Bridging the Curricula Gap: Integrating Indicators of Compromise into Cybersecurity Education
摘要
As cyber threats continue to increase in sophistication, robust cyber threat intelligence (CTI) and actionable indicators of compromise (IoCs) are essential for effective organisational defence. In practice, however, security practitioners often contend with generic open-source threat feeds that lack contextual relevance, are subject to publication delays, and generate high volumes of false positives. Despite their demonstrated operational importance, IoCs and applied CTI capabilities remain largely absent from formal cybersecurity curricula, contributing to a persistent shortage of skilled intelligence analysts. This paper addresses the gap between practice and pedagogy by articulating the capabilities required to generate high-confidence, custom threat signatures tailored to sector-specific threat environments. Drawing on a case study within the UK National Health Service, the study demonstrates the production of highly relevant, reliable, and timely IoCs, resulting in the detection of 51 threats, of which 38 were previously unknown. The paper formalises practical workflows into a proposed CTI learning cycle that maps the intelligence lifecycle onto Kolb’s experiential learning theory. In doing so, it extends existing cybersecurity bodies of knowledge by offering a structured, pedagogically grounded framework for the development of essential practitioner capabilities.