I’m excited to share an inside view of a newly released open-source training tool, which has become a significant part of our approach to advancing information and computer security training for nuclear security. Developed as a collaboration between the International Atomic Energy Agency (IAEA) and the Austrian Institute of Technology (AIT), ‘Learners’ addresses specific education challenges in information and computer security.

You can obtain a copy freely here: https://github.com/iaeaorg/learners

The Learners interface, focus is on the content rather than the platform.

History of the Project

The beginning of the Learners project is rooted in the challenges brought forth by the COVID-19 pandemic. As the world grappled with unprecedented disruptions, we recognised a need for a resilient and flexible approach to computer security training to ensure our programme could continue to deliver capacity-building outcomes. Traditional in-person sessions where participants would travel internationally for regional or international courses were not viable due to the travel restrictions and quarantine requirements.

While many information and computer security training providers went to virtual delivery during this same time, the cost of these courses was prohibitive to many of the beneficiaries of our training, and there were no available tools to support efficiently deploying a platform for the remote delivery of existing courses. Ultimately, rather than sending participants to courses run by third parties, we needed the ability to train in a hands-on format the concepts within the Nuclear Security Series guidance.

The response was to build on the results of CRP J02008 and initiate a new project specifically designed to facilitate hands-on technical training in a virtual environment. This project, for which I was the IAEA project lead, quickly evolved to be more than just a reaction to a temporary crisis: it was a step forward to build efficiencies into the development and delivery of our courses, being able to normalise an approach to enable sharing and remixing of training material across collaborators, and adapting to and innovating on more modern training approaches to make educational resources more accessible globally.

Overview of Learners Features

The aim was to create a platform that is both practical and easy to navigate, reflecting our core approach. Here is a brief overview of how some of the design criteria were achieved:

1. Open Training Materials: Technologies like Markdown, Hugo, and diagrams.net are used to create course material. As the Markdown syntax was limited, we reviewed our existing training material library and created Hugo shortcodes that allowed all of the advanced layouts we’d previously used in Word document drafted course materials.
2. Multilingual Capability: Multilingual support was integrated to make our training accessible across different linguistic groups. Content files can be prepared in multiple languages using common resources (like images and forms), and the participants can toggle between them.
3. Integration with Cyber Range Environments: The ability to assign users to HTML5 VNC sessions has been embedded, with authentication tokens being proxied from the platform to facilitate practical, hands-on experience in a controlled, simulated environment.
4. Self-Paced Learning and Feedback: Learners generates HTML forms from training materials, and allows participants to have their responses validated upon submission. Enhanced with Venjix, the system can interrogate devices in the cyber range environment and confirm that participants have completed assigned tasks.
5. Real-Time Progress Monitoring: Instructors can dynamically observe participant progress through a specialised admin dashboard. This feature aids in providing immediate support and intervention when necessary boosting engagement and responsiveness.
6. Tailored Learning Experience: A workbook customised to the individual’s role can be provided to each participant. This approach is convenient for training delivered in an exercise format, where each participant in a group is assigned different tasks based on their background. Instructor notes can also be integrated into the same source file, streamlining content management and ensuring consistency across materials
7. Complete Offline Functionality: All tools are engineered to operate fully offline, ensuring that sensitive tools crucial for hands-on computer security training, such as those included in Kali Linux, can be utilized without the risk of exposure to public networks.

The Learners Approach

Accessibility and Scalability

Previously, in developing training material, many potential in-kind contributors needed Microsoft Office or Visio licenses to work on some more technical exercises. The platform was designed to operate with minimal infrastructure requirements and eliminated the need for associated software costs. This strategic approach significantly broadens the tool’s dissemination potential, ensuring that training packages are easily distributed and remixed.

A drawio exercise in Learners. Participants can edit the diagram and the preview will update with their modifications.

Static files are at the heart of our design philosophy with Learners, emphasising plain text to maintain simplicity while allowing for modern version control. We consciously minimised complex database dependencies. The only data stored in a database are participant responses, streamlining the creation of training material. This design choice means that updating or swapping training materials is as straightforward as copying and pasting a folder, greatly simplifying content management, allowing modern version control systems to be used, and enhancing the ease and flexiblity of sharing and iterating on training materials which we affectionately called “copy-paste-remix”.

Pedagogic Considerations

In our endeavour to preserve and enhance the educational effectiveness of our existing training courses, we focused on developing an environment that is both engaging and interactive. Our objective was to create a learning atmosphere that not only disseminates knowledge but also captivates and retains participants’ interest, so we considered several ways to ensure they feel integral to the course:

• Exercise Submissions: Participants need the flexibility to manage their training pace and receive immediate feedback, critical factors in adult learning. We evolved the concept of a personal workbook into a more collaborative format. Submissions are not just personal records on paper but can be automatically validated, are accessible for review and presentation, promoting an environment of shared learning and collective improvement.
• Interactive “Clicker”-Style Questions: Multiple-choice quiz questions can be integrated directly into presentation pages. This approach not only fosters active participation and immediate feedback but delivering it through Learners, which can run entirely offline, allows maintaining this capability for environments lacking internet access or those where tools are available that should remain offline for security reasons, with no need to take a pelican case of physical clickers anymore.
• Integrated Feedback Mechanism: We have implemented a system where participants can provide feedback for each exercise and presentation. This feedback is then accessible to instructors, ensuring that participants have a continuous voice throughout the course and allowing instructors to tailor their approach to their needs and responses in real-time.
• Embedding Tools and Multimedia Elements: Learners can be extended with almost any web-based technology. In our courses, we’ve embedded tools like MITRE’s ATT&CK Navigator, simulations like Asherah for hypothetical scenarios, and created simulated websites for fictional organisations to add to the immersion. These elements enrich the learning experience, providing realistic and practical contextual insights.

Clicker questions can be sent to participants during presentations driving strong engagement.

Technical Design

From a technical perspective, the Learners framework comprises three main components:

• Learners Application: This is the heart of the framework and combines the created content, handles authentication, and provides users with their specific view and feature set while supporting submissions and acting as an interface to other tools.
• Learners Theme: The Learners theme built for Hugo is used to style the exercise content and provide the mentioned shortcodes, but it is also the interface for communication with the Learners application. Rather than running the whole Learners stack, exercises can be generated and previewed directly from Hugo using the theme.
• Course Content: The exercise information, presentations, and documentation are written as Markdown files for Hugo. Various shortcodes are available to extend its functionality and improve its rendered output. Presentations are typically embedded in Learners as PDFs, which can be generated from any source.

This modular design enhances the flexibility and maintainability of the system. We ensured Learners could run on major platforms and provided a flexible Dockerised approach for quickly deploying the environment.

Reflecting on The Development

The development of Learners has been guided by a commitment to strike a balance between technological innovation, pedagogic soundness, and accessibility, particularly in relation to existing training offerings. Personally, I believe it addresses a significant gap in information and computer security education, particularly to the benefit of areas with fewer available training offerings that meet their required levels of specificity.

Furthermore, this initiative responds to the need to broaden the availability of training in nuclear security, placing a strong focus on making access universal across regional, linguistic, and economic barriers. The innovative ‘copy-paste-remix’ approach to the creation and distribution of training materials significantly reduces the initial costs associated with launching new local training programmes worldwide. I really do look forward to seeing how Learners is used outside of the existing course base.