Call for Content

The Virginia Cyber Range needs great courseware modules to support cybersecurity education at Commonwealth high schools, colleges, and universities. We need help to build this courseware repository and to provide challenging, educational, hands-on labs and exercises for the range, taking advantage of the excellent course content that is already being used across the state.

The cyber range will provide grants to eligible faculty* who repackage existing courseware modules or create new modules for use in the Virginia Cyber Range. Grants for Cyber Range content will be offered based on the type of material provided and on the priority assigned by Executive Committee. We prefer to accept content in the form of modules, three to six-lessons on a particular topic, preferably with associated hands-on labs, as we believe that this format will be most useful to educators that are looking for content for their classes. Other forms of content, from individual exercises to full courses, may also be accepted.

The range needs courseware for both technical and non-technical cybersecurity courses. Formats will be provided for syllabi, lesson plans, presentation slides, homework assignments, and hands-on exercises.

The first step in submitting content is to submit this abstract submission form to content@virginiacyberrange.org.

Content Categories

A module should consist of 3 – 6 lessons of related material and can be stand-alone or part of a course. All modules include a module description document with a brief description of the module and a list of lessons, labs, and homeworks.

  1. Module description document
    1. Module description paragraph
    2. Learning objectives specific to module
    3. Lessons included in the module
  2. Lesson plans with description of content and context, list of lesson objectives, readings, external resources, and suggested in-class exercises
  3. Presentation slides with speaker notes
  4. Hands-on lab exercises that reinforce concepts taught during the module.
    1. Virtual machines and detailed description of required configuration and setup of VMs and networking
    2. Lab/exercise instructions for course instructor with grading instructions and rubric
    3. Lab exercise document for students, with learning objectives, sufficient instructions for exercise completion and questions to be answered by students

A large exercise is one that could involve dozens to hundreds of virtual machines that represent a large network infrastructure, or multiple smaller VM groupings networked together for a multi-team event. Large exercises are generally conducted over days or weeks and are used in multi-institutional cybersecurity competitions or as capstone exercises outside of normal coursework. Examples of what might be considered large exercises include the following.

  1. Multiple teams, each with its own corporate-style network complete with externally facing services, competing (perhaps in attack/defend style) to attack and/or defend network infrastructure over multiple days. It would also include scoring and assessment infrastructure for proper feedback to participants and observers.
  2. A large, complex network that can be replicated many times where small groups conduct offensive or defensive cybersecurity operations. For example, a large corporate-style network with many types of systems and various vulnerabilities where a penetration testing team tries to find and exfiltrate customer or employee data or intellectual property without being detected or stopped.

Large exercises will include a scenario description to set the stage for the exercise or competition. The scenario should also provide instructions for participants, any rules or limitations on participant activities, and a description of how participants will be assessed during the event. A separate document that covers administrative and technical details should also be provided so that faculty or staff administering the exercise can repeat it consistently and completely. A scoring/assessment infrastructure should be included in the exercise architecture so that teams can be compared against each other, or against a rubric for assessment purposes. Virtual machine images for any VMs used in the exercise and instructions for networking necessary components should also be included.

A small exercise is one that involves a handful of virtual machines networked together to provide an environment for an individual or small team (or multiple teams) to complete over a few hours. In terms of scope, a small exercise might be likened to a capstone laboratory event in a college cybersecurity course. Examples of small exercises could include.

  1. Complete Jeopardy-style capture-the-flag infrastructure with web-based question and scoring system, automated account creation, and several questions in categories like reverse engineering, networking, cryptography, web application vulnerabilities, and system penetration. The system should be extensible to allow for adding and deleting questions over time.
  2. A small network with both a DMZ¹ (demilitarized zone) and a user subnet in which students must install and configure a domain name server, web server, and file server to support user access to resources inside and outside their network, and external access to public resources. An exercise like this might take a small team of students several hours to complete.

Small exercises, like large exercises, should include a scenario description to set the stage for the exercise, detailed instructions for participants, and a separate document for instructors describing how the exercise is administered. A mechanism for scoring/assessment should be included, along with rubrics. Virtual machine images for any VMs used in the exercise and instructions for networking necessary components should also be included.


¹https://en.wikipedia.org/wiki/DMZ_(computing)

One- and two-day courses are intended to be approximately 50% lecture/discussion and 50% hands-on exercises covering a specific cybersecurity topic. Examples could include.

  1. A one day introductory forensics course for intermediate-level college and university students, or experience IT staff. The course could include an introduction to the forensics process, followed by alternating lecture and hands-on exercises on hard drive forensics to include filesystem overviews, Windows registry forensics, basic network forensics, and memory forensics. Such a course should include lecture slides with notes to describe forensics concepts as well as specific tool usage. It should also include a list of required software tools and a virtual machine with the tools installed and configured. Hands-on exercises might be included that involve the analysis of provided hard drive images, memory images, and packet capture files to find specific evidence of compromise or other artifacts. A two-day course might include a capstone event in which students spend two to three hours analyzing digital forensic artifacts to find evidence of a specific system compromise or malware infection.
  2. A two-day introduction to cybersecurity policy and law. Such a course would include existing cybersecurity policy at the national and international level, as well as organizations involved in developing cybersecurity policy, and the evolving regulatory environment. Emerging topics might also be discussed, such as export controls and their impact on the expanding security research community and the potential for private entities to engage in “active defense” of their networks. Legal authorities such as Title 10, Title 18, and Title 50 and their application to cybersecurity policy and law at the national level might also be included. Such a course would include healthy discussion on a variety of topics, and could include hands-on exercises that have students draw on existing law to develop future cybersecurity policy at the local, state, or national level to deal with an emerging cybersecurity issue, such as IoT security, ransomware, or medical device security.

Hands-on exercise intended as a laboratory event to reinforce a specific cybersecurity concept or concepts, normally as part of a specific cybersecurity course. Would normally include one to three virtual machines with software to complete the exercise, along with a scenario description, detailed instructions for participants, separate instructions for course instructors administering the exercise, as well as a grading rubric.

  1. A laboratory event in a college networking or cybersecurity course that has a student examining a series of packet capture files to identify network events and carve files to identify evidence of a network compromise, and to identify a likely culprit through unencrypted message traffic.
  2. Installation, configuration, and use of a security software tool such as a vulnerability scanner. Such an exercise might include brief instructions for installing and configuring a specific vulnerability scanning tool and pointers to sources of assistance for troubleshooting, followed by basic configuration instructions. It could also include a target virtual machine with known vulnerabilities to serve as the target of a vulnerability scan.

Course content to support a full, one semester, 3.0 credit hour (or more) cybersecurity course, with syllabus, individual lesson plans, presentation slides, homeworks and exams, and hands-on labs with necessary documentation. All courses should be broken down in modules so that educators using the content can select them ala carte from various content offerings to build a course or workshop (See the Module content category definition below).

  1. Full course syllabus with, at a minimum, the following sections.
    1. Course description and learning objectives
    2. Prerequisite course list or description of necessary prerequisite knowledge
    3. Required reading material (textbooks, papers, or a combination.
    4. Homework assignments and labs, with brief description of frequency and content
    5. Exam overview with description of coverage
    6. Recommended grading information with breakdown by type of event (homeworks, labs, exams, course participation)
  2. Module descriptions for each of the course modules.
    1. Module description
    2. Learning objectives specific to module
    3. Lessons included in the module
  3. Lesson plans with description of content and context, list of lesson objectives, readings, external resources, and suggested in-class exercises
  4. Presentation slides with speaker notes
  5. Representative home assignments or question pool with answers and grading rubric
  6. Representative mid-term and final exams and/or question pools with answers and grading rubrics
  7. Hands-on lab exercises that reinforce concepts taught during the course. (A rough expectation for number and duration is 5 to 15 exercises or labs at 1 – 6 hours each. If there are fewer labs, the expectation is that each would be longer.
    1. Virtual machines and detailed description of required configuration and setup of VMs and networking
    2. Lab/exercise instructions for course instructor with grading instructions and rubric
    3. Lab exercise document for students, with learning objectives, sufficient instructions for exercise completion and questions to be answered by students

Course content to support a full, one semester, 3.0 credit hour (or more) cybersecurity course, with syllabus, individual lesson plans, presentation slides, homeworks and exams, and hands-on labs. All courses should be broken down in modules so that educators using the content can select them ala carte from various content offerings to build a course or workshop (See the Module content category definition below).

  1. Full course syllabus with, at a minimum, the following sections.
    1. Course description and learning objectives
    2. Prerequisite course list or description of necessary prerequisite knowledge
    3. Required reading material (textbooks, papers, or a combination)
    4. Homework assignments, with brief description of frequency and content
    5. Exam overview with description of coverage
    6. Recommended grading information with breakdown by type of event (homeworks, exams, papers, course participation)
  2. Module descriptions for each of the course modules.
    1. Module description paragraph
    2. Learning objectives specific to module
    3. Lessons included in the module
  3. Lesson plans with description of content and context, list of lesson objectives, readings, external resources, and suggested in-class exercises
  4. Presentation slides with speaker notes
  5. Representative course paper or project description with grading criteria
  6. Representative home assignments or question pool with answers and grading rubric
  7. Representative mid-term and final exam and/or question pools with answers and grading rubrics

* Initial eligibility is limited to faculty at Virginia public colleges and universities with a certification of academic excellence from the federal government. These schools include George Mason University, James Madison University, Lord Fairfax Community College, Longwood University, Norfolk State University, Northern Virginia Community College, Radford University, Tidewater Community College and Virginia Tech.
** Accepted content will generally be licensed under an Attribution-NonCommercial-ShareAlike 4.0 International Creative Commons License. More information on creative commons licensing can be found at https://creativecommons.org.

Example Cybersecurity Topics

  • Introduction to Cybersecurity
  • Secure Network Configuration
  • Network Defense
  • Digital and Network Forensics
  • Reverse Engineering
  • Cryptography
  • Incident Response
  • Penetration Testing
  • Security Data Analytics
  • Mobile Devices and IoT
  • SCADA and Industrial Control Systems
  • Cyber Law and Policy

abstract submission form

For questions, information on potential grant amounts, or to submit a course abstract email content@virginiacyberrange.org.