The hard science disciplines (computer science, electrical and computer engineering) have already started investing heavily in cybersecurity education. Security experts, however, note that cybersecurity is a wider discipline than simply the [technical] fields, and professionals with backgrounds [in] the social sciences … will be needed in the cyber workforce of the future. The relevance of incorporating social sciences into the cybersecurity domain has been acknowledged by the National Academies of Sciences, Engineering, and Medicine and the Department of Homeland Security. Social science disciplines, such as sociology, criminology/criminal justice, anthropology, political science, and psychology are particularly adept at unpacking the complex facets of human behavior and should therefore be leveraged for their contributions to the area of cybersecurity. Yet, the social science arena remains weak in cybersecurity training and education of the future cyber workforce.

This talk shares an educator's efforts to engage undergraduate students in a hands-on social engineering project across Fall 2017 and Spring 2018 semesters. It uses the experiential learning framework that promotes "learning by doing". Specifically, this talk focuses on three sub-projects: (i) shoulder surfing where student teams competed against each other, (ii) laptop distraction, where student teams attempted to convince Temple University Computer Services employees to leave their laptops (designed for the class exercise) so that the students could remove a bogus 'intellectual property' file and place a fake 'malware' program on the employees' machines, and (iii) convince individuals on Temple University campus to take a selfie with team members and a funny prop.

The talk also offers a comparative analysis of these projects over the two semesters, sharing the experiences and challenges of both the students and this educator. It also details the issues about designing projects that follow university ethics standards, training students in human subjects research ethics, generating relevant rubrics, and how to evaluate student engagement and learning. To conclude, the educator shares these cases discussed to initiate dialog in the area of hands-on learning for social science students. Audience feedback is welcomed as this educator is still exploring the experiential learning approach, especially in the area of social engineering.