AUTHOR=Nagvekar Priya V. , Das Syaamantak , Iyer Sridhar 

TITLE=Teaching log data analysis in Indian cybersecurity classrooms: a mixed-methods study of pedagogical challenges and learner difficulties

JOURNAL=Frontiers in Education

VOLUME=Volume 10 - 2025

YEAR=2025

URL=https://www.frontiersin.org/journals/education/articles/10.3389/feduc.2025.1676938

DOI=10.3389/feduc.2025.1676938

ISSN=2504-284X

ABSTRACT=IntroductionLog data analysis is a core competency in cybersecurity education, essential for investigating cyberattacks and identifying their root causes. However, teaching and learning this skill present distinct challenges in resource-constrained contexts such as India. Existing pedagogical approaches often fail to address the dual challenge of limited infrastructure and inadequate student preparation, resulting in persistent gaps between instructional intent and learner outcomes. This study aims to examine these gaps from both faculty and learner perspectives to understand systemic and cognitive barriers in cybersecurity education.MethodsA mixed-methods design was adopted to explore pedagogical and cognitive challenges in teaching root cause analysis (RCA) through log data interpretation. First, a survey was administered to cybersecurity faculty members from diverse Indian institutions to identify systemic barriers, including insufficient prerequisite knowledge among students, insufficient infrastructure, and rigid curricula. Complementing this, an empirical study was conducted with undergraduate learners and industry experts. Participants performed RCA on simulated cyberattacks using logfiles and techniques, including the 5 Whys, fault trees, and attack trees. Comparative analysis focused on identifying reasoning patterns and problem-solving strategies across expert and novice groups.ResultsSurvey data revealed consistent concerns among faculty regarding students' inadequate foundational knowledge, infrastructural limitations, and institutional rigidity that constrain pedagogical innovation. In the empirical phase, novice learners exhibited difficulties in technical interpretation, tendencies toward premature analysis termination, and several cognitive biases. In contrast, experts demonstrated structured reasoning, cross-functional integration, and methodical application of RCA techniques, highlighting a pronounced expert-novice divide.DiscussionThe findings indicate a significant misalignment between instructional objectives and students' preparedness, compounded by systemic institutional constraints. These insights underscore the need for curriculum redesign, targeted teaching strategies, and faculty development initiatives to better scaffold students' analytical reasoning in cybersecurity education. The study contributes to improving pedagogical practices in computing education within underrepresented and resource-limited contexts, offering a pathway to bridge the expert-novice divide in log data analysis training.