Cybersecurity Curriculum Framework Overview


As more high school teachers integrate cybersecurity into their classrooms, the need for a coherent curriculum framework becomes more pressing. A curriculum framework sets the parameters, directions and standards for curriculum policy and practice. It is a means of organizing and managing content (policies, procedures, concepts and so on) in a systematic way. A curriculum framework is important because it enables educators to effectively plan properly sequenced activities so as to provide learning opportunities targeting desired learning outcomes. Curriculum developers and teachers seek to ensure that students develop a base of knowledge, skills, attitudes, beliefs and values that will enable them to function successfully in cybersecurity college programs and careers.   


Curriculum designed using this framework should appeal to students who have a broad range of interests and a variety of backgrounds. As cybersecurity becomes a part of nearly every aspect of society, an important prerequisite is interest, the ability to problem-solve, and a curious nature. The intent is that a course based on this framework will entice students into the field of cybersecurity, by exposing them to the diverse opportunities available.


The framework used for Introduction to Cybersecurity was modeled after the AP Computer Science Principles curriculum framework, which in turn was based on the Understanding by Design® (Wiggins and McTighe) model. It was designed by educators from high school and higher education, who collectively have vast experience teaching computer science and cybersecurity. Feedback was sought across the country from high school educators teaching computer science and/or cybersecurity courses, cybersecurity educators from higher education institutions, and members of government and industry that have a need for highly skilled workers. This document guides curriculum in that it expresses what should be taught rather than how to teach it and provides students with a visible guide to successfully complete the course. Introduction to Cybersecurity is intended to be equivalent to an intro course in cybersecurity at either a community college or university.


The framework has four levels:  big ideas, enduring understandings, learning objectives, essential knowledge statements. 

The big ideas are broad, encompassing areas of importance to cybersecurity. That is, they are so important that all aspects of cybersecurity are affected by them. When writing a curriculum that maps to the framework, the scope of these ideas will be intertwined in lessons throughout the entire curriculum. The big ideas, in conjunction with a cybersecurity mindset, should drive how we teach so that students have enduring knowledge of at course completion. Underlying the big ideas are a set of essential questions. These questions illicit a response from students that displays a breadth and depth of knowledge within each big idea to ensure that a comprehensive understanding of the topic is acquired.

This summative knowledge base is listed under each big idea as an enduring understanding statement(s). Enduring understandings are statements summarizing important ideas and core processes that are central to cybersecurity and have lasting value beyond the classroom. Enduring understandings synthesize what students should understand as a result of knowing about and doing cybersecurity.  Enduring Understandings are lasting and nearly unchanging. Course assessments should directly address these understandings. Projects developed should aim to produce artifacts that depict both the big ideas and the enduring understanding statements.

Learning objectives (LO) lie beneath enduring understanding statements within the framework and each enduring understanding has least one learning objective. Learning objectives work in tandem with the cybersecurity mindset by requiring students to complete tasks that will prepare students to successfully understand the defense of a system. Completed LOs give students the working knowledge needed in order to create a lasting knowledge (enduring understanding) of cybersecurity. LOs are written as action statements where students are to complete tasks in order for completion and mastery.

Essential knowledge (EK) statements provide clarity on the learning objectives by offering specific statements of fact that students should know at the end of the course. These EK statements are written as flexible and may be changed when new technologies are created.


The Cyber Center for Education and Innovation, Home of the National Cryptologic Museum, expresses its deep gratitude for the generous financial support provided by Northrop Grumman Corporation and the National Security Agency in support of the Cyber Curriculum Framework Phase One project. We also are grateful for the generous financial support provided by the Hewlett Foundation in support of the framework’s Phase Two efforts, and for general educational program support previously provided by Lockheed Martin and Northern Trust.

These financial investments were made in recognition of the need for a coherent national framework to guide curriculum development throughout the K-12 spectrum. Because of this support, curriculum developers, teachers and students will benefit from learning the knowledge, skills, attitudes, beliefs and values critical to protecting and defending our nation’s critical cyber domain.



Dr. Melissa Dark began her career in cybersecurity education as a Professor at Purdue University. She has led a number of innovative, national projects in cybersecurity education to include:

  • INSuRE is a cybersecurity research collaborative using the cybersecurity student talent pool to work on cybersecurity problems supplied by federal agencies and national labs.
  • Development of a concept inventory to diagnose learners’ misconceptions in secure programming.
  • Cyber fMRI is investigating the use of representational fluency to develop deep conceptual understanding of complex cybersecurity topics.
  • GenCyber is a program to grow the cybersecurity pipeline through summer camps across the nation for students and teachers.
  • NCCP is funding 54 grants to develop core cybersecurity curriculum to be made widely available through a curriculum/learning management system to increase the quantity and quality of cybersecurity curricula.

Melissa retired from Purdue in 2019 and is now running a non-profit company dedicated to advancing cybersecurity education in the United States.


Dr. Jenny Daugherty is an education consultant with over 15 years of experience in K-12 STEM education. Prior to becoming a consultant, Jenny was an Associate Professor at Louisiana State University and Purdue University in Colleges of Education and Technology. Jenny earned her doctoral degree in Human Resource Education from the University of Illinois, Urbana-Champaign where she was awarded a doctoral fellowship with the National Center for Engineering and Technology Education. She was a co-Principal Investigator for the $2.9 million National Science Foundation funded Project Infuse, which researched engineering-infused science teacher professional development. Jenny has served as a site visitor for GenCyber since 2016.


Mark Emry earned his Bachelor of Science in Psychology from the University of Nebraska at Omaha, and his teaching certificate was earned through South Dakota State University. He earned his Master of Arts degree in Educational Technology from Augustana University in Sioux Falls, SD. Mark has 27 years of teaching experience ranging from Middle School Language Arts and Science to his current position as a Computer Science teacher and Department Chair at Sioux Falls Washington High School. Among the courses Mark teaches are Exploring Computer Science, AP Computer Science A and AP Computer Science Principles (AP CSP). He has served as a table leader for the reading of the AP CSP exam since its inception in 2017. Recently, Mark was awarded the 2019 NCWIT Aspirations Educator Award. In addition, Mark has designed and presented numerous professional development workshops in the region including functioning as lead facilitator for the “Expanding Pathways into Computer Science across South Dakota” workshop located at Black Hills State University. As part of the Research Experiences for Teachers grant, Mark developed a Cybersecurity curriculum which has been implemented in high schools across South Dakota. He grew his background in coding and cybersecurity while working as a software engineering lead for various contractors of the United States Geological Survey.


Dr. Dan Massey is Professor of Computer Science at the University of Colorado Boulder and Director of the Technology, Cybersecurity, and Policy Program. Prior to joining CU Boulder, he was a Program Manager in the Cyber Security Division, Science and Technology Directorate, U.S. Department of Homeland Security (DHS) where he developed and managed the Cyber Physical Systems (CPSSEC) program for cybersecurity in automobiles, medical devices, building controls, and other systems that combine the cyber and physical worlds. He also developed and managed the Distributed Denial of Service Defense (DDoSD) program that includes both traditional IT environments and key telephony services such as 911 and NG911. He has more than 25 years of experience and is the author over 100 peer reviewed publications on networking and cyber security, including co-editor of the DNS Security Standard (RFCs 4033, 4034, and 4035). Dr. Massey has been collaborating with St. Vrain Valley School District teachers to introduce the CyberPatriot program and currently coaches both middle and high school teams.


Jennifer Peyrot has been in education for over 10 years. She started off as a high school social studies teacher and has been working as an instructional technology coordinator since 2012. Jennifer has played a central role in several district-wide technology-driven initiatives. The experiences and training she had while serving in the U.S. Army allowed her to recognize the impact that the cybersecurity workforce shortage can have on our national security and she started getting involved in bringing cybersecurity into the K-12 setting.  

  • GenCyber Colorado Program Director in 2018
  • GenCyber Camp participant in August 2017
  • Co-facilitator of the SVVSD Computer Science Collaborative 2017 - present
  • Co-facilitator of the SVVSD Blended Learning Collaborative 2016 - present
  • Co-organizer and instructor at SVVSD annual Tech Camp from 2015-2018.
  • Co-organizer of EdCamp Denver 2015 and EdCamp Longmont 2016.
  • Instructs teachers and school site administrators on the systematic implementation of instructional technologies. 2013 - present.
  • Classroom Teacher, High School Social Studies 2007-2012
  • Intern, National Governors Association-Homeland Security Dept., Apr.-Jul. 2004
  • Veteran of U.S. Army as a 98C, Signals Intelligence Analyst, 1997-2000


Please CLICK HERE to access to the Cybersecurity Curriculum Framework.

Join or renew a membership

Anyone, anywhere can be a member of the NCMF.


The Founders' Group spearheads the capital campaign to build the new Cyber Center for Education and Innovation - Home of the National Cryptologic Museum.


More Info »

Donate to the CCEI-NCM

Be a part of the future - help us build the Cyber Center for Education and Innovation - Home of the National Cryptologic Museum.