvements in analytical engagement, yet challenges emerged regarding AI over-reliance, variability in AI literacy, and the contextual limitations of AI-generated content. Through structured intervention and research-driven refinement, students were able to recognize AI strengths as a generative tool while acknowledging its need for human oversight. This study further highlights the broader implications of AI adoption in cybersecurity education, emphasizing the necessity of balancing automation with expert judgment to cultivate industry-ready professionals. Future research should explore the long-term impact of AI-driven learning on cybersecurity competency, as well as the potential for adaptive AI-assisted assessments to further personalize and enhance educational outcomes.