Computer Science · 10th Grade

Active learning ideas

Introduction to Cybersecurity Threats

Active learning works well here because cybersecurity threats feel abstract until students see them in familiar contexts. By analyzing a school’s systems, role-playing attacks, and discussing ethical responses, students connect technical risks to real-world consequences in ways that passive instruction cannot.

Common Core State StandardsCSTA: 3A-NI-05CSTA: 3A-NI-07
20–50 minPairs → Whole Class3 activities

Activity 01

Inquiry Circle50 min · Small Groups

Inquiry Circle: The School's Attack Surface

Groups walk around the school (or a virtual model) to identify potential security vulnerabilities, including physical ones (developed doors) and digital ones (public Wi-Fi). They create a 'Threat Map' and rank the risks by likelihood and impact.

Differentiate between various types of malware.

Facilitation TipDuring Collaborative Investigation, assign small groups to map the school’s digital systems and flag at least three potential vulnerabilities before sharing with the class.

What to look forPresent students with three short scenarios describing cyber incidents. Ask them to identify the primary threat type (malware, phishing, DoS) for each and briefly explain their reasoning.

AnalyzeEvaluateCreateSelf-ManagementSelf-Awareness
Generate Complete Lesson

Activity 02

Role Play25 min · Pairs

Role Play: The Social Engineering Challenge

One student plays a 'vishing' (voice phishing) attacker trying to get a password, while the other plays a busy employee. The class observes the tactics used and discusses which psychological triggers (urgency, authority, fear) were most effective.

Analyze the characteristics of a phishing attempt.

What to look forFacilitate a class discussion using the prompt: 'Imagine you receive an urgent email from your bank asking you to click a link and verify your account details immediately. What are the red flags that suggest this might be a phishing attempt, and what is the safest course of action?'

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

Activity 03

Think-Pair-Share20 min · Pairs

Think-Pair-Share: Ethical Disclosure

Present a scenario where a student finds a major bug in a popular gaming platform. Pairs must decide: do they tell the company, post it online, or keep it quiet? They must justify their choice based on ethical frameworks and potential consequences.

Explain how a denial-of-service attack impacts network availability.

What to look forOn an index card, have students define one cybersecurity threat (malware, phishing, or DoS) in their own words and provide one specific example of how it could impact an individual or organization.

UnderstandApplyAnalyzeSelf-AwarenessRelationship Skills
Generate Complete Lesson

A few notes on teaching this unit

Teachers should model curiosity by asking students to question assumptions, such as how a simple email could lead to a major breach. Avoid presenting cybersecurity as a list of rules to memorize; instead, emphasize iterative thinking where students revise their understanding as they encounter new examples. Research shows that students retain threat modeling better when they repeatedly practice identifying risks in varied contexts.

Successful learning looks like students actively shifting perspectives—thinking as both defenders who mitigate risks and attackers who exploit weaknesses. They should be able to identify technical and human-centric threats and justify their reasoning with concrete examples.

Watch Out for These Misconceptions

  • During Collaborative Investigation, watch for students who assume cybersecurity is only about firewalls and passwords.

    Use the vulnerability maps they create to highlight how social engineering, like tricking someone into sharing a password, bypasses even the strongest technical defenses.

  • During Role Play: The Social Engineering Challenge, watch for students who believe hackers are always malicious individuals wearing hoodies.

    Use the debrief to discuss the different types of hackers (white, gray, black hat) and how ethical hackers use the same skills to protect systems.

Methods used in this brief

More in Cybersecurity and Digital Defense

Social Engineering Tactics

Students learn about social engineering techniques and how human psychology is exploited in cyberattacks.

2 methodologies

Common Software Security Flaws

Students identify common software security flaws and understand how they can be exploited, focusing on prevention.

2 methodologies

Introduction to Cryptography

Students learn the basic principles of cryptography, including symmetric and asymmetric encryption.

2 methodologies

Digital Signatures and Certificates

Students learn how digital signatures verify authenticity and integrity, and the basic role of digital certificates in trust.

2 methodologies

Authentication and Authorization

Students learn about different authentication methods (passwords, biometrics, MFA) and authorization principles.

2 methodologies