1. INTRODUCTION

Cybercrime poses a growing threat to global businesses, with the "Cost of a Data Breach 2022" report highlighting an average cost of $4.35 million per breach (IBM, 2022). Concurrently, Cybersecurity Ventures forecasts that cybercrime costs will escalate to $10.5 trillion annually by 2025, driven by the expansion of digital infrastructure and the increasing sophistication of cyberattacks (Morgan, 2021).

To address this challenge, comprehensive initiatives from academia, industry, and government aim to cultivate a skilled cybersecurity workforce. Notably, the National Security Agency's (NSA) endorsement of 312 colleges as Centers of Academic Excellence highlights the increasing emphasis on advanced cybersecurity education, incorporating rigorous training in network protocol analysis, programming, and reverse engineering (Reeder & Paller, 2021).

Amid these developments, the intersection of programming skills and cybersecurity expertise has become pivotal. Understanding software development and security programming is crucial for professionals tasked with defending against and mitigating cyber threats. To address this need, our tutorial on "Cryptography" within a "Security Programming" course offers practical, hands-on training. Utilizing Python, students engage in reverse encryption exercises that enhance their capability to decrypt messages and apply security concepts effectively.

This tutorial, tested in the IS/ISA (Information Systems/ Information Security and Assurance) program at a southeastern U.S. business school, has demonstrated significant educational benefits. Feedback from a post-tutorial survey indicated that students not only appreciated the practical application of their programming skills but were also keen to explore further programming applications in cybersecurity.

This case study serves as an exemplar for integrating real-world cybersecurity challenges into academic curricula, ensuring that graduates are well-equipped to meet the demands of the cybersecurity sector.

The paper is organized as follows. Section 2 discusses related work, Section 3 explains the rationale for choosing this tutorial, Section 4 presents the tutorial, and Section 5 discusses evidence of student learning. Sections 6 and 7 cover the applications, benefits, and conclusions of our work. Appendix A presents detailed solution steps for students, including snapshots, and Appendix B presents the survey questions.

2. RELATED WORK

In this section, we discuss the importance of security students knowing a programming language, the effectiveness of tutorial-based instruction for teaching programming, the reasons for choosing Python for our tutorial, prior work on using Python in security programming courses, and the NIST Cybersecurity Framework (NIST CSF 2.0, 2024).

2.1 Importance of Security Students knowing a Programming Knowledge

The objective of teaching programming languages to security students is to meet the skill, demand, and business needs in the industry. Most entry-level and intermediate-level roles in the information security field, such as cybersecurity manager, information security analyst, network engineer, malware analyst, threat intelligence expert, and network security architect, require and benefit from some level of programming ability. Security professionals sometimes need to manage and interact with professionals who are developers or programmers. Because many companies seek this skill, universities are offering new courses, certificates, and degree programs with programming components.

Most employers prefer graduates of security programs to have hands-on experience to reduce the need for (and expense of) on-the-job-training (Lewis & Crumpler, 2019). Employers and universities use cybersecurity assessment (cyber aptitude) tests that include programming testing (computers, programming, and security) (Reeder & Paller, 2021). During job interviews, employers may have a technical expert ask candidates to explain the vector used in a recent attack or to solve a few reverse engineering, network traffic protocol analysis, or Python programming problems.

Yang and Wen (2017) collected empirical data of U.S. business school (B-school) cybersecurity programs, developed a cybersecurity curriculum model, and identified programming as the second most important course in the curriculum. They recommended that cybersecurity professionals learn at least one object-oriented programming language. Programming knowledge gives them an edge over security professionals Without those skills (Kuk et al., 2019).

2.2 Tutorial-Based Instruction for Teaching Security Programming

For an IS/ISA graduate, the objective is not simply to learn to code but to learn how to use code to solve real-life business problems. The goal is to move away from lecturing and utilize a more application-based learning-based approach.

Multiple approaches are used to teach information security, such as textbooks, research, lectures, tutorials, and labs. The idea behind using a tutorial to add to the lectures on security programming is to provide a balanced understanding of the security problem from a business perspective and how to use a programming language to solve it. Students should not only practice commands and functions but also understand the contextual information such as when and why to use them in a real-world security problem. An extensive literature review to assess the methods to teach programming was performed.

Various approaches have been used by different programs: context-based (Kakucs et al., 2022; Wen & Katt, 2019), example-based (Gaber & Kirsh, 2021; Moumoutzis et al., 2018; Segal & Ahmad, 1993), lecture-based (Delialioglu, 2012), game-based (Combéfis et al., 2016; Lindberg et al, 2019; Mathrani et al., 2016), problem-based (Bawamohiddin & Razali, 2017; Chutisowan et al., 2021; Delialioglu, 2012; Nuutila et al., 2008; Omeh et al., 2022; Peng, 2010), project-based (Phuong, 2022; Sherman et al., 2019), case-based learning (Chutisowan et al., 2021; Moumoutzis et al., 2018), or a combination of these.

Teaching programming to security students requires a hands-on, application-based approach (Ksiezopolski et al., 2022). This should be done using real-world examples and problems. Contextualized learning (Rivet & Krajcik, 2008), which often takes the form of real-world examples and problems, is a meaningful method for students to learn the applications of the code they learn in the programming class. Contextualization provides a powerful motivation for learning (Cooper & Cunningham, 2010; Perin, 2011). Security and programming knowledge should be contextualized together and embedded in a meaningful scenario that makes sense to students, enhances their understanding, and makes the concepts more relatable.

Psychology and education researchers have demonstrated that when knowledge is learned in a context similar to that in which the skills will actually be needed, applying the learning to the new context may be more likely (Dey, 2001; Perin, 2011). Learning knowledge content through real-world experience is important for students because "Once they can see the realworld relevance of what they're learning, they become more interested and motivated" (Predmore, 2005, p. 23). In addition, studies in educational psychology have affirmed that examplebased learning is quite effective, especially for students or novice problem solvers (Atkinson et al., 2000). Practical scenarios are great tools to simulate a workplace environment (Hamburg et al., 2008). Merrill's (2002) First Principles of Instruction (FPI) for effective teaching and learning emphasize that meaningful learning occurs when:

1) Learning is problem-centered, i.e., learners are engaged in solving real-world problems

2) Existing knowledge is activated as a foundation for new knowledge

3) New knowledge is demonstrated to the learner

4) Learners apply new knowledge

5) Knowledge is integrated into the learner's world

The tutorial presented in this paper is based on the problemcentered approach. The principles align with the tutorial's approach, which requires the students to reverse engineer an encryption algorithm and decrypt a text. We chose a problembased approach for the tutorial to give students exposure to practical and industry-relevant problems.

2.3 Why Are We Using Python?

Python is one of the best programming languages for security experts ( Bravo, 2023; CPOMagazine, 2020; NSA, CISA, & US, 2023). Python is easy and quick to learn, understand, implement, debug, and troubleshoot. Python is a generalpurpose, server-side scripting language that can be implemented easily in security projects. The vast library of assets and a large community of developers make Python a powerful open-source language. A fundamental understanding of Python's data structures can be applied to penetration testing and cybersecurity applications and can be very beneficial for those who want to advance in this area (Kuk et al., 2019). Considering the popularity, use, applicability, and demand for Python in academia and industry over the past few years, it is a great choice for teaching security programming.

Python is the number one programming language, according to the TIOBE Software Index, an indicator of the popularity of programming languages (TIOBE Index for April 2025, 2025). Python is also number one on the PYPL Popularity of Programming Language Index, which is created based on how often language tutorials are searched on Google (PYPL PopularitY of Programming Language, 2025). This index is indicative of which language might be valuable to study, or consider for use in a new software project.

Multiple works compare Python with other object-oriented programming languages and discuss why it is better choice of language to learn for programming students (Bogdanchikov et al., 2013; Fangohr, 2004; Kuk et al., 2019). Further, the suitability of Python as a programming language for B-school IS curriculum has been discussed in detail (Ellis et al., 2019). Python gives B-school students academic and business-relevant programming experience.

From a cyber security perspective, Python programming skills will be of great value to students who want to build foundational understanding of technology with cybersecurity proficiency (Odetokun, 2020). Most importantly, Python is in high demand by employers. In the 2023 Robert Half Technology Salary Guide, Python is listed as one of the top five coding languages tech leaders are looking for (Johnson, 2022). Python has been widely adopted across various industries. It is being used at Google for mainframe foundation, Dropbox for cloud-based services, YouTube for integration of streaming videos into their Internet pages, and Instagram for its Django framework. Python is also used by NASA for Workflow Automation System (WAS) and scientific programming tasks, and NSA for cryptography and intelligence analysis. Python can perform a multitude of security functions, including writing scripts, automating information security processes, customizing tools, analyzing malware, scanning, penetration testing tasks, and automating security response operations. Most of these activities can be automated using Python scripts and easily coded in an English-like script of Python (Kuk et al., 2019). Python has numerous libraries for implementing a variety of functions such as Scikit, Nmap, Twisted, Scapy, Beautiful Soup, Cryptography, YARA, Pymetasploit3, Mechanize, Socket, and pygeoip.

2.4 Prior Work on Using Python for Security Programming Courses

Python has been used for teaching information security. For instance, an approach to teach cybersecurity that has been implemented and successfully executed at Business and Technology University (BTU), Georgia was discussed by Chokhonelidze et al. (2020). They implemented a first-semester compulsory course "Introduction to Programming With Python Language," followed by a second-semester programming course, and multiple cybersecurity courses in subsequent semesters. Next, they mention that the approach has shown that students master cybersecurity subjects and are well prepared for the job market. Additionally, data shows students' interest in a security-oriented Python course and their readiness to participate in the class upon its introduction, as discussed by Odetokun (2020). They recommend creating effective learning environments (labs, tools) to enhance student engagement. A study conducted by Henttonen and Rathod (2024) highlights the importance of programming in cybersecurity based on a 15week Python course for students seeking cybersecurity careers. The study found positive impacts, such as enhanced engagement, when cybersecurity-specific content was integrated into a programming course.

There are examples of positive experiences conducting camps teaching cybersecurity and Python programming to high school students, college freshman, students with no prior programming experience. CyberPDX, a residential summer camp was conducted by Feng et al. (2017) to introduce cybersecurity to high school students. The camp focused on a range of societal issues impacted by cybersecurity through four learning threads, including Python programming. Initial results showed that the camp positively influenced participants by increasing their intention to pursue a career in cybersecurity. Another summer camp for high school students, including entering college freshman was conducted by Eckroth (2018), who shared his experiences teaching a 5-day 25-hour cybersecurity and Python programming. Although the curriculum was designed for students with no prior experiences in cybersecurity or programming, it covered a wide variety of topics including networking, encryption, password management, and penetration testing. A post-survey indicated that some students expressed disappointment with the rushed curriculum, as it attempted to cover many foundational topics and exercises within a limited time frame. The work by Breese and Gardner (2024) presents two teaching cases based on Python programming language for K-12 and university level cybersecurity learners. The first exercise introduces students to basic Python concepts and guides them through developing a simple number guessing game. The second exercise focuses on conducting log file analysis, integrating programming skills with cybersecurity education. These exercises have been implemented in both a cyber camp environment and in-class settings for 100- and 200-level courses, primarily to attract novice students to pursue cybersecurity as a major. They plan to publish student experiences as part of their future work.

In our work, our goal is to provide the learners with a practical, relevant to real world cybersecurity work and skill building exercise that demonstrates the applications of encryption in security. One of the biggest challenges is ensuring access to the right materials, tools, and techniques to practice the concepts and theories covered in course texts. We want to provide resources that make students self-sufficient to solve a given problem as many of them could be a novice in programming and cybersecurity. The tutorial with step-by-step screens will serve as an excellent resource to solve the given problem. Students are also provided sufficient time to complete it. Finally, we want to spark their interest in learning more applications of cybersecurity in programming.

2.5 NIST Cybersecurity Framework (NIST CSF)

The NIST Cybersecurity Framework (NIST CSF) is a comprehensive set of guidelines and best practices designed to help organizations manage and reduce cybersecurity risks. Developed by the National Institute of Standards and Technology (NIST), the framework provides a flexible, riskbased approach to cybersecurity, suitable for organizations of all sizes and sectors. The NIST CSF is adopted across various industries, making it highly relevant for students who will enter the cybersecurity workforce. The six core functions are as follows:

1) The GOVERN (GV) Function involves establishing, communicating, and monitoring an organization's cybersecurity risk management strategy and policies, aligning them with its mission and stakeholder expectations. This function integrates cybersecurity into the broader enterprise risk management (ERM) strategy and oversees roles, responsibilities, and the cybersecurity strategy.

2) The IDENTIFY (ID) Function involves understanding the organization's current cybersecurity risks, assets, and suppliers to prioritize efforts consistent with its risk management strategy and mission needs. This function identifies opportunities for improving policies, plans, processes, and practices that support cybersecurity risk management across all functions.

3) The PROTECT (PR) Function involves implementing safeguards to manage and secure the organization's assets, reducing the likelihood and impact of adverse cybersecurity events. Key areas include identity management, authentication, access control, awareness and training, data security, platform security (i.e., securing the hardware, software, and services of physical and virtual platforms), and technology infrastructure resilience.

4) The DETECT (DE) Function involves identifying and analyzing potential cybersecurity attacks and compromises. This function enables timely discovery of anomalies and indicators of compromise, supporting effective incident response and recovery efforts.

5) The RESPOND (RS) Function involves taking action on detected cybersecurity incidents, focusing on containing their effects. This function includes incident management, analysis, mitigation, reporting, and communication.

6) The RECOVER (RC) Function involves restoring assets and operations affected by a cybersecurity incident, aiming for timely recovery to minimize impact. This function also ensures effective communication during recovery efforts.

3. RATIONALE BEHIND SELECTION OF THIS TUTORIAL

Understanding how encryption algorithms work and their weaknesses is very important in cybersecurity. The tutorial follows a step-by-step teaching and explanation approach to make it an engaging exercise for students. Based on a reverse engineering scenario, the tutorial can be self-learned by students who have some prerequisite knowledge and would like to gain hands-on experience in this area. There are multiple reasons due to which this tutorial was chosen for the course and as a subject in this paper.

1) Alignment with NIST CSF 2.0: This tutorial aims to leverage the principles of NIST Cyber Security Framework (NIST CSF 2.0, 2024) to enhance participants' understanding of cybersecurity threats and defense mechanisms. Focusing specifically on the PROTECT Function of the NIST CSF framework, it teaches students to implement safeguards and enhance encryption methods to secure data against unauthorized access. By reverse engineering, participants can identify weaknesses in encryption methods and learn how to strengthen them, contributing to the organization's overall protective measures.

2) Practical relevance of the tutorial topic: This tutorial equips students with knowledge and skills that are valued across multiple sectors. Students learn a topic on information security and gain understanding of how to manually reverse a script. Cryptographic algorithms play an important role in the security industry to protect sensitive information. However, there are scenarios where reverse engineering a cryptographic algorithm is necessary, such as understanding its technical workings, assessing its security, or developing compatible software. Other applications of reverse engineering include searching for vulnerabilities in software, hardware, or systems, and analyzing malware. By understanding how a system works, security professionals can identify weaknesses that could allow attackers to gain access or cause damage.

3) Hands-on experience: The tutorial provides hands-on experience with the theoretical concepts learned in the course. The problem-based approach makes the exercise interesting and engaging. This approach expands the knowledge horizon of students and encourages them to use their skills to solve real business problems. In addition, this exercise gives students a taste of the types of questions asked during job interviews. Finally, the exercise adds to the students' practical skill which the student can talk about during a job interview. Our objective is to show how we can make security programming course in B-school a fun, challenging, and practical learning experience for students by including exercises such as the below tutorial.

4. TUTORIAL - DECRYPTION AND REVERSE ENGINEERING CHALLENGE

In this section, we will describe the tutorial. The tutorial will be provided as part of the assignments or as a bonus exercise to the students in the "Cryptography" module of the security programming course. The instructor should ensure that the prerequisite course material is covered before providing the tutorial to the students. The course can be taught online/in-person and the material will be provided through the Learning Management System (e.g., D2L Brightspace) as part of the lecture content.

4.1 Part of Tutorial for the Instructors

Level: Undergraduate. Pre-requisites: To instruct the students in the Reverse Engineering Challenge, faculty members should ensure the students know the following concepts:

1)Basics of cryptography (encryption, decryption, hashing)

2) NIST CSF 2.0

3) Basic programming concepts of Python (variables, operators, decision structure, loops, functions, strings)

4) Basics of reverse scripting

The tutorial provides a hypothetical scenario to the students in which a job applicant interviewing for a position in cybersecurity is asked to reverse engineer an encryption algorithm written in Python. The goal is to demonstrate how to manually analyze the code of an encryption algorithm to decrypt a message and create its hash. The tutorial is selfexplanatory and students can follow the step-by-step instructions provided. Each instruction is accompanied by visuals that illustrate the code, clarify what needs to be done, explain the reasoning behind it, and demonstrate how to implement it. In the tutorial exercise,

1) Students need to decrypt a string and find the hash of the string.

2) Students are provided with two files to start with: encryption code in "encryptor.py" and encrypted message in "message.txt."

3) Students are given one week to complete the tutorial and are required to submit a snapshot of the hash as a proof of completion.

4) Student handouts include:

a. Learning objectives, prerequisite knowledge, scenario, challenge objectives, tools required.

b. Steps to solve the problem.

c. Reference snapshots of the solution (in Appendix A).

4.2 Part of Tutorial for the Students

4.2.1 Learning Objectives.

1) Python Programming Proficiency:

a. Apply basic Python programming concepts, including variables, operators, decision structures, loops, functions, and strings.

b. Enhance problem-solving skills using Python in a practical cybersecurity scenario.

2) Reverse Engineering Techniques:

a. Analyze and understand the structure and flow of an encryption algorithm.

b. Develop Practical Skills in reverse engineering a Python script.

4.2.2 Prerequisite Knowledge.

1)Basics of cryptography (encryption, decryption, hashing).

2) NIST CSF 2.0.

3) Basic programming concepts of Python (variables, operators, decision structure, loops, functions, strings).

4) Basics of reverse scripting.

4.2.3 Scenario. Assume you are a job applicant and while searching for a job, you find that the Acipher website's career page is recruiting for a reverse engineering position. After you apply, an Acipher careers system bot sends you an email with a challenge to decrypt a message. The email contains an encrypted message (message.txt: 703e966d1ed86f08daf503d6678e99eb09d47f18), an encryptor script written in Python (encryptor.py) and Challenge Objectives.

4.2.4 Challenge Objectives.

1) Read the script and understand its flow.

2) Decrypt the encrypted message provided to you.

3)Find the hash of the message string and submit a snapshot of hash as a proof of completion of the tutorial.

4.2.5 Tools Required. Python3 and Theia IDE.

4.2.6 Solution Steps.

1) Part I) Understand the encryption of the message:

a. Simply execute the code to see what it does?

b. Attempt to understand the variables, operators and functions.

с. Give meaningful names to variables and functions based on their role in the program. For example, the variable "value" that takes in user input can be named - "user input."

d. Focus on variables - value, ORD value, ORD key, lol, xor result, movebit, rotateLeft, chars.

e. Focus on functions - GGGGotate().

2) Explanation - (encryptor script in encryptor.py):

a. The program performs encryption on a userprovided input string by manipulating its characters through bitwise operations and rotations. The program code starts by calculating XOR of first characters ASCII value with the encryption key (the ASCII value of "a") (Lines 2224). Then, using a function, it applies left rotation to the result of XOR operation, ensures that the result stays within 8 bits and sets the least significant bit if the original value was above 127. The result is stored as an element in a list (Lines 16, 25). Now, for the remaining characters in the input string, it performs an XOR between the last element in the list and the ASCII value of the current character, and again rotates it left using the same function as before (Lines 26-33). After completing the process for all input characters, the values in the list are then converted to a hexadecimal format, resulting in the encrypted string (Lines 40-49).

3) Part II) Decryption of the message:

a. Hexadecimal to decimal conversion: Create a list of left-rotated decimals by converting each two digits of the encrypted message to their decimal format. Each pair of hexadecimal digits in the string represents one byte (8 bits).

b. Reverse the rotation: Create xor result by converting each two digits of the encrypted message to their binary bit format and rotate it right.

c. Reverse XOR with previous values: Convert "xor result? and "encrypted key[k]" decimal numbers to their binary numbers. Next, compare which bits of "encrypted key[k]" differ from "input_chars[k]" bits - get final decimal value of each of the character.

d. Convert decimals numbers to characters: Convert the list of decimal numbers to characters using the ASCII value of the decimal number.

e. Continue Steps 1-5 for all digit pairs, until the entire message is decrypted and original message is obtained.

4) Part Ш) Compute the flag (i.e., the hash of decrypted message):

a. Hash the decrypted message using MDS algorithm or Linux command

b. Reference snapshots of the solution available in Appendix A.

5. STUDENT FEEDBACK

The tutorial and a short survey were provided to the students of a security programming course, where Python was the primary language taught. The students were enrolled in the IS/ISA program in the Department of Information Systems and Security at a business school within a large university in the southeastern United States. The tutorial and the subsequent survey were completed by 18 students. The tutorial was provided after the theoretical concepts had been covered in the course. The results of the survey are as follows:

1)82% of respondents agreed that the exercise was reasonable and useful.

2) 72% of respondents agreed that the teaching method through the tutorial supported their learning process.

3) 83% of respondents expressed interest in learning more about the applications of programming in cybersecurity after completing the tutorial.

Regarding what they liked about the tutorial, some of the student comments included:

* "It helped me learn how to read and break down code better."

* "I like how it was easy to follow and not too hard to learn."

* "Tliked it because the tutorial teaches in an easy way."

* "I like there were steps provided along with pictures to help walk through the process."

* "Taught me an area of knowledge that I had never learned up to this point in my college education."

Regarding what they disliked about the tutorial, some of the student comments included:

* "At first glance it seems overwhelming."

* "It was pretty difficult for me at times."

* "There is not a lot of explanation and information; increase explanation."

Overall, the students" response to the tutorial has been positive. Most students appreciated the step-by-step walkthrough provided to complete the tutorial. However, some students found the tutorial overwhelming and difficult and wanted more explanation to be added. This reaction is understandable, given that many students were exposed to scripting for the first time in this course. Additionally, there was no prerequisite for prior knowledge of encryption concepts. In our view, the hands-on nature of this activity is one of its greatest benefits. The best part was the step-by-step instructions and snapshots that were available. The activity allows students to move beyond a purely theory-based approach and engage with practical, real-world applications. We hope that this activity will help students build confidence in scripting, making it easier for them to tackle similar challenges in future courses, such as the network security and penetration testing course.

6. DISCUSSION

6.1 Learnings From the Tutorial

The tutorial teaches students to make meaning out of the obfuscated code of a simple encryption algorithm. Some of the tasks/concepts that students do - understand the functions in the code, identify and rename the variables and functions, get ASCII value of characters, use logical operators (XOR, AND, and OR), use loops and lists in a program, convert hexadecimal to decimal, and finally hash a given value.

In this tutorial example, students learn about reverse encryption using their knowledge of Python programming. Following the step-by-step process, they apply their programming skills to a real use-case that an information security manager may face.

6.2 Benefits of the Tutorial

This tutorial is relevant for educators who want to teach students programming in the context of information security (specifically reverse engineering within cryptography).

The tutorial process creates an engaging, active work environment. This tutorial is an example of how a topic in an information security programming course should be taught, emphasizing the importance of applying programming skills to solve real-world business problems. This approach enhances understanding of security concepts and improves student retention by linking programming concepts to business applications. Additionally, this experience boosts students" confidence in applying learned concepts to various scenarios.

Instead of providing a problem and asking students to write code to solve it, we start by deconstructing preexisting Python scripts, encouraging critical thinking about understanding code they might encounter in real-world situations. Importantly, we take a context-driven approach: introducing a business problem first, then the appropriate methods to solve it.

6.3 Applications of the Learnings

Reverse engineering malware involves analyzing malware to understand its functionality and purpose, determine how to remove it from a system, or create defenses against it. The process ofreverse engineering is used to investigate viruses and find practical solutions to counteract them. Reverse engineering malware is challenging due to obfuscation techniques, encryption, and frequent code changes by malware authors. Understanding the algorithm at a basic level gives students insight into reverse-engineering malware code. This knowledge prepares students to tackle such situations.

6.4 Adopting the Idea

The instructors who adopt the tutorial-based instruction idea should integrate it with a cybersecurity course module. Moreover, they should use real-world scenarios to make the tutorials relatable and applicable. They should define the purpose and objective of the tutorial. They should ensure the tutorial includes detailed, self-explanatory steps and code snippets. They should add comments in the code to explain key concepts. Additionally, they should provide the code files, datasets and log files for hands-on practice.

7. CONCLUSIONS

The objective of this paper was to present a sample tutorial for addressing security problems from a business perspective, Which can be used for teaching programming languages in security programming courses. We provide a step-by-step process for instructing students on how to solve a Reverse Engineering challenge using Python.

The overall feedback about the tutorial has been positive and the fact that students want to learn more about the application of programming in cybersecurity is a significant achievement. The learnings on scripting and encryption from this hands-on exercise will help the students in future courses in the program such as in Penetration testing course.

Our next step is to expand the tutorial-based method of instruction to other modules in the course. Our goal is to introduce each topic in the security programming curriculum within the context of a different case study or real-world example (monitoring network traffic, analysis of security logs, etc.). We also plan to develop additional follow-up tutorials on the topic of encryption for other courses in our program, such as the network security course. We anticipate these topics will evolve as we continue teaching the course and as new topics gain importance and popularity. Throughout the course, we engage in important discussions about the applications of these concepts.

AUTHOR BIOGRAPHIES

Gunjan Batra is an assistant professor of information systems and security in the Coles College of Business at Kennesaw State University, GA. She teaches information security related courses such as Security Script Programming, Management, IT Audit, Management of Information Security. She received her Ph.D. in Management from Rutgers University, NJ, specializing in Information Security. Prior to her doctoral degree, she worked as a consultant at KPMG in their IT Advisory practice, helping clients with Information security related issues. Gunjan is also a Certified Information Systems Auditor (CISA). Her research interests include Information Systems Security, Access Control, Information Systems Audit, and Data Analytics. She has published her research in several journals and presented at conferences in these areas.

Humayun Zafar is a professor of information security and assurance, and the Director of Fintech at Kennesaw State University. He completed his doctorate in Business Administration With an emphasis in IT from the University of Texas at San Antonio. His research and teaching interests include cybersecurity and fintech. His work has appeared in journals and conferences such as Communications of the AIS, Information Systems Frontiers, and HICSS.

Pamila Dembla is an associate professor of information systems and security in the Coles College of Business at Kennesaw State University, GA. She teaches database related courses. She is an interdisciplinary scholar, and her research interests include working on cross cultural issues related to global IT projects, specifically with respect to gender. To that effect, her research extends across many cultures including the United States, India, Russia, Ukraine, and Mexico. She has published numerous articles in journals, book chapters, and presented at various regional, national, and international conferences. She has mentored a number of students, interns, and chaired doctoral students during her tenure.