CurricuLLM: Designing Personalized and Workforce-Aligned Cybersecurity Curricula Using Fine-Tuned LLMs
Arthur Nijdam, Harri Kähkönen, Valtteri Niemi, Paul Stankovski Wagner, Sara Ramezanian
TL;DR
CurricuLLM addresses the misalignment between cybersecurity curricula and workforce demands by automating curriculum analysis and design with a two-tier LLM pipeline (PreprocessLM and ClassifyLM). It maps course content to CSEC2017 Knowledge Areas and NICE Knowledge Descriptions, derives role-based KA distributions, and optimizes elective selections to align with target job profiles using a constrained optimization that minimizes the deviation between the curriculum distribution and the target $T$ with binary decisions $x_i$. The framework is validated against expert annotators on real programs (KTH, NTU, CMU) and KD data, showing expert-like reliability and scalable curriculum analysis from course level to entire programs. The approach supports workforce alignment with the 2025 NICE framework and provides practical, data-driven guidance for personalized cybersecurity education.
Abstract
The cybersecurity landscape is constantly evolving, driven by increased digitalization and new cybersecurity threats. Cybersecurity programs often fail to equip graduates with skills demanded by the workforce, particularly concerning recent developments in cybersecurity, as curriculum design is costly and labor-intensive. To address this misalignment, we present a novel Large Language Model (LLM)-based framework for automated design and analysis of cybersecurity curricula, called CurricuLLM. Our approach provides three key contributions: (1) automation of personalized curriculum design, (2) a data-driven pipeline aligned with industry demands, and (3) a comprehensive methodology for leveraging fine-tuned LLMs in curriculum development. CurricuLLM utilizes a two-tier approach consisting of PreprocessLM, which standardizes input data, and ClassifyLM, which assigns course content to nine Knowledge Areas in cybersecurity. We systematically evaluated multiple Natural Language Processing (NLP) architectures and fine-tuning strategies, ultimately selecting the Bidirectional Encoder Representations from Transformers (BERT) model as ClassifyLM, fine-tuned on foundational cybersecurity concepts and workforce competencies. We are the first to validate our method with human experts who analyzed real-world cybersecurity curricula and frameworks, motivating that CurricuLLM is an efficient solution to replace labor-intensive curriculum analysis. Moreover, once course content has been classified, it can be integrated with established cybersecurity role-based weights, enabling alignment of the educational program with specific job roles, workforce categories, or general market needs. This lays the foundation for personalized, workforce-aligned cybersecurity curricula that prepare students for the evolving demands in cybersecurity.
